Total
34333 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-22353 | 2 Cloudera, Ibm | 3 Data Platform, Big Sql, Cloud Pak For Data | 2024-11-21 | 6.5 Medium |
| IBM Big SQL on IBM Cloud Pak for Data 7.1.0, 7.1.1, 7.2.0, and 7.2.3 could allow an authenticated user with appropriate permissions to obtain sensitive information by bypassing data masking rules using a CREATE TABLE SELECT statement. IBM X-Force ID: 220480. | ||||
| CVE-2022-22351 | 1 Ibm | 2 Aix, Vios | 2024-11-21 | 8.6 High |
| IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged trusted host user to exploit a vulnerability in the nimsh daemon to cause a denial of service in the nimsh daemon on another trusted host. IBM X-Force ID: 220396 | ||||
| CVE-2022-22350 | 1 Ibm | 2 Aix, Vios | 2024-11-21 | 5.5 Medium |
| IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in CAA to cause a denial of service. IBM X-Force ID: 220394. | ||||
| CVE-2022-22334 | 1 Ibm | 1 Robotic Process Automation | 2024-11-21 | 4.3 Medium |
| IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user to access information from a tenant of which they should not have access. IBM X-Force ID: 219391. | ||||
| CVE-2022-22329 | 2 Ibm, Linux | 2 Control Desk, Linux Kernel | 2024-11-21 | 4.3 Medium |
| IBM Control Desk 7.6.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 219124. | ||||
| CVE-2022-22328 | 1 Ibm | 1 Partner Engagement Manager | 2024-11-21 | 6.2 Medium |
| IBM SterlingPartner Engagement Manager 6.2.0 could allow a malicious user to elevate their privileges and perform unintended operations to another users data. IBM X-Force ID: 218871. | ||||
| CVE-2022-22325 | 1 Ibm | 1 Mq For Hpe Nonstop | 2024-11-21 | 5.5 Medium |
| IBM MQ (IBM MQ for HPE NonStop 8.1.0) can inadvertently disclose sensitive information under certain circumstances to a local user from a stack trace. IBM X-Force ID: 218853. | ||||
| CVE-2022-22319 | 2 Ibm, Microsoft | 3 Robotic Process Automation, Robotic Process Automation As A Service, Windows | 2024-11-21 | 5.4 Medium |
| IBM Robotic Process Automation 21.0.1 could allow a register user on the system to physically delete a queue that could cause disruption for any scripts dependent on the queue. IBM X-Force ID: 218366. | ||||
| CVE-2022-22316 | 1 Ibm | 1 Mq Appliance | 2024-11-21 | 6.5 Medium |
| IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service due to incorrectly configured authorization checks. IBM X-Force ID: 218276. | ||||
| CVE-2022-22315 | 1 Ibm | 1 Urbancode Deploy | 2024-11-21 | 8.8 High |
| IBM UrbanCode Deploy (UCD) 7.2.2.1 could allow an authenticated user with special permissions to obtain elevated privileges due to improper handling of permissions. IBM X-Force ID: 217955. | ||||
| CVE-2022-22314 | 1 Ibm | 1 Planning Analytics Workspace | 2024-11-21 | 3.3 Low |
| IBM Planning Analytics Local 2.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 217371. | ||||
| CVE-2022-22310 | 6 Apple, Hp, Ibm and 3 more | 9 Macos, Hp-ux, Aix and 6 more | 2024-11-21 | 6.5 Medium |
| IBM WebSphere Application Server Liberty 21.0.0.10 through 21.0.0.12 could provide weaker than expected security. A remote attacker could exploit this weakness to obtain sensitive information and gain unauthorized access to JAX-WS applications. IBM X-Force ID: 217224. | ||||
| CVE-2022-22292 | 1 Google | 1 Android | 2024-11-21 | 7.1 High |
| Unprotected dynamic receiver in Telecom prior to SMR Feb-2022 Release 1 allows untrusted applications to launch arbitrary activity. | ||||
| CVE-2022-22275 | 1 Sonicwall | 53 Nsa 2650, Nsa 2700, Nsa 3650 and 50 more | 2024-11-21 | 7.5 High |
| Improper Restriction of TCP Communication Channel in HTTP/S inbound traffic from WAN to DMZ bypassing security policy until TCP handshake potentially resulting in Denial of Service (DoS) attack if a target host is vulnerable. | ||||
| CVE-2022-22261 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services. | ||||
| CVE-2022-22258 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 9.8 Critical |
| The Wi-Fi module has an event notification vulnerability.Successful exploitation of this vulnerability may allow third-party applications to intercept event notifications and add information and result in elevation-of-privilege. | ||||
| CVE-2022-22256 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 7.5 High |
| The DFX module has an access control vulnerability.Successful exploitation of this vulnerability may affect data confidentiality. | ||||
| CVE-2022-22255 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| The application framework has a common DoS vulnerability.Successful exploitation of this vulnerability may affect the availability. | ||||
| CVE-2022-22254 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 7.5 High |
| A permission bypass vulnerability exists when the NFC CAs access the TEE.Successful exploitation of this vulnerability may affect data confidentiality. | ||||
| CVE-2022-22159 | 1 Juniper | 1 Junos | 2024-11-21 | 7.5 High |
| A vulnerability in the NETISR network queue functionality of Juniper Networks Junos OS kernel allows an attacker to cause a Denial of Service (DoS) by sending crafted genuine packets to a device. During an attack, the routing protocol daemon (rpd) CPU may reach 100% utilization, yet FPC CPUs forwarding traffic will operate normally. This attack occurs when the attackers' packets are sent over an IPv4 unicast routing equal-cost multi-path (ECMP) unilist selection. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. An indicator of compromise may be to monitor NETISR drops in the network with the assistance of JTAC. Please contact JTAC for technical support for further guidance. This issue affects: Juniper Networks Junos OS 17.3 version 17.3R3-S9 and later versions prior to 17.3R3-S12; 17.4 version 17.4R3-S3 and later versions prior to 17.4R3-S5; 18.1 version 18.1R3-S11 and later versions prior to 18.1R3-S13; 18.2 version 18.2R3-S6 and later versions; 18.3 version 18.3R3-S4 and later versions prior to 18.3R3-S5; 18.4 version 18.4R3-S5 and later versions prior to 18.4R3-S9; 19.1 version 19.1R3-S3 and later versions prior to 19.1R3-S7. This issue does not affect Juniper Networks Junos OS versions prior to 17.3R3-S9. This issue does not affect Juniper Networks Junos OS Evolved. | ||||