Total
5252 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-2369 | 1 Yaycommerce | 1 Yaysmtp | 2024-11-21 | 4.3 Medium |
| The YaySMTP WordPress plugin before 2.2.1 does not have capability check in an AJAX action, allowing any logged in users, such as subscriber to view the Logs of the plugin | ||||
| CVE-2022-2350 | 1 Brainvire | 1 Disable User Login | 2024-11-21 | 5.3 Medium |
| The Disable User Login WordPress plugin through 1.0.1 does not have authorisation and CSRF checks when updating its settings, allowing unauthenticated attackers to block (or unblock) users at will. | ||||
| CVE-2022-2276 | 1 Wp Edit Menu Project | 1 Wp Edit Menu | 2024-11-21 | 4.3 Medium |
| The WP Edit Menu WordPress plugin before 1.5.0 does not have authorisation and CSRF in an AJAX action, which could allow unauthenticated attackers to delete arbitrary posts/pages from the blog | ||||
| CVE-2022-29906 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 9.8 Critical |
| The admin API module in the QuizGame extension for MediaWiki through 1.37.2 (before 665e33a68f6fa1167df99c0aa18ed0157cdf9f66) omits a check for the quizadmin user. | ||||
| CVE-2022-29611 | 1 Sap | 1 Netweaver Application Server Abap | 2024-11-21 | 8.8 High |
| SAP NetWeaver Application Server for ABAP and ABAP Platform do not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | ||||
| CVE-2022-29051 | 1 Jenkins | 1 Publish Over Ftp | 2024-11-21 | 4.3 Medium |
| Missing permission checks in Jenkins Publish Over FTP Plugin 1.16 and earlier allow attackers with Overall/Read permission to connect to an FTP server using attacker-specified credentials. | ||||
| CVE-2022-28993 | 1 Bdtask | 1 Multi Store Inventory Management System | 2024-11-21 | 9.8 Critical |
| Multi Store Inventory Management System v1.0 allows attackers to perform an account takeover via a crafted POST request. | ||||
| CVE-2022-28866 | 1 Nokia | 1 Airframe Bmc Web Gui R18 Firmware | 2024-11-21 | 8.8 High |
| Multiple Improper Access Control was discovered in Nokia AirFrame BMC Web GUI < R18 Firmware v4.13.00. It does not properly validate requests for access to (or editing of) data and functionality in all endpoints under /#settings/* and /api/settings/*. By not verifying the permissions for access to resources, it allows a potential attacker to view pages, with sensitive data, that are not allowed, and modify system configurations also causing DoS, which should be accessed only by user with administration profile, bypassing all controls (without checking for user identity). | ||||
| CVE-2022-28789 | 1 Samsung | 1 Voice Note | 2024-11-21 | 6.2 Medium |
| Unprotected activities in Voice Note prior to version 21.3.51.11 allows attackers to record voice without user interaction. The patch adds proper permission for vulnerable activities. | ||||
| CVE-2022-28158 | 1 Jenkins | 1 Pipeline\ | 2024-11-21 | 6.5 Medium |
| A missing permission check in Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | ||||
| CVE-2022-28151 | 1 Jenkins | 1 Job And Node Ownership | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers with Item/Read permission to change the owners and item-specific permissions of a job. | ||||
| CVE-2022-28147 | 1 Jenkins | 1 Continuous Integration With Toad Edge | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. | ||||
| CVE-2022-28144 | 1 Jenkins | 1 Proxmox | 2024-11-21 | 6.5 Medium |
| Jenkins Proxmox Plugin 0.7.0 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified host using attacker-specified username and password (perform a connection test), disable SSL/TLS validation for the entire Jenkins controller JVM as part of the connection test (see CVE-2022-28142), and test a rollback with attacker-specified parameters. | ||||
| CVE-2022-28139 | 1 Jenkins | 1 Rocketchat Notifier | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins RocketChat Notifier Plugin 1.4.10 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | ||||
| CVE-2022-28137 | 1 Jenkins | 1 Jiratestresultreporter | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins JiraTestResultReporter Plugin 165.v817928553942 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | ||||
| CVE-2022-28134 | 1 Jenkins | 1 Bitbucket Server Integration | 2024-11-21 | 5.4 Medium |
| Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to create, view, and delete BitBucket Server consumers. | ||||
| CVE-2022-27948 | 1 Tesla | 6 Model 3, Model 3 Firmware, Model S and 3 more | 2024-11-21 | 7.2 High |
| Certain Tesla vehicles through 2022-03-26 allow attackers to open the charging port via a 315 MHz RF signal containing a fixed sequence of approximately one hundred symbols. NOTE: the vendor's perspective is that the behavior is as intended | ||||
| CVE-2022-27669 | 1 Sap | 1 Netweaver Application Server For Java | 2024-11-21 | 7.5 High |
| An unauthenticated user can use functions of XML Data Archiving Service of SAP NetWeaver Application Server for Java - version 7.50, to which access should be restricted. This may result in an escalation of privileges. | ||||
| CVE-2022-27658 | 1 Sap | 1 Innovation Management | 2024-11-21 | 7.5 High |
| Under certain conditions, SAP Innovation management - version 2.0, allows an attacker to access information which could lead to information gathering for further exploits and attacks. | ||||
| CVE-2022-27480 | 1 Siemens | 4 Sicam A8000 Cp-8031, Sicam A8000 Cp-8031 Firmware, Sicam A8000 Cp-8050 and 1 more | 2024-11-21 | 7.5 High |
| A vulnerability has been identified in SICAM A8000 CP-8031 (All versions < V4.80), SICAM A8000 CP-8050 (All versions < V4.80). Affected devices do not require an user to be authenticated to access certain files. This could allow unauthenticated attackers to download these files. | ||||