Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-34801 | 1 Jenkins | 1 Build Notifications | 2022-07-07 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Build Notifications Plugin 1.5.0 and earlier transmits tokens in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | |||||
| CVE-2022-34802 | 1 Jenkins | 1 Rocketchat Notifier | 2022-07-07 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins RocketChat Notifier Plugin 1.5.2 and earlier stores the login password and webhook token unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | |||||
| CVE-2022-34803 | 1 Jenkins | 1 Opsgenie | 2022-07-07 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins OpsGenie Plugin 1.9 and earlier stores API keys unencrypted in its global configuration file and in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission (config.xml), or access to the Jenkins controller file system. | |||||
| CVE-2022-30997 | 1 Yokogawa | 4 Stardom Fcj, Stardom Fcj Firmware, Stardom Fcn and 1 more | 2022-07-07 | 9.0 HIGH | 7.2 HIGH |
| Use of hard-coded credentials vulnerability exists in STARDOM FCN Controller and FCJ Controller R4.10 to R4.31, which may allow an attacker with an administrative privilege to read/change configuration settings or update the controller with tampered firmware. | |||||
| CVE-2017-20106 | 1 Khoros | 1 Lithium Forum | 2022-07-07 | 3.6 LOW | 4.4 MEDIUM |
| A vulnerability, which was classified as critical, has been found in Lithium Forum 2017 Q1. This issue affects some unknown processing of the component Compose Message Handler. The manipulation of the argument upload_url leads to server-side request forgery. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-33043 | 1 Urtracker | 1 Urtracker | 2022-07-07 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the batch add function of Urtracker Premium v4.0.1.1477 allows attackers to execute arbitrary web scripts or HTML via a crafted excel file. | |||||
| CVE-2022-32532 | 1 Apache | 1 Shiro | 2022-07-07 | 7.5 HIGH | 9.8 CRITICAL |
| Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass. | |||||
| CVE-2022-31887 | 1 Marvalglobal | 1 Marval Msm | 2022-07-07 | 5.0 MEDIUM | 9.8 CRITICAL |
| Marval MSM v14.19.0.12476 has a 0-Click Account Takeover vulnerability which allows an attacker to change any user's password in the organization, this means that the user can also escalate achieve Privilege Escalation by changing the administrator password. | |||||
| CVE-2022-31884 | 1 Marvalglobal | 1 Marval Msm | 2022-07-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| Marval MSM v14.19.0.12476 has an Improper Access Control vulnerability which allows a low privilege user to delete other users API Keys including high privilege and the Administrator users API Keys. | |||||
| CVE-2022-29858 | 1 Silverstripe | 1 Assets | 2022-07-07 | 4.0 MEDIUM | 4.3 MEDIUM |
| Silverstripe silverstripe/assets through 1.10 is vulnerable to improper access control that allows protected images to be published by changing an existing image short code on website content. | |||||
| CVE-2022-25238 | 1 Silverstripe | 1 Framework | 2022-07-07 | 3.5 LOW | 5.4 MEDIUM |
| Silverstripe silverstripe/framework through 4.10.0 allows XSS, inside of script tags that can can be added to website content via XHR by an authenticated CMS user if the cwp-core module is not installed on the sanitise_server_side contig is not set to true in project code. | |||||
| CVE-2021-41559 | 1 Silverstripe | 1 Silverstripe | 2022-07-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document. | |||||
| CVE-2022-29271 | 1 Nagios | 1 Nagios Xi | 2022-07-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Nagios XI through 5.8.5, a read-only Nagios user (due to an incorrect permission check) is able to schedule downtime for any host/services. This allows an attacker to permanently disable all monitoring checks. | |||||
| CVE-2022-29272 | 1 Nagios | 1 Nagios Xi | 2022-07-07 | 5.8 MEDIUM | 6.1 MEDIUM |
| In Nagios XI through 5.8.5, an open redirect vulnerability exists in the login function that could lead to spoofing. | |||||
| CVE-2022-33107 | 1 Thinkphp | 1 Thinkphp | 2022-07-07 | 7.5 HIGH | 9.8 CRITICAL |
| ThinkPHP v6.0.12 was discovered to contain a deserialization vulnerability via the component vendor\league\flysystem-cached-adapter\src\Storage\AbstractCache.php. This vulnerability allows attackers to execute arbitrary code via a crafted payload. | |||||
| CVE-2020-27732 | 2022-07-07 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none. | |||||
| CVE-2020-27731 | 2022-07-07 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none. | |||||
| CVE-2020-25591 | 2022-07-07 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none. | |||||
| CVE-2020-25590 | 2022-07-07 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none. | |||||
| CVE-2020-25589 | 2022-07-07 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none. | |||||