Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-43616 | 3 Fedoraproject, Netapp, Npmjs | 3 Fedora, Next Generation Application Programming Interface, Npm | 2022-10-17 | 7.5 HIGH | 9.8 CRITICAL |
| ** DISPUTED ** The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the documentation, and makes it easier for attackers to install malware that was supposed to have been blocked by an exact version match requirement in package-lock.json. NOTE: The npm team believes this is not a vulnerability. It would require someone to socially engineer package.json which has different dependencies than package-lock.json. That user would have to have file system or write access to change dependencies. The npm team states preventing malicious actors from socially engineering or gaining file system access is outside the scope of the npm CLI. | |||||
| CVE-2022-39120 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2022-10-17 | N/A | 5.5 MEDIUM |
| In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. | |||||
| CVE-2022-39112 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2022-10-17 | N/A | 5.5 MEDIUM |
| In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed. | |||||
| CVE-2022-39114 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2022-10-17 | N/A | 5.5 MEDIUM |
| In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed. | |||||
| CVE-2022-39113 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2022-10-17 | N/A | 5.5 MEDIUM |
| In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed. | |||||
| CVE-2022-39117 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2022-10-17 | N/A | 5.5 MEDIUM |
| In messaging service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
| CVE-2022-39115 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2022-10-17 | N/A | 5.5 MEDIUM |
| In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed. | |||||
| CVE-2022-39105 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2022-10-17 | N/A | 5.5 MEDIUM |
| In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. | |||||
| CVE-2022-39103 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2022-10-17 | N/A | 5.5 MEDIUM |
| In Gallery service, there is a missing permission check. This could lead to local denial of service in Gallery service with no additional execution privileges needed. | |||||
| CVE-2022-38690 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2022-10-17 | N/A | 5.5 MEDIUM |
| In camera driver, there is a possible memory corruption due to improper locking. This could lead to local denial of service in kernel. | |||||
| CVE-2022-38689 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2022-10-17 | N/A | 5.5 MEDIUM |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
| CVE-2022-38688 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2022-10-17 | N/A | 5.5 MEDIUM |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
| CVE-2022-38687 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2022-10-17 | N/A | 5.5 MEDIUM |
| In messaging service, there is a missing permission check. This could lead to local denial of service in messaging service with no additional execution privileges needed. | |||||
| CVE-2022-42067 | 1 Online Birth Certificate Management System Project | 1 Online Birth Certificate Management System | 2022-10-17 | N/A | 4.3 MEDIUM |
| Online Birth Certificate Management System version 1.0 suffers from an Insecure Direct Object Reference (IDOR) vulnerability | |||||
| CVE-2022-27206 | 1 Jenkins | 1 Gitlab Authentication | 2022-10-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins GitLab Authentication Plugin 1.13 and earlier stores the GitLab client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | |||||
| CVE-2020-2094 | 1 Jenkins | 1 Health Advisor By Cloudbees | 2022-10-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins Health Advisor by CloudBees Plugin 3.0 and earlier allows attackers with Overall/Read permission to send a fixed email to an attacker-specific recipient. | |||||
| CVE-2022-20614 | 2 Jenkins, Oracle | 2 Mailer, Communications Cloud Native Core Automated Test Suite | 2022-10-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers with Overall/Read access to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname. | |||||
| CVE-2022-20618 | 1 Jenkins | 1 Bitbucket Branch Source | 2022-10-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins. | |||||
| CVE-2022-20616 | 1 Jenkins | 1 Credentials Binding | 2022-10-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Credentials Binding Plugin 1.27 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read access to validate if a credential ID refers to a secret file credential and whether it's a zip file. | |||||
| CVE-2022-20620 | 1 Jenkins | 1 Ssh Agent | 2022-10-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| Missing permission checks in Jenkins SSH Agent Plugin 1.23 and earlier allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins. | |||||