Total
1368 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-39115 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2022-10-17 | N/A | 5.5 MEDIUM |
| In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed. | |||||
| CVE-2022-39103 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2022-10-17 | N/A | 5.5 MEDIUM |
| In Gallery service, there is a missing permission check. This could lead to local denial of service in Gallery service with no additional execution privileges needed. | |||||
| CVE-2022-38689 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2022-10-17 | N/A | 5.5 MEDIUM |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
| CVE-2022-38688 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2022-10-17 | N/A | 5.5 MEDIUM |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
| CVE-2022-38687 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2022-10-17 | N/A | 5.5 MEDIUM |
| In messaging service, there is a missing permission check. This could lead to local denial of service in messaging service with no additional execution privileges needed. | |||||
| CVE-2020-2094 | 1 Jenkins | 1 Health Advisor By Cloudbees | 2022-10-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins Health Advisor by CloudBees Plugin 3.0 and earlier allows attackers with Overall/Read permission to send a fixed email to an attacker-specific recipient. | |||||
| CVE-2022-20614 | 2 Jenkins, Oracle | 2 Mailer, Communications Cloud Native Core Automated Test Suite | 2022-10-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers with Overall/Read access to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname. | |||||
| CVE-2022-20616 | 1 Jenkins | 1 Credentials Binding | 2022-10-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Credentials Binding Plugin 1.27 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read access to validate if a credential ID refers to a secret file credential and whether it's a zip file. | |||||
| CVE-2022-20618 | 1 Jenkins | 1 Bitbucket Branch Source | 2022-10-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins. | |||||
| CVE-2022-20620 | 1 Jenkins | 1 Ssh Agent | 2022-10-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| Missing permission checks in Jenkins SSH Agent Plugin 1.23 and earlier allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins. | |||||
| CVE-2022-27199 | 1 Jenkins | 1 Cloudbees Aws Credentials | 2022-10-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token. | |||||
| CVE-2022-28137 | 1 Jenkins | 1 Jiratestresultreporter | 2022-10-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins JiraTestResultReporter Plugin 165.v817928553942 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | |||||
| CVE-2022-27205 | 1 Jenkins | 1 Extended Choice Parameter | 2022-10-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. | |||||
| CVE-2022-27215 | 1 Jenkins | 1 Release Helper | 2022-10-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins Release Helper Plugin 1.3.3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | |||||
| CVE-2022-34796 | 1 Jenkins | 1 Deployment Dashboard | 2022-10-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | |||||
| CVE-2022-28147 | 1 Jenkins | 1 Continuous Integration With Toad Edge | 2022-10-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. | |||||
| CVE-2022-42488 | 1 Openharmony | 1 Openharmony | 2022-10-17 | N/A | 7.8 HIGH |
| OpenHarmony-v3.1.2 and prior versions have a Missing permission validation vulnerability in param service of startup subsystem. An malicious application installed on the device could elevate its privileges to the root user, disable security features, or cause DoS by disabling particular services. | |||||
| CVE-2022-35136 | 1 Boodskap | 1 Iot Platform | 2022-10-14 | N/A | 6.5 MEDIUM |
| Boodskap IoT Platform v4.4.9-02 allows attackers to make unauthenticated API requests. | |||||
| CVE-2022-20430 | 1 Google | 1 Android | 2022-10-12 | N/A | 7.8 HIGH |
| There is an missing authorization issue in the system service. Since the component does not have permission check , resulting in Local Elevation of privilege.Product: AndroidVersions: Android SoCAndroid ID: A-242221233 | |||||
| CVE-2022-20432 | 1 Google | 1 Android | 2022-10-12 | N/A | 7.8 HIGH |
| There is an missing authorization issue in the system service. Since the component does not have permission check and permission protection,, resulting in Local Elevation of privilege.Product: AndroidVersions: Android SoCAndroid ID: A-242221899 | |||||