A remote code execution (RCE) vulnerability in the Template Management function of MCMS v5.2.4 allows attackers to execute arbitrary code via a crafted payload.
NVD-CWE-noinfo
CVE-2022-22938
VMware Workstation (16.x prior to 16.2.2) and Horizon Client for Windows (5.x prior to 5.5.3) contains a denial-of-service vulnerability in the Cortado ThinPrint component. The issue exists in TrueType font parser. A malicious actor with access to a virtual machine or remote desktop may exploit this issue to trigger a denial-of-service condition in the Thinprint service running on the host machine where VMware Workstation or Horizon Client for Windows is installed.
CVE-2022-22964
VMware Horizon Agent for Linux (prior to 22.x) contains a local privilege escalation that allows a user to escalate to root due to a vulnerable configuration file.
CVE-2022-22966
An authenticated, high privileged malicious actor with network access to the VMware Cloud Director tenant or provider may be able to exploit a remote code execution vulnerability to gain access to the server.
CVE-2022-2281
An information disclosure vulnerability in GitLab EE affecting all versions from 12.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows disclosure of release titles if group milestones are associated with any project releases.
CVE-2022-22817
PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used,