Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-43049 | 1 Tibco | 1 Businessconnect | 2022-02-24 | 10.0 HIGH | 9.8 CRITICAL |
| The Database component of TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to obtain the usernames and passwords of users of the affected system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition: versions 1.1.0 and below. | |||||
| CVE-2022-21991 | 1 Microsoft | 1 Visual Studio Code | 2022-02-24 | 6.8 MEDIUM | 8.1 HIGH |
| Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability. | |||||
| CVE-2021-46250 | 1 Scratchoauth2 Project | 1 Scratchoauth2 | 2022-02-24 | 7.5 HIGH | 10.0 CRITICAL |
| An issue in SOA2Login::commented of ScratchOAuth2 before commit a91879bd58fa83b09283c0708a1864cdf067c64a allows attackers to authenticate as other users on downstream components that rely on ScratchOAuth2. | |||||
| CVE-2022-23604 | 1 X26-cogs Project | 1 X26-cogs | 2022-02-23 | 6.5 MEDIUM | 7.2 HIGH |
| x26-Cogs is a repository of cogs made by Twentysix for the Red Discord bot. Among these cogs is the Defender cog, a tool for Discord server moderation. A vulnerability in the Defender cog prior to version 1.10.0 allows users with admin privileges to issue commands as other users who share the same server. If a bot owner shares the same server as the attacker, it is possible for the attacker to issue bot-owner restricted commands. The issue has been patched in version 1.10.0. One may unload the Defender cog as a workaround. | |||||
| CVE-2022-25183 | 1 Jenkins | 1 Pipeline\ | 2022-02-23 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier uses the names of Pipeline libraries to create cache directories without any sanitization, allowing attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM using specially crafted library names if a global Pipeline library configured to use caching already exists. | |||||
| CVE-2022-25181 | 1 Jenkins | 1 Pipeline\ | 2022-02-23 | 6.5 MEDIUM | 8.8 HIGH |
| A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier allows attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM through crafted SCM contents, if a global Pipeline library already exists. | |||||
| CVE-2022-25182 | 1 Jenkins | 1 Pipeline\ | 2022-02-23 | 6.5 MEDIUM | 8.8 HIGH |
| A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier allows attackers with Item/Configure permission to execute arbitrary code on the Jenkins controller JVM using specially crafted library names if a global Pipeline library is already configured. | |||||
| CVE-2022-25186 | 1 Jenkins | 1 Hashicorp Vault | 2022-02-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins HashiCorp Vault Plugin 3.8.0 and earlier implements functionality that allows agent processes to retrieve any Vault secrets for use on the agent, allowing attackers able to control agent processes to obtain Vault secrets for an attacker-specified path and key. | |||||
| CVE-2022-22770 | 1 Tibco | 1 Auditsafe | 2022-02-23 | 9.0 HIGH | 9.8 CRITICAL |
| The Web Server component of TIBCO Software Inc.'s TIBCO AuditSafe contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to execute API methods on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO AuditSafe: versions 1.1.0 and below. | |||||
| CVE-2021-43050 | 1 Tibco | 1 Businessconnect | 2022-02-23 | 7.2 HIGH | 7.8 HIGH |
| The Auth Server component of TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition contains an easily exploitable vulnerability that allows an unauthenticated attacker with local access to obtain administrative usernames and passwords for the affected system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition: versions 1.1.0 and below. | |||||
| CVE-2019-4352 | 1 Ibm | 1 Maximo Anywhere | 2022-02-23 | 2.1 LOW | 2.4 LOW |
| IBM Maximo Anywhere 7.6.4.0 applications could allow obfuscation of the application source code. IBM X-Force ID: 161494. | |||||
| CVE-2019-4351 | 1 Ibm | 1 Maximo Anywhere | 2022-02-23 | 2.1 LOW | 4.6 MEDIUM |
| IBM Maximo Anywhere 7.6.4.0 applications could disclose sensitive information to a user with physical access to the device. IBM X-Force ID: 161493. | |||||
| CVE-2022-25204 | 1 Jenkins | 1 Doktor | 2022-02-23 | 5.5 MEDIUM | 5.4 MEDIUM |
| Jenkins Doktor Plugin 0.4.1 and earlier implements functionality that allows agent processes to render files on the controller as Markdown or Asciidoc, and error messages allow attackers able to control agent processes to determine whether a file with a given name exists. | |||||
| CVE-2021-44892 | 1 Thinkphp | 1 Thinkphp | 2022-02-23 | 6.5 MEDIUM | 8.8 HIGH |
| A Remote Code Execution (RCE) vulnerability exists in ThinkPHP 3.x.x via value[_filename] in index.php, which could let a malicious user obtain server control privileges. | |||||
| CVE-2019-25057 | 1 R3 | 1 Corda | 2022-02-23 | 5.0 MEDIUM | 7.5 HIGH |
| In Corda before 4.1, the meaning of serialized data can be modified via an attacker-controlled CustomSerializer. | |||||
| CVE-2021-45348 | 1 Attendance Management System Project | 1 Attendance Management System | 2022-02-23 | 5.0 MEDIUM | 7.5 HIGH |
| An Arbitrary File Deletion vulnerability exists in SourceCodester Attendance Management System v1.0 via the csv parameter in admin/pageUploadCSV.php, which can cause a Denial of Service (crash). | |||||
| CVE-2021-39080 | 1 Ibm | 1 Cognos Analytics Mobile | 2022-02-22 | 6.4 MEDIUM | 6.5 MEDIUM |
| Due to weak obfuscation, IBM Cognos Analytics Mobile for Android application prior to version 1.1.14 , an attacker could be able to reverse engineer the codebase to gain knowledge about the programming technique, interface, class definitions, algorithms and functions used. IBM X-Force ID: 215593. | |||||
| CVE-2021-46361 | 1 Magnolia-cms | 1 Magnolia Cms | 2022-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| An issue in the Freemark Filter of Magnolia CMS v6.2.11 and below allows attackers to bypass security restrictions and execute arbitrary code via a crafted FreeMarker payload. | |||||
| CVE-2021-23555 | 1 Vm2 Project | 1 Vm2 | 2022-02-22 | 10.0 HIGH | 9.8 CRITICAL |
| The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of arbitrary code on the host machine. | |||||
| CVE-2000-0672 | 1 Apache | 1 Tomcat | 2022-02-22 | 5.0 MEDIUM | N/A |
| The default configuration of Jakarta Tomcat does not restrict access to the /admin context, which allows remote attackers to read arbitrary files by directly calling the administrative servlets to add a context for the root directory. | |||||