Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-41255 | 1 Jenkins | 1 Cons3rt | 2022-09-22 | N/A | 6.5 MEDIUM |
| Jenkins CONS3RT Plugin 1.0.0 and earlier stores Cons3rt API token unencrypted in job config.xml files on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | |||||
| CVE-2021-33079 | 1 Intel | 60 Ssd 600p, Ssd 600p Firmware, Ssd 660p and 57 more | 2022-09-22 | N/A | 4.4 MEDIUM |
| Protection mechanism failure in firmware for some Intel(R) SSD DC Products may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2022-41254 | 1 Jenkins | 1 Cons3rt | 2022-09-22 | N/A | 6.5 MEDIUM |
| Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2021-33076 | 1 Intel | 60 Ssd 600p, Ssd 600p Firmware, Ssd 660p and 57 more | 2022-09-22 | N/A | 6.8 MEDIUM |
| Improper authentication in firmware for some Intel(R) SSD DC Products may allow an unauthenticated user to potentially enable escalation of privilege via physical access. | |||||
| CVE-2022-41253 | 1 Jenkins | 1 Cons3rt | 2022-09-22 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins CONS3RT Plugin 1.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2022-41252 | 1 Jenkins | 1 Cons3rt | 2022-09-22 | N/A | 4.3 MEDIUM |
| Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allows users with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins. | |||||
| CVE-2022-41251 | 1 Jenkins | 1 Apprenda | 2022-09-22 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins Apprenda Plugin 2.2.0 and earlier allows users with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | |||||
| CVE-2022-41250 | 1 Jenkins | 1 Scm Httpclient | 2022-09-22 | N/A | 6.5 MEDIUM |
| A missing permission check in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2022-41249 | 1 Jenkins | 1 Scm Httpclient | 2022-09-22 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2022-41248 | 1 Jenkins | 1 Bigpanda Notifier | 2022-09-22 | N/A | 5.3 MEDIUM |
| Jenkins BigPanda Notifier Plugin 1.4.0 and earlier does not mask the BigPanda API key on the global configuration form, increasing the potential for attackers to observe and capture it. | |||||
| CVE-2022-37246 | 1 Craftcms | 1 Craft Cms | 2022-09-22 | N/A | 5.4 MEDIUM |
| Craft CMS 4.2.0.1 is affected by Cross Site Scripting (XSS) in the file src/web/assets/cp/src/js/BaseElementSelectInput.js and in specific on the line label: elementInfo.label. | |||||
| CVE-2022-24477 | 1 Microsoft | 1 Exchange Server | 2022-09-22 | N/A | 8.0 HIGH |
| Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21980, CVE-2022-24516. | |||||
| CVE-2022-24516 | 1 Microsoft | 1 Exchange Server | 2022-09-22 | N/A | 8.0 HIGH |
| Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21980, CVE-2022-24477. | |||||
| CVE-2022-30139 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2022-09-22 | 6.0 MEDIUM | 7.5 HIGH |
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30141, CVE-2022-30143, CVE-2022-30146, CVE-2022-30149, CVE-2022-30153, CVE-2022-30161. | |||||
| CVE-2022-30145 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2022-09-22 | 6.0 MEDIUM | 7.5 HIGH |
| Windows Encrypting File System (EFS) Remote Code Execution Vulnerability. | |||||
| CVE-2022-30174 | 1 Microsoft | 2 365 Apps, Office Long Term Servicing Channel | 2022-09-22 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Office Remote Code Execution Vulnerability. | |||||
| CVE-2022-30164 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-09-22 | 4.6 MEDIUM | 7.8 HIGH |
| Kerberos AppContainer Security Feature Bypass Vulnerability. | |||||
| CVE-2022-30142 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-09-22 | 7.6 HIGH | 7.5 HIGH |
| Windows File History Remote Code Execution Vulnerability. | |||||
| CVE-2022-30140 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-09-22 | 5.1 MEDIUM | 7.5 HIGH |
| Windows iSCSI Discovery Service Remote Code Execution Vulnerability. | |||||
| CVE-2022-32802 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2022-09-22 | N/A | 7.8 HIGH |
| A logic issue was addressed with improved checks. This issue is fixed in iOS 15.6 and iPadOS 15.6, tvOS 15.6, macOS Monterey 12.5. Processing a maliciously crafted file may lead to arbitrary code execution. | |||||