Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-32861 | 1 Apple | 2 Macos, Safari | 2022-09-22 | N/A | 5.3 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in Safari 15.6, macOS Monterey 12.5. A user may be tracked through their IP address. | |||||
| CVE-2022-30134 | 1 Microsoft | 1 Exchange Server | 2022-09-22 | N/A | 4.3 MEDIUM |
| Microsoft Exchange Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-21979, CVE-2022-34692. | |||||
| CVE-2022-32880 | 1 Apple | 1 Macos | 2022-09-22 | N/A | 6.5 MEDIUM |
| This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.5. An app may be able to access user-sensitive data. | |||||
| CVE-2022-32882 | 1 Apple | 1 Macos | 2022-09-22 | N/A | 9.8 CRITICAL |
| This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to bypass Privacy preferences. | |||||
| CVE-2022-23948 | 1 Keylime | 1 Keylime | 2022-09-22 | N/A | 7.5 HIGH |
| A flaw was found in Keylime before 6.3.0. The logic in the Keylime agent for checking for a secure mount can be fooled by previously created unprivileged mounts allowing secrets to be leaked to other processes on the host. | |||||
| CVE-2022-23949 | 1 Keylime | 1 Keylime | 2022-09-22 | N/A | 7.5 HIGH |
| In Keylime before 6.3.0, unsanitized UUIDs can be passed by a rogue agent and can lead to log spoofing on the verifier and registrar. | |||||
| CVE-2022-23950 | 1 Keylime | 1 Keylime | 2022-09-22 | N/A | 7.5 HIGH |
| In Keylime before 6.3.0, Revocation Notifier uses a fixed /tmp path for UNIX domain socket which can allow unprivileged users a method to prohibit keylime operations. | |||||
| CVE-2022-23951 | 1 Keylime | 1 Keylime | 2022-09-22 | N/A | 5.5 MEDIUM |
| In Keylime before 6.3.0, quote responses from the agent can contain possibly untrusted ZIP data which can lead to zip bombs. | |||||
| CVE-2021-43310 | 1 Keylime | 1 Keylime | 2022-09-22 | N/A | 9.8 CRITICAL |
| A vulnerability in Keylime before 6.3.0 allows an attacker to craft a request to the agent that resets the U and V keys as if the agent were being re-added to a verifier. This could lead to a remote code execution. | |||||
| CVE-2022-23952 | 1 Keylime | 1 Keylime | 2022-09-22 | N/A | 7.5 HIGH |
| In Keylime before 6.3.0, current keylime installer installs the keylime.conf file, which can contain sensitive data, as world-readable. | |||||
| CVE-2022-41247 | 1 Jenkins | 1 Bigpanda Notifier | 2022-09-22 | N/A | 4.3 MEDIUM |
| Jenkins BigPanda Notifier Plugin 1.4.0 and earlier stores the BigPanda API key unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | |||||
| CVE-2022-40027 | 1 Simple Task Managing System Project | 1 Simple Task Managing System | 2022-09-22 | N/A | 6.1 MEDIUM |
| SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component newTask.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the shortName parameter. | |||||
| CVE-2022-40026 | 1 Simple Task Managing System Project | 1 Simple Task Managing System | 2022-09-22 | N/A | 7.2 HIGH |
| SourceCodester Simple Task Managing System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at board.php. | |||||
| CVE-2022-40028 | 1 Simple Task Managing System Project | 1 Simple Task Managing System | 2022-09-22 | N/A | 4.8 MEDIUM |
| SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component newProjectValidation.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fullName parameter. | |||||
| CVE-2022-40029 | 1 Simple Task Managing System Project | 1 Simple Task Managing System | 2022-09-22 | N/A | 4.8 MEDIUM |
| SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component newProjectValidation.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the shortName parameter. | |||||
| CVE-2022-40030 | 1 Simple Task Managing System Project | 1 Simple Task Managing System | 2022-09-22 | N/A | 9.8 CRITICAL |
| SourceCodester Simple Task Managing System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at changeStatus.php. | |||||
| CVE-2022-41234 | 1 Jenkins | 1 Rundeck | 2022-09-22 | N/A | 8.8 HIGH |
| Jenkins Rundeck Plugin 3.6.11 and earlier does not protect access to the /plugin/rundeck/webhook/ endpoint, allowing users with Overall/Read permission to trigger jobs that are configured to be triggerable via Rundeck. | |||||
| CVE-2022-41236 | 1 Jenkins | 1 Security Inspector | 2022-09-22 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Security Inspector Plugin 117.v6eecc36919c2 and earlier allows attackers to replace the generated report stored in a per-session cache and displayed to authorized users at the .../report URL with a report based on attacker-specified report generation options. | |||||
| CVE-2022-41237 | 1 Jenkins | 1 Dotci | 2022-09-22 | N/A | 9.8 CRITICAL |
| Jenkins DotCi Plugin 2.40.00 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | |||||
| CVE-2022-41239 | 1 Jenkins | 1 Dotci | 2022-09-22 | N/A | 5.4 MEDIUM |
| Jenkins DotCi Plugin 2.40.00 and earlier does not escape the GitHub user name parameter provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting (XSS) vulnerability. | |||||