Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-36887 | 1 Jenkins | 1 Job Configuration History | 2022-08-03 | N/A | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Job Configuration History Plugin 1155.v28a_46a_cc06a_5 and earlier allows attackers to delete entries from job, agent, and system configuration history, or restore older versions of job, agent, and system configurations. | |||||
| CVE-2022-36885 | 1 Jenkins | 1 Github | 2022-08-03 | N/A | 5.3 MEDIUM |
| Jenkins GitHub Plugin 1.34.4 and earlier uses a non-constant time comparison function when checking whether the provided and computed webhook signatures are equal, allowing attackers to use statistical methods to obtain a valid webhook signature. | |||||
| CVE-2022-36886 | 1 Jenkins | 1 External Monitor Job Type | 2022-08-03 | N/A | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins External Monitor Job Type Plugin 191.v363d0d1efdf8 and earlier allows attackers to create runs of an external job. | |||||
| CVE-2022-36888 | 1 Jenkins | 1 Hashicorp Vault | 2022-08-03 | N/A | 6.5 MEDIUM |
| A missing permission check in Jenkins HashiCorp Vault Plugin 354.vdb_858fd6b_f48 and earlier allows attackers with Overall/Read permission to obtain credentials stored in Vault with attacker-specified path and keys. | |||||
| CVE-2022-34551 | 1 Sims Project | 1 Sims | 2022-08-03 | N/A | 6.5 MEDIUM |
| Sims v1.0 was discovered to allow path traversal when downloading attachments. | |||||
| CVE-2022-35869 | 1 Inductiveautomation | 1 Ignition | 2022-08-03 | N/A | 9.8 CRITICAL |
| This vulnerability allows remote attackers to bypass authentication on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Authentication is not required to exploit this vulnerability. The specific flaw exists within com.inductiveautomation.ignition.gateway.web.pages. The issue results from the lack of proper authentication prior to access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-17211. | |||||
| CVE-2022-35870 | 1 Inductiveautomation | 1 Ignition | 2022-08-03 | N/A | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within com.inductiveautomation.metro.impl. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17265. | |||||
| CVE-2022-35871 | 1 Inductiveautomation | 1 Ignition | 2022-08-03 | N/A | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Authentication is not required to exploit this vulnerability. The specific flaw exists within the authenticateAdSso method. The issue results from the lack of authentication prior to allowing the execution of python code. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17206. | |||||
| CVE-2022-35872 | 1 Inductiveautomation | 1 Ignition | 2022-08-03 | N/A | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ZIP files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17115. | |||||
| CVE-2022-35873 | 1 Inductiveautomation | 1 Ignition | 2022-08-03 | N/A | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of ZIP files. Crafted data in a ZIP file can cause the application to execute arbitrary Python scripts. The user interface fails to provide sufficient indication of the hazard. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-16949. | |||||
| CVE-2022-34572 | 1 Wavlink | 1 Wifi-repeater Firmware | 2022-08-03 | N/A | 5.7 MEDIUM |
| An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the telnet password via accessing the page tftp.txt. | |||||
| CVE-2022-34571 | 1 Wavlink | 1 Wifi-repeater Firmware | 2022-08-03 | N/A | 8.0 HIGH |
| An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the system key information and execute arbitrary commands via accessing the page syslog.shtml. | |||||
| CVE-2022-34549 | 1 Sims Project | 1 Sims | 2022-08-03 | N/A | 8.8 HIGH |
| Sims v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /uploadServlet. This vulnerability allows attackers to escalate privileges and execute arbitrary commands via a crafted file. | |||||
| CVE-2022-34573 | 1 Wavlink | 1 Wifi-repeater Firmware | 2022-08-03 | N/A | 6.3 MEDIUM |
| An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to arbitrarily configure device settings via accessing the page mb_wifibasic.shtml. | |||||
| CVE-2022-2549 | 1 Gpac | 1 Gpac | 2022-08-03 | N/A | 5.5 MEDIUM |
| NULL Pointer Dereference in GitHub repository gpac/gpac prior to v2.1.0-DEV. | |||||
| CVE-2022-36917 | 1 Jenkins | 1 Google Cloud Backup | 2022-08-03 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins Google Cloud Backup Plugin 0.6 and earlier allows attackers with Overall/Read permission to request a manual backup. | |||||
| CVE-2022-36916 | 1 Jenkins | 1 Google Cloud Backup | 2022-08-03 | N/A | 8.0 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Google Cloud Backup Plugin 0.6 and earlier allows attackers to request a manual backup. | |||||
| CVE-2022-34574 | 1 Wavlink | 1 Wifi-repeater Firmware | 2022-08-03 | N/A | 5.7 MEDIUM |
| An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the key information of the device via accessing Tftpd32.ini. | |||||
| CVE-2022-34575 | 1 Wavlink | 1 Wifi-repeater Firmware | 2022-08-03 | N/A | 5.7 MEDIUM |
| An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the key information of the device via accessing fctest.shtml. | |||||
| CVE-2022-34576 | 1 Wavlink | 2 Wn535g3, Wn535g3 Firmware | 2022-08-03 | N/A | 7.5 HIGH |
| A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to execute arbitrary code via a crafted POST request. | |||||