| CVE-2022-35780 | Azure Site Recovery Elevation of Privilege Vulnerability | medium |
| CVE-2022-35779 | Azure RTOS GUIX Studio Remote Code Execution Vulnerability | high |
| CVE-2022-35777 | Visual Studio Remote Code Execution Vulnerability | high |
| CVE-2022-35776 | Azure Site Recovery Denial of Service Vulnerability | medium |
| CVE-2022-35775 | Azure Site Recovery Elevation of Privilege Vulnerability | medium |
| CVE-2022-35774 | Azure Site Recovery Elevation of Privilege Vulnerability | medium |
| CVE-2022-35773 | Azure RTOS GUIX Studio Remote Code Execution Vulnerability | high |
| CVE-2022-35772 | Azure Site Recovery Remote Code Execution Vulnerability | high |
| CVE-2022-35771 | Windows Defender Credential Guard Elevation of Privilege Vulnerability | high |
| CVE-2022-35769 | Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability | high |
| CVE-2022-35768 | Windows Kernel Elevation of Privilege Vulnerability | high |
| CVE-2022-35767 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | high |
| CVE-2022-35766 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | high |
| CVE-2022-35765 | Storage Spaces Direct Elevation of Privilege Vulnerability | high |
| CVE-2022-35764 | Storage Spaces Direct Elevation of Privilege Vulnerability | high |
| CVE-2022-35763 | Storage Spaces Direct Elevation of Privilege Vulnerability | high |
| CVE-2022-35762 | Storage Spaces Direct Elevation of Privilege Vulnerability | high |
| CVE-2022-35761 | Windows Kernel Elevation of Privilege Vulnerability | high |
| CVE-2022-35196 | TestLink v1.9.20 was discovered to contain a Cross-Site Request Forgery (CSRF) via /lib/plan/planView.php. | high |
| CVE-2022-35068 | OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e420d. | medium |
| CVE-2022-35067 | OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e41b0. | medium |
| CVE-2022-35066 | OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e41b8. | medium |
| CVE-2022-35065 | OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x65f724. | medium |
| CVE-2022-35064 | OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x4adcdb in __asan_memset. | medium |
| CVE-2022-35063 | OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e41a8. | medium |
| CVE-2022-35062 | OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c0bc3. | medium |
| CVE-2022-35061 | OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e412a. | medium |
| CVE-2022-35060 | OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c0a32. | medium |
| CVE-2022-34917 | A security vulnerability has been identified in Apache Kafka. It affects all releases since 2.8.0. The vulnerability allows malicious unauthenticated clients to allocate large amounts of memory on brokers. This can lead to brokers hitting OutOfMemoryException and causing denial of service. Example scenarios: - Kafka cluster without authentication: Any clients able to establish a network connection to a broker can trigger the issue. - Kafka cluster with SASL authentication: Any clients able to establish a network connection to a broker, without the need for valid SASL credentials, can trigger the issue. - Kafka cluster with TLS authentication: Only clients able to successfully authenticate via TLS can trigger the issue. We advise the users to upgrade the Kafka installations to one of the 3.2.3, 3.1.2, 3.0.2, 2.8.2 versions. | high |
| CVE-2022-34716 | .NET Spoofing Vulnerability | medium |
| CVE-2022-34715 | Windows Network File System Remote Code Execution Vulnerability | critical |
| CVE-2022-34714 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | high |
| CVE-2022-34712 | Windows Defender Credential Guard Information Disclosure Vulnerability | medium |
| CVE-2022-34710 | Windows Defender Credential Guard Information Disclosure Vulnerability | medium |
| CVE-2022-34709 | Windows Defender Credential Guard Security Feature Bypass Vulnerability | medium |
| CVE-2022-34708 | Windows Kernel Information Disclosure Vulnerability | medium |
| CVE-2022-32911 | The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An app may be able to execute arbitrary code with kernel privileges. | high |
| CVE-2022-32908 | A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. A user may be able to elevate privileges. | high |
| CVE-2022-32886 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code execution. | high |
| CVE-2022-32883 | A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An app may be able to read sensitive location information. | medium |
| CVE-2022-32857 | This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina, iOS 15.6 and iPadOS 15.6, tvOS 15.6, watchOS 8.7. A user in a privileged network position can track a user’s activity. | medium |
| CVE-2022-32840 | This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.5, watchOS 8.7, iOS 15.6 and iPadOS 15.6. An app may be able to execute arbitrary code with kernel privileges. | high |
| CVE-2022-32839 | The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina, iOS 15.6 and iPadOS 15.6, tvOS 15.6, watchOS 8.7. A remote user may cause an unexpected app termination or arbitrary code execution. | critical |
| CVE-2022-32838 | A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina, iOS 15.6 and iPadOS 15.6. An app may be able to read arbitrary files. | medium |
| CVE-2022-32837 | This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.5, tvOS 15.6, iOS 15.6 and iPadOS 15.6. An app may be able to cause unexpected system termination or write kernel memory. | high |
| CVE-2022-32834 | An access issue was addressed with improvements to the sandbox. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina. An app may be able to access sensitive user information. | medium |
| CVE-2022-32813 | The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina, iOS 15.6 and iPadOS 15.6, tvOS 15.6, watchOS 8.7. An app with root privileges may be able to execute arbitrary code with kernel privileges. | high |
| CVE-2022-32812 | The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina. An app may be able to execute arbitrary code with kernel privileges. | high |
| CVE-2022-32811 | A memory corruption vulnerability was addressed with improved locking. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina. An app may be able to execute arbitrary code with kernel privileges. | high |
| CVE-2022-2995 | Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container. | high |
