Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-25104 | 1 Oceanwp | 1 Ocean Extra | 2022-06-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Ocean Extra WordPress plugin before 1.9.5 does not escape generated links which are then used when the OceanWP is active, leading to a Reflected Cross-Site Scripting issue | |||||
| CVE-2021-20551 | 3 Ibm, Linux, Microsoft | 3 Jazz Team Server, Linux Kernel, Windows | 2022-06-30 | 2.1 LOW | 3.3 LOW |
| IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 199149. | |||||
| CVE-2022-32545 | 3 Fedoraproject, Imagemagick, Redhat | 4 Extra Packages For Enterprise Linux, Fedora, Imagemagick and 1 more | 2022-06-30 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior. | |||||
| CVE-2013-4146 | 2022-06-30 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-3414. Reason: This candidate is a duplicate of CVE-2012-3414. Notes: All CVE users should reference CVE-2012-3414 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2022-28396 | 2022-06-30 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2022-27457 | 1 Mariadb | 1 Mariadb | 2022-06-30 | 5.0 MEDIUM | 7.5 HIGH |
| MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c. | |||||
| CVE-2022-27455 | 1 Mariadb | 1 Mariadb | 2022-06-30 | 5.0 MEDIUM | 7.5 HIGH |
| MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c. | |||||
| CVE-2022-21184 | 1 Atvise | 1 Atvise | 2022-06-30 | 4.3 MEDIUM | 5.9 MEDIUM |
| An information disclosure vulnerability exists in the License registration functionality of Bachmann Visutec GmbH Atvise 3.5.4, 3.6 and 3.7. A plaintext HTTP request can lead to a disclosure of login credentials. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. | |||||
| CVE-2022-27451 | 1 Mariadb | 1 Mariadb | 2022-06-30 | 5.0 MEDIUM | 7.5 HIGH |
| MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc. | |||||
| CVE-2022-34189 | 1 Jenkins | 1 Image Tag Parameter | 2022-06-30 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Image Tag Parameter Plugin 1.10 and earlier does not escape the name and description of Image Tag parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-34188 | 1 Jenkins | 1 Hidden Parameter | 2022-06-30 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Hidden Parameter Plugin 0.0.4 and earlier does not escape the name and description of Hidden Parameter parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-34187 | 1 Jenkins | 1 Filesystem List Parameter | 2022-06-30 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Filesystem List Parameter Plugin 0.0.7 and earlier does not escape the name and description of File system objects list parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-34186 | 1 Jenkins | 1 Dynamic Extended Choice Parameter | 2022-06-30 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape the name and description of Moded Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-34185 | 1 Jenkins | 1 Date Parameter | 2022-06-30 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Date Parameter Plugin 0.0.4 and earlier does not escape the name and description of Date parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-34184 | 1 Jenkins | 1 Crx Content Package Deployer | 2022-06-30 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins CRX Content Package Deployer Plugin 1.9 and earlier does not escape the name and description of CRX Content Package Choice parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-26134 | 1 Atlassian | 2 Confluence Data Center, Confluence Server | 2022-06-29 | 7.5 HIGH | 9.8 CRITICAL |
| In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1. | |||||
| CVE-2022-34208 | 1 Jenkins | 1 Beaker Builder | 2022-06-29 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins Beaker builder Plugin 1.10 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. | |||||
| CVE-2022-34206 | 1 Jenkins | 1 Jianliao Notification | 2022-06-29 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers with Overall/Read permission to send HTTP POST requests to an attacker-specified URL. | |||||
| CVE-2022-34204 | 1 Jenkins | 1 Easyqa | 2022-06-29 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins EasyQA Plugin 1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server. | |||||
| CVE-2022-31248 | 1 Suse | 1 Manager Server | 2022-06-29 | 5.0 MEDIUM | 5.3 MEDIUM |
| A Observable Response Discrepancy vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to discover valid usernames. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46-1. SUSE Manager Server 4.2 spacewalk-java versions prior to 4.2.37-1. | |||||