Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-2309 | 1 Oracle | 1 Vm Virtualbox | 2022-09-22 | 4.4 MEDIUM | 7.5 HIGH |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). | |||||
| CVE-2022-26696 | 1 Apple | 1 Macos | 2022-09-22 | N/A | 8.8 HIGH |
| This issue was addressed with improved environment sanitization. This issue is fixed in macOS Monterey 12.4. A sandboxed process may be able to circumvent sandbox restrictions. | |||||
| CVE-2022-31679 | 1 Vmware | 1 Spring Data Rest | 2022-09-22 | N/A | 3.7 LOW |
| Applications that allow HTTP PATCH access to resources exposed by Spring Data REST in versions 3.6.0 - 3.5.5, 3.7.0 - 3.7.2, and older unsupported versions, if an attacker knows about the structure of the underlying domain model, they can craft HTTP requests that expose hidden entity attributes. | |||||
| CVE-2022-30211 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-09-22 | 6.0 MEDIUM | 7.5 HIGH |
| Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability. | |||||
| CVE-2022-33658 | 1 Microsoft | 1 Azure Site Recovery Vmware To Azure | 2022-09-22 | 3.5 LOW | 4.4 MEDIUM |
| Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30181, CVE-2022-33641, CVE-2022-33642, CVE-2022-33643, CVE-2022-33650, CVE-2022-33651, CVE-2022-33652, CVE-2022-33653, CVE-2022-33654, CVE-2022-33655, CVE-2022-33656, CVE-2022-33657, CVE-2022-33659, CVE-2022-33660, CVE-2022-33661, CVE-2022-33662, CVE-2022-33663, CVE-2022-33664, CVE-2022-33665, CVE-2022-33666, CVE-2022-33667, CVE-2022-33668, CVE-2022-33669, CVE-2022-33671, CVE-2022-33672, CVE-2022-33673, CVE-2022-33674, CVE-2022-33675, CVE-2022-33677. | |||||
| CVE-2022-33652 | 1 Microsoft | 1 Azure Site Recovery Vmware To Azure | 2022-09-22 | 3.5 LOW | 4.4 MEDIUM |
| Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30181, CVE-2022-33641, CVE-2022-33642, CVE-2022-33643, CVE-2022-33650, CVE-2022-33651, CVE-2022-33653, CVE-2022-33654, CVE-2022-33655, CVE-2022-33656, CVE-2022-33657, CVE-2022-33658, CVE-2022-33659, CVE-2022-33660, CVE-2022-33661, CVE-2022-33662, CVE-2022-33663, CVE-2022-33664, CVE-2022-33665, CVE-2022-33666, CVE-2022-33667, CVE-2022-33668, CVE-2022-33669, CVE-2022-33671, CVE-2022-33672, CVE-2022-33673, CVE-2022-33674, CVE-2022-33675, CVE-2022-33677. | |||||
| CVE-2022-21980 | 1 Microsoft | 1 Exchange Server | 2022-09-22 | N/A | 8.0 HIGH |
| Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24477, CVE-2022-24516. | |||||
| CVE-2022-21979 | 1 Microsoft | 1 Exchange Server | 2022-09-22 | N/A | 5.7 MEDIUM |
| Microsoft Exchange Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-30134, CVE-2022-34692. | |||||
| CVE-2022-37027 | 1 Ahsay | 1 Cloud Backup Suite | 2022-09-22 | N/A | 7.2 HIGH |
| Ahsay AhsayCBS 9.1.4.0 allows an authenticated system user to inject arbitrary Java JVM options. Administrators that can modify the Runtime Options in the web interface can inject Java Runtime Options. These take effect after a restart. For example, an attacker can enable JMX services and consequently achieve remote code execution as the system user. | |||||
| CVE-2022-24477 | 1 Microsoft | 1 Exchange Server | 2022-09-22 | N/A | 8.0 HIGH |
| Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21980, CVE-2022-24516. | |||||
| CVE-2022-24516 | 1 Microsoft | 1 Exchange Server | 2022-09-22 | N/A | 8.0 HIGH |
| Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21980, CVE-2022-24477. | |||||
| CVE-2022-30139 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2022-09-22 | 6.0 MEDIUM | 7.5 HIGH |
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30141, CVE-2022-30143, CVE-2022-30146, CVE-2022-30149, CVE-2022-30153, CVE-2022-30161. | |||||
| CVE-2022-30174 | 1 Microsoft | 2 365 Apps, Office Long Term Servicing Channel | 2022-09-22 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Office Remote Code Execution Vulnerability. | |||||
| CVE-2022-30142 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-09-22 | 7.6 HIGH | 7.5 HIGH |
| Windows File History Remote Code Execution Vulnerability. | |||||
| CVE-2022-30140 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-09-22 | 5.1 MEDIUM | 7.5 HIGH |
| Windows iSCSI Discovery Service Remote Code Execution Vulnerability. | |||||
| CVE-2022-32802 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2022-09-22 | N/A | 7.8 HIGH |
| A logic issue was addressed with improved checks. This issue is fixed in iOS 15.6 and iPadOS 15.6, tvOS 15.6, macOS Monterey 12.5. Processing a maliciously crafted file may lead to arbitrary code execution. | |||||
| CVE-2022-32861 | 1 Apple | 2 Macos, Safari | 2022-09-22 | N/A | 5.3 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in Safari 15.6, macOS Monterey 12.5. A user may be tracked through their IP address. | |||||
| CVE-2022-30134 | 1 Microsoft | 1 Exchange Server | 2022-09-22 | N/A | 4.3 MEDIUM |
| Microsoft Exchange Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-21979, CVE-2022-34692. | |||||
| CVE-2022-32880 | 1 Apple | 1 Macos | 2022-09-22 | N/A | 6.5 MEDIUM |
| This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.5. An app may be able to access user-sensitive data. | |||||
| CVE-2022-32882 | 1 Apple | 1 Macos | 2022-09-22 | N/A | 9.8 CRITICAL |
| This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to bypass Privacy preferences. | |||||