Total
6504 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-34235 | 3 Adobe, Apple, Microsoft | 3 Premiere Elements, Macos, Windows | 2022-08-12 | N/A | 7.8 HIGH |
| Adobe Premiere Elements version 2020v20 (and earlier) is affected by an Uncontrolled Search Path Element which could lead to Privilege Escalation. An attacker could leverage this vulnerability to obtain admin using an existing low-privileged user. Exploitation of this issue does not require user interaction. | |||||
| CVE-2022-35715 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2022-08-12 | N/A | 7.5 HIGH |
| IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system. IBM X-Force ID: 231202. | |||||
| CVE-2022-35280 | 2 Ibm, Microsoft | 2 Robotic Process Automation For Cloud Pak, Windows | 2022-08-12 | N/A | 9.8 CRITICAL |
| IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 230634. | |||||
| CVE-2022-22490 | 2 Ibm, Microsoft | 4 Robotic Process Automation, Robotic Process Automation As A Service, Robotic Process Automation For Cloud Pak and 1 more | 2022-08-12 | N/A | 4.9 MEDIUM |
| IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to obtain sensitive Azure bot credential information. IBM X-Force ID: 226342. | |||||
| CVE-2022-28881 | 3 Apple, F-secure, Microsoft | 10 Macos, Atlant, Cloud Protection For Salesforce and 7 more | 2022-08-12 | N/A | 7.5 HIGH |
| A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the aerdl.dll component used in certain WithSecure products unpacker function crashes which leads to scanning engine crash. The exploit can be triggered remotely by an attacker. | |||||
| CVE-2020-0601 | 2 Golang, Microsoft | 5 Go, Windows, Windows 10 and 2 more | 2022-08-12 | 5.8 MEDIUM | 8.1 HIGH |
| A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'. | |||||
| CVE-2021-28966 | 2 Microsoft, Ruby-lang | 2 Windows, Ruby | 2022-08-12 | 5.0 MEDIUM | 7.5 HIGH |
| In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir. | |||||
| CVE-2022-31665 | 3 Linux, Microsoft, Vmware | 5 Linux Kernel, Windows, Identity Manager and 2 more | 2022-08-11 | N/A | 7.2 HIGH |
| VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution. | |||||
| CVE-2022-31663 | 3 Linux, Microsoft, Vmware | 6 Linux Kernel, Windows, Access Connector and 3 more | 2022-08-11 | N/A | 6.1 MEDIUM |
| VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's window. | |||||
| CVE-2022-31664 | 3 Linux, Microsoft, Vmware | 6 Linux Kernel, Windows, Access Connector and 3 more | 2022-08-11 | N/A | 7.8 HIGH |
| VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'. | |||||
| CVE-2022-31662 | 3 Linux, Microsoft, Vmware | 6 Linux Kernel, Windows, Access Connector and 3 more | 2022-08-11 | N/A | 7.5 HIGH |
| VMware Workspace ONE Access, Identity Manager, Connectors and vRealize Automation contain a path traversal vulnerability. A malicious actor with network access may be able to access arbitrary files. | |||||
| CVE-2022-31661 | 3 Linux, Microsoft, Vmware | 6 Linux Kernel, Windows, Access Connector and 3 more | 2022-08-11 | N/A | 7.8 HIGH |
| VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two privilege escalation vulnerabilities. A malicious actor with local access can escalate privileges to 'root'. | |||||
| CVE-2022-31660 | 3 Linux, Microsoft, Vmware | 6 Linux Kernel, Windows, Access Connector and 3 more | 2022-08-11 | N/A | 7.8 HIGH |
| VMware Workspace ONE Access, Identity Manager and vRealize Automation contains a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'. | |||||
| CVE-2022-31659 | 3 Linux, Microsoft, Vmware | 6 Linux Kernel, Windows, Access Connector and 3 more | 2022-08-11 | N/A | 7.2 HIGH |
| VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution. | |||||
| CVE-2022-31658 | 3 Linux, Microsoft, Vmware | 6 Linux Kernel, Windows, Access Connector and 3 more | 2022-08-11 | N/A | 7.2 HIGH |
| VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution. | |||||
| CVE-2022-31657 | 3 Linux, Microsoft, Vmware | 6 Linux Kernel, Windows, Access Connector and 3 more | 2022-08-11 | N/A | 9.8 CRITICAL |
| VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability. A malicious actor with network access may be able to redirect an authenticated user to an arbitrary domain. | |||||
| CVE-2022-31656 | 3 Linux, Microsoft, Vmware | 6 Linux Kernel, Windows, Access Connector and 3 more | 2022-08-11 | N/A | 9.8 CRITICAL |
| VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate. | |||||
| CVE-2022-26979 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2022-08-10 | N/A | 7.5 HIGH |
| Foxit PDF Reader before 12.0.1 and PDF Editor before 12.0.1 allow a NULL pointer dereference when this.Span is used for oState of Collab.addStateModel, because this.Span.text can be NULL. | |||||
| CVE-2022-27944 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2022-08-10 | N/A | 7.5 HIGH |
| Foxit PDF Reader before 12.0.1 and PDF Editor before 12.0.1 allow an exportXFAData NULL pointer dereference. | |||||
| CVE-2022-35219 | 2 Microsoft, Nhi | 2 Windows, Health Insurance Web Service Component | 2022-08-10 | N/A | 5.5 MEDIUM |
| The NHI card’s web service component has a stack-based buffer overflow vulnerability due to insufficient validation for network packet key parameter. A LAN attacker with general user privilege can exploit this vulnerability to disrupt service. | |||||