Total
5261 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-34206 | 1 Jenkins | 1 Jianliao Notification | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers with Overall/Read permission to send HTTP POST requests to an attacker-specified URL. | ||||
| CVE-2022-34204 | 1 Jenkins | 1 Easyqa | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins EasyQA Plugin 1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server. | ||||
| CVE-2022-34201 | 1 Jenkins | 1 Convertigo Mobile Platform | 2024-11-21 | 6.5 Medium |
| A missing permission check in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. | ||||
| CVE-2022-33913 | 1 Mahara | 1 Mahara | 2024-11-21 | 7.5 High |
| In Mahara 21.04 before 21.04.6, 21.10 before 21.10.4, and 22.04.2, files can sometimes be downloaded through thumb.php with no permission check. | ||||
| CVE-2022-32560 | 1 Couchbase | 1 Couchbase Server | 2024-11-21 | 7.5 High |
| An issue was discovered in Couchbase Server before 7.0.4. XDCR lacks role checking when changing internal settings. | ||||
| CVE-2022-31752 | 1 Huawei | 2 Emui, Magic Ui | 2024-11-21 | 5.5 Medium |
| Missing authorization vulnerability in the system components. Successful exploitation of this vulnerability will affect confidentiality. | ||||
| CVE-2022-31597 | 1 Sap | 2 S\/4hana, Sapscore | 2024-11-21 | 5.4 Medium |
| Within SAP S/4HANA - versions S4CORE 101, 102, 103, 104, 105, 106, SAPSCORE 127, the application business partner extension for Spain/Slovakia does not perform necessary authorization checks for a low privileged authenticated user over the network, resulting in escalation of privileges leading to low impact on confidentiality and integrity of the data. | ||||
| CVE-2022-31595 | 1 Sap | 1 Adaptive Server Enterprise | 2024-11-21 | 8.8 High |
| SAP Financial Consolidation - version 1010,�does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | ||||
| CVE-2022-31592 | 1 Sap | 1 Enterprise Extension Defense Forces \& Public Security | 2024-11-21 | 4.3 Medium |
| The application SAP Enterprise Extension Defense Forces & Public Security - versions 605, 606, 616,617,618, 802, 803, 804, 805, 806, does not perform necessary authorization checks for an authenticated user over the network, resulting in escalation of privileges leading to a limited impact on confidentiality. | ||||
| CVE-2022-30959 | 1 Jenkins | 1 Ssh | 2024-11-21 | 6.5 Medium |
| A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2022-30957 | 1 Jenkins | 1 Ssh | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | ||||
| CVE-2022-30955 | 1 Jenkins | 1 Gitlab | 2024-11-21 | 6.5 Medium |
| Jenkins GitLab Plugin 1.5.31 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | ||||
| CVE-2022-30954 | 2 Jenkins, Redhat | 3 Blue Ocean, Ocp Tools, Openshift | 2024-11-21 | 6.5 Medium |
| Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server. | ||||
| CVE-2022-30951 | 1 Jenkins | 1 Wmi Windows Agents | 2024-11-21 | 8.8 High |
| Jenkins WMI Windows Agents Plugin 1.8 and earlier includes the Windows Remote Command library does not implement access control, potentially allowing users to start processes even if they're not allowed to log in. | ||||
| CVE-2022-30746 | 1 Samsung | 1 Smartthings | 2024-11-21 | 7.5 High |
| Missing caller check in Smart Things prior to version 1.7.85.12 allows attacker to access senstive information remotely using javascript interface API. | ||||
| CVE-2022-30731 | 1 Samsung | 1 My Files | 2024-11-21 | 5.1 Medium |
| Improper access control vulnerability in My Files prior to version 13.1.00.193 allows attackers to access arbitrary private files in My Files application. | ||||
| CVE-2022-30594 | 4 Debian, Linux, Netapp and 1 more | 24 Debian Linux, Linux Kernel, 8300 and 21 more | 2024-11-21 | 7.8 High |
| The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. | ||||
| CVE-2022-2732 | 1 Open-emr | 1 Openemr | 2024-11-21 | 8.3 High |
| Missing Authorization in GitHub repository openemr/openemr prior to 7.0.0.1. | ||||
| CVE-2022-2657 | 1 Wc-marketplace | 1 Multivendor Marketplace Solution For Woocommerce - Wc Marketplace | 2024-11-21 | 4.3 Medium |
| The Multivendor Marketplace Solution for WooCommerce WordPress plugin before 3.8.12 is lacking authorisation and CSRF in multiple AJAX actions, which could allow any authenticated users, such as subscriber to call them and suspend vendors (reporter by the submitter) or update arbitrary order status (identified by WPScan when verifying the issue) for example. Other unauthenticated attacks are also possible, either directly or via CSRF | ||||
| CVE-2022-2552 | 1 Snapcreek | 1 Duplicator | 2024-11-21 | 5.3 Medium |
| The Duplicator WordPress plugin before 1.4.7 does not authenticate or authorize visitors before displaying information about the system such as server software, php version and full file system path to the site. | ||||