• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2022-22958
2022-04-21
N/A
7.2 HIGH
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution.
CVE-2022-22957
Linux, Linux Kernel
Acrn, Audit, Dhcp6c, Direct_connect, Infiniband_hfi1_driver, Ipsec_tools_racoon_daemon, Kernel, Layer_2_tunneling_protocol, Linux_kernel, Linux_kernel_i40e/i40evf
2022-04-21
N/A
7.2 HIGH
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution.
CVE-2022-22956
Linux, Linux Kernel
Acrn, Audit, Dhcp6c, Direct_connect, Infiniband_hfi1_driver, Ipsec_tools_racoon_daemon, Kernel, Layer_2_tunneling_protocol, Linux_kernel, Linux_kernel_i40e/i40evf
2022-04-21
N/A
9.8 CRITICAL
VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework.
CVE-2022-22955
Linux, Linux Kernel
Acrn, Audit, Dhcp6c, Direct_connect, Infiniband_hfi1_driver, Ipsec_tools_racoon_daemon, Kernel, Layer_2_tunneling_protocol, Linux_kernel, Linux_kernel_i40e/i40evf
2022-04-21
N/A
9.8 CRITICAL
VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework.
CVE-2022-22954
2022-09-09
N/A
9.8 CRITICAL
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.
CVE-2022-22953
2022-06-27
N/A
6.5 MEDIUM
VMware HCX update addresses an information disclosure vulnerability. A malicious actor with network user access to the VMware HCX appliance may be able to gain access to sensitive information.
CVE-2022-22952
2022-03-31
N/A
9.1 CRITICAL
VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x prior to 8.6.6, 8.7.x prior to 8.7.4 and 8.8.x prior to 8.8.2) contains a file upload vulnerability. A malicious actor with administrative access to the VMware App Control administration interface may be able to execute code on the Windows instance where AppC Server is installed by uploading a specially crafted file.
CVE-2022-22951
2022-03-29
N/A
9.1 CRITICAL
VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x prior to 8.6.6, 8.7.x prior to 8.7.4 and 8.8.x prior to 8.8.2) contains an OS command injection vulnerability. An authenticated, high privileged malicious actor with network access to the VMware App Control administration interface may be able to execute commands on the server due to improper input validation leading to remote code execution.
CVE-2022-22950
2022-06-22
N/A
6.5 MEDIUM
n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.
CVE-2022-2295
Extra Packages For Enterprise Linux, Fedoraproject
389_administration_server, 389_directory_server, Anaconda, Arm_installer, Atomic, Commons, Coolkey, Crypto-utils, Dracut, Extra_packages_for_enterprise_linux
2022-10-26
N/A
8.8 HIGH
Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
« Previous 1 … 10,629 10,630 10,631 10,632 10,633 … 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE