Search Results (363853 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-31680 1 Vmware 1 Vcenter Server 2024-11-21 9.1 Critical
The vCenter Server contains an unsafe deserialisation vulnerability in the PSC (Platform services controller). A malicious actor with admin access on vCenter server may exploit this issue to execute arbitrary code on the underlying operating system that hosts the vCenter Server.
CVE-2022-31677 1 Vmware 1 Pinniped 2024-11-21 5.4 Medium
An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor (before v0.19.0). A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially use their access token to continue their session beyond what proper use of their refresh token might allow.
CVE-2022-31676 7 Debian, Fedoraproject, Linux and 4 more 9 Debian Linux, Fedora, Linux Kernel and 6 more 2024-11-21 7.8 High
VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine.
CVE-2022-31675 1 Vmware 1 Vrealize Operations 2024-11-21 7.5 High
VMware vRealize Operations contains an authentication bypass vulnerability. An unauthenticated malicious actor with network access may be able to create a user with administrative privileges.
CVE-2022-31673 1 Vmware 1 Vrealize Operations 2024-11-21 8.8 High
VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can create and leak hex dumps, leading to information disclosure. Successful exploitation can lead to a remote code execution.
CVE-2022-31665 3 Linux, Microsoft, Vmware 5 Linux Kernel, Windows, Identity Manager and 2 more 2024-11-21 7.2 High
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution.
CVE-2022-31664 3 Linux, Microsoft, Vmware 6 Linux Kernel, Windows, Access Connector and 3 more 2024-11-21 7.8 High
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.
CVE-2022-31663 3 Linux, Microsoft, Vmware 6 Linux Kernel, Windows, Access Connector and 3 more 2024-11-21 6.1 Medium
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's window.
CVE-2022-31662 3 Linux, Microsoft, Vmware 6 Linux Kernel, Windows, Access Connector and 3 more 2024-11-21 7.5 High
VMware Workspace ONE Access, Identity Manager, Connectors and vRealize Automation contain a path traversal vulnerability. A malicious actor with network access may be able to access arbitrary files.
CVE-2022-31661 3 Linux, Microsoft, Vmware 6 Linux Kernel, Windows, Access Connector and 3 more 2024-11-21 7.8 High
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two privilege escalation vulnerabilities. A malicious actor with local access can escalate privileges to 'root'.
CVE-2022-31660 3 Linux, Microsoft, Vmware 6 Linux Kernel, Windows, Access Connector and 3 more 2024-11-21 7.8 High
VMware Workspace ONE Access, Identity Manager and vRealize Automation contains a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.
CVE-2022-31659 3 Linux, Microsoft, Vmware 6 Linux Kernel, Windows, Access Connector and 3 more 2024-11-21 7.2 High
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution.
CVE-2022-31658 3 Linux, Microsoft, Vmware 6 Linux Kernel, Windows, Access Connector and 3 more 2024-11-21 7.2 High
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution.
CVE-2022-31657 3 Linux, Microsoft, Vmware 6 Linux Kernel, Windows, Access Connector and 3 more 2024-11-21 9.8 Critical
VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability. A malicious actor with network access may be able to redirect an authenticated user to an arbitrary domain.
CVE-2022-31656 3 Linux, Microsoft, Vmware 6 Linux Kernel, Windows, Access Connector and 3 more 2024-11-21 9.8 Critical
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.
CVE-2022-31655 1 Vmware 1 Vrealize Log Insight 2024-11-21 5.4 Medium
VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in alerts.
CVE-2022-31654 1 Vmware 1 Vrealize Log Insight 2024-11-21 5.4 Medium
VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in configurations.
CVE-2022-31649 1 Owncloud 1 Owncloud 2024-11-21 7.5 High
ownCloud owncloud/core before 10.10.0 Improperly Removes Sensitive Information Before Storage or Transfer.
CVE-2022-31648 1 Talend 1 Administration Center 2024-11-21 6.1 Medium
Talend Administration Center is vulnerable to a reflected Cross-Site Scripting (XSS) issue in the SSO login endpoint. The issue is fixed for versions 8.0.x in TPS-5233, for versions 7.3.x in TPS-5324, and for versions 7.2.x in TPS-5235. Earlier versions of Talend Administration Center may also be impacted; users are encouraged to update to a supported version.
CVE-2022-31630 2 Php, Redhat 2 Php, Enterprise Linux 2024-11-21 6.5 Medium
In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information.