Total
210374 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-30964 | 1 Jenkins | 1 Multiselect Parameter | 2022-05-25 | 3.5 LOW | 5.4 MEDIUM |
Jenkins Multiselect parameter Plugin 1.3 and earlier does not escape the name and description of Multiselect parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
CVE-2022-23666 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2022-05-25 | 9.0 HIGH | 9.1 CRITICAL |
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | |||||
CVE-2022-23665 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2022-05-25 | 9.0 HIGH | 9.1 CRITICAL |
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | |||||
CVE-2022-23664 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2022-05-25 | 9.0 HIGH | 9.1 CRITICAL |
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | |||||
CVE-2022-30967 | 1 Jenkins | 1 Selection Tasks | 2022-05-25 | 3.5 LOW | 5.4 MEDIUM |
Jenkins Selection tasks Plugin 1.0 and earlier does not escape the name and description of Script Selection task variable parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
CVE-2021-27446 | 1 Weintek | 32 Cmt-ctrl01, Cmt-ctrl01 Firmware, Cmt-fhd and 29 more | 2022-05-25 | 10.0 HIGH | 9.8 CRITICAL |
The Weintek cMT product line is vulnerable to code injection, which may allow an unauthenticated remote attacker to execute commands with root privileges on the operation system. | |||||
CVE-2022-30968 | 1 Jenkins | 1 Vboxwrapper | 2022-05-25 | 3.5 LOW | 5.4 MEDIUM |
Jenkins vboxwrapper Plugin 1.3 and earlier does not escape the name and description of VBox node parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
CVE-2022-23661 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2022-05-25 | 9.0 HIGH | 9.1 CRITICAL |
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | |||||
CVE-2022-23659 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2022-05-25 | 4.3 MEDIUM | 6.1 MEDIUM |
A remote reflected cross site scripting (xss) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | |||||
CVE-2022-23660 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2022-05-25 | 10.0 HIGH | 10.0 CRITICAL |
A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | |||||
CVE-2022-23658 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2022-05-25 | 10.0 HIGH | 10.0 CRITICAL |
A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | |||||
CVE-2022-23657 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2022-05-25 | 10.0 HIGH | 10.0 CRITICAL |
A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | |||||
CVE-2022-30966 | 1 Jenkins | 1 Random String Parameter | 2022-05-25 | 3.5 LOW | 5.4 MEDIUM |
Jenkins Random String Parameter Plugin 1.0 and earlier does not escape the name and description of Random String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
CVE-2022-26650 | 1 Apache | 1 Shenyu | 2022-05-25 | 5.0 MEDIUM | 7.5 HIGH |
In Apache ShenYui, ShenYu-Bootstrap, RegexPredicateJudge.java uses Pattern.matches(conditionData.getParamValue(), realData) to make judgments, where both parameters are controllable by the user. This can cause an attacker pass in malicious regular expressions and characters causing a resource exhaustion. This issue affects Apache ShenYu (incubating) 2.4.0, 2.4.1 and 2.4.2 and is fixed in 2.4.3. | |||||
CVE-2022-0573 | 1 Jfrog | 1 Artifactory | 2022-05-25 | 6.5 MEDIUM | 8.8 HIGH |
JFrog Artifactory before 7.36.1 and 6.23.41, is vulnerable to Insecure Deserialization of untrusted data which can lead to DoS, Privilege Escalation and Remote Code Execution when a specially crafted request is sent by a low privileged authenticated user due to insufficient validation of a user-provided serialized object. | |||||
CVE-2022-30971 | 1 Jenkins | 1 Storable Configs | 2022-05-25 | 6.5 MEDIUM | 8.8 HIGH |
Jenkins Storable Configs Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
CVE-2022-30969 | 1 Jenkins | 1 Autocomplete Parameter | 2022-05-25 | 6.8 MEDIUM | 8.8 HIGH |
A cross-site request forgery (CSRF) vulnerability in Jenkins Autocomplete Parameter Plugin 1.1 and earlier allows attackers to execute arbitrary code without sandbox protection if the victim is an administrator. | |||||
CVE-2021-23266 | 1 Craftercms | 1 Crafter Cms | 2022-05-25 | 4.3 MEDIUM | 4.3 MEDIUM |
An anonymous user can craft a URL with text that ends up in the log viewer as is. The text can then include textual messages to mislead the administrator. | |||||
CVE-2022-30970 | 1 Jenkins | 1 Autocomplete Parameter | 2022-05-25 | 3.5 LOW | 5.4 MEDIUM |
Jenkins Autocomplete Parameter Plugin 1.1 and earlier references Dropdown Autocomplete parameter and Auto Complete String parameter names in an unsafe manner from Javascript embedded in view definitions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
CVE-2022-22484 | 3 Ibm, Linux, Microsoft | 4 Aix, Spectrum Protect, Linux Kernel and 1 more | 2022-05-25 | 2.1 LOW | 5.5 MEDIUM |
IBM Spectrum Protect Operations Center 8.1.12 and 8.1.13 could allow a local attacker to obtain sensitive information, caused by plain text user account passwords potentially being stored in the browser's application command history. By accessing browser history, an attacker could exploit this vulnerability to obtain other user accounts' passwords. IBM X-Force ID: 226322. |