Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-45388 | 1 Jenkins | 1 Config Rotator | 2022-11-17 | N/A | 7.5 HIGH |
| Jenkins Config Rotator Plugin 2.0.1 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing unauthenticated attackers to read arbitrary files with '.xml' extension on the Jenkins controller file system. | |||||
| CVE-2022-45389 | 1 Jenkins | 1 Xp-dev | 2022-11-17 | N/A | 5.3 MEDIUM |
| A missing permission check in Jenkins XP-Dev Plugin 1.0 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to an attacker-specified repository. | |||||
| CVE-2022-25674 | 1 Qualcomm | 32 Ar8031, Ar8031 Firmware, Csra6620 and 29 more | 2022-11-17 | N/A | 9.8 CRITICAL |
| Cryptographic issues in WLAN during the group key handshake of the WPA/WPA2 protocol in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music | |||||
| CVE-2022-25671 | 1 Qualcomm | 28 Ar8035, Ar8035 Firmware, Qca8081 and 25 more | 2022-11-17 | N/A | 7.5 HIGH |
| Denial of service in MODEM due to reachable assertion in Snapdragon Mobile | |||||
| CVE-2022-45390 | 1 Jenkins | 1 Loader.io | 2022-11-17 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins loader.io Plugin 1.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | |||||
| CVE-2022-25667 | 1 Qualcomm | 138 Ar9380, Ar9380 Firmware, Csr8811 and 135 more | 2022-11-17 | N/A | 7.5 HIGH |
| Information disclosure in kernel due to improper handling of ICMP requests in Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2022-45392 | 1 Jenkins | 1 Ns-nd Integration Performance Publisher | 2022-11-17 | N/A | 6.5 MEDIUM |
| Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system. | |||||
| CVE-2022-45391 | 1 Jenkins | 1 Ns-nd Integration Performance Publisher | 2022-11-17 | N/A | 7.5 HIGH |
| Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier globally and unconditionally disables SSL/TLS certificate and hostname validation for the entire Jenkins controller JVM. | |||||
| CVE-2022-30768 | 1 Zoneminder | 1 Zoneminder | 2022-11-17 | N/A | 5.4 MEDIUM |
| A Stored Cross Site Scripting (XSS) issue in ZoneMinder 1.36.12 allows an attacker to execute HTML or JavaScript code via the Username field when an Admin (or non-Admin users that can see other users logged into the platform) clicks on Logout. NOTE: this exists in later versions than CVE-2019-7348 and requires a different attack method. | |||||
| CVE-2022-45401 | 1 Jenkins | 1 Associated Files | 2022-11-17 | N/A | 5.4 MEDIUM |
| Jenkins Associated Files Plugin 0.2.1 and earlier does not escape names of associated files, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-4018 | 1 Ikus-soft | 1 Rdiffweb | 2022-11-17 | N/A | 4.3 MEDIUM |
| Missing Authentication for Critical Function in GitHub repository ikus060/rdiffweb prior to 2.5.0a6. | |||||
| CVE-2022-3980 | 1 Sophos | 1 Mobile | 2022-11-17 | N/A | 9.8 CRITICAL |
| An XML External Entity (XEE) vulnerability allows server-side request forgery (SSRF) and potential code execution in Sophos Mobile managed on-premises between versions 5.0.0 and 9.7.4. | |||||
| CVE-2022-4021 | 1 Permalink Manager Lite Project | 1 Permalink Manager Lite | 2022-11-17 | N/A | 4.3 MEDIUM |
| The Permalink Manager Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.2.20.1. This is due to missing or incorrect nonce validation on the extra_actions function. This makes it possible for unauthenticated attackers to change plugin settings including permalinks and site maps, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2022-43234 | 1 Hoosk | 1 Hoosk | 2022-11-17 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the /attachments component of Hoosk v1.8 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-4022 | 1 Benbodhi | 1 Svg Support | 2022-11-17 | N/A | 5.4 MEDIUM |
| The SVG Support plugin for WordPress defaults to insecure settings in version 2.5 and 2.5.1. SVG files containing malicious javascript are not sanitized. While version 2.5 adds the ability to sanitize image as they are uploaded, the plugin defaults to disable sanitization and does not restrict SVG upload to only administrators. This allows authenticated attackers, with author-level privileges and higher, to upload malicious SVG files that can be embedded in posts and pages by higher privileged users. Additionally, the embedded JavaScript is also triggered on visiting the image URL, which allows an attacker to execute malicious code in browsers visiting that URL. | |||||
| CVE-2022-43264 | 1 Guitar-pro | 1 Guitar Pro | 2022-11-17 | N/A | 7.5 HIGH |
| Arobas Music Guitar Pro for iPad and iPhone before v1.10.2 allows attackers to perform directory traversal and download arbitrary files via a crafted web request. | |||||
| CVE-2022-34354 | 2 Ibm, Linux | 2 Partner Engagement Manager, Linux Kernel | 2022-11-17 | N/A | 3.3 LOW |
| IBM Sterling Partner Engagement Manager 2.0 allows encrypted storage of client data to be stored locally which can be read by another user on the system. IBM X-Force ID: 230424. | |||||
| CVE-2022-43135 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2022-11-17 | N/A | 9.8 CRITICAL |
| Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at /diagnostic/login.php. | |||||
| CVE-2022-42954 | 1 Keyfactor | 1 Kefactor Ejbca | 2022-11-17 | N/A | 5.4 MEDIUM |
| Keyfactor EJBCA before 7.10.0 allows XSS. | |||||
| CVE-2022-39834 | 1 Keyfactor | 1 Primekey Ejbca | 2022-11-17 | N/A | 5.4 MEDIUM |
| A stored XSS vulnerability was discovered in adminweb/ra/viewendentity.jsp in PrimeKey EJBCA through 7.9.0.2. A low-privilege user can store JavaScript in order to exploit a higher-privilege user. | |||||