Export limit exceeded: 10428 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10428 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-36129 | 1 Hashicorp | 1 Vault | 2024-11-21 | 9.1 Critical |
| HashiCorp Vault Enterprise 1.7.0 through 1.9.7, 1.10.4, and 1.11.0 clusters using Integrated Storage expose an unauthenticated API endpoint that could be abused to override the voter status of a node within a Vault HA cluster, introducing potential for future data loss or catastrophic failure. Fixed in Vault Enterprise 1.9.8, 1.10.5, and 1.11.1. | ||||
| CVE-2022-36126 | 1 Inductiveautomation | 1 Ignition | 2024-11-21 | 7.2 High |
| An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. The ScriptInvoke function allows remote attackers to execute arbitrary code by supplying a Python script. | ||||
| CVE-2022-35890 | 1 Inductiveautomation | 1 Ignition | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. Designer and Vision Client Session IDs are mishandled. An attacker can determine which session IDs were generated in the past and then hijack sessions assigned to these IDs via Randy. | ||||
| CVE-2022-35716 | 1 Ibm | 1 Urbancode Deploy | 2024-11-21 | 6.5 Medium |
| IBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.16, 7.0.0.0 through 7.0.5.11, 7.1.0.0 through 7.1.2.7, and 7.2.0.0 through 7.2.3.0 could allow an authenticated user to obtain sensitive information in some instances due to improper security checking. IBM X-Force ID: 231360. | ||||
| CVE-2022-35487 | 1 Zammad | 1 Zammad | 2024-11-21 | 7.5 High |
| Zammad 5.2.0 suffers from Incorrect Access Control. Zammad did not correctly perform authorization on certain attachment endpoints. This could be abused by an unauthenticated attacker to gain access to attachments, such as emails or attached files. | ||||
| CVE-2022-35293 | 1 Sap | 1 Enable Now Manager | 2024-11-21 | 9.1 Critical |
| Due to insecure session management, SAP Enable Now allows an unauthenticated attacker to gain access to user's account. On successful exploitation, an attacker can view or modify user data causing limited impact on confidentiality and integrity of the application. | ||||
| CVE-2022-34818 | 1 Jenkins | 1 Failed Job Deactivator | 2024-11-21 | 4.3 Medium |
| Jenkins Failed Job Deactivator Plugin 1.2.1 and earlier does not perform permission checks in several views and HTTP endpoints, allowing attackers with Overall/Read permission to disable jobs. | ||||
| CVE-2022-34814 | 1 Jenkins | 1 Request Rename Or Delete | 2024-11-21 | 4.3 Medium |
| Jenkins Request Rename Or Delete Plugin 1.1.0 and earlier does not correctly perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to view an administrative configuration page listing pending requests. | ||||
| CVE-2022-34813 | 1 Jenkins | 1 Xpath Configuration Viewer | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to create and delete XPath expressions. | ||||
| CVE-2022-34811 | 1 Jenkins | 1 Xpath Configuration Viewer | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to access the XPath Configuration Viewer page. | ||||
| CVE-2022-34810 | 1 Jenkins | 1 Rqm | 2024-11-21 | 6.5 Medium |
| A missing check in Jenkins RQM Plugin 2.8 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | ||||
| CVE-2022-34798 | 1 Jenkins | 1 Deployment Dashboard | 2024-11-21 | 4.3 Medium |
| Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials. | ||||
| CVE-2022-34796 | 1 Jenkins | 1 Deployment Dashboard | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | ||||
| CVE-2022-34794 | 1 Jenkins | 1 Recipe | 2024-11-21 | 6.5 Medium |
| Missing permission checks in Jenkins Recipe Plugin 1.2 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML. | ||||
| CVE-2022-34785 | 1 Jenkins | 1 Build-metrics | 2024-11-21 | 4.3 Medium |
| Jenkins build-metrics Plugin 1.3 and earlier does not perform permission checks in multiple HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about jobs otherwise inaccessible to them. | ||||
| CVE-2022-34782 | 1 Jenkins | 1 Requests | 2024-11-21 | 4.3 Medium |
| An incorrect permission check in Jenkins requests-plugin Plugin 2.2.16 and earlier allows attackers with Overall/Read permission to view the list of pending requests. | ||||
| CVE-2022-34781 | 1 Jenkins | 1 Xebialabs Xl Release | 2024-11-21 | 6.5 Medium |
| Missing permission checks in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2022-34779 | 1 Jenkins | 1 Xebialabs Xl Release | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | ||||
| CVE-2022-34212 | 1 Jenkins | 1 Vrealize Orchestrator | 2024-11-21 | 5.7 Medium |
| A missing permission check in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request to an attacker-specified URL. | ||||
| CVE-2022-34210 | 1 Jenkins | 1 Threadfix | 2024-11-21 | 6.5 Medium |
| A missing permission check in Jenkins ThreadFix Plugin 1.5.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. | ||||