Export limit exceeded: 10010 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10010 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-28151 | 1 Jenkins | 1 Job And Node Ownership | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers with Item/Read permission to change the owners and item-specific permissions of a job. | ||||
| CVE-2022-28147 | 1 Jenkins | 1 Continuous Integration With Toad Edge | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. | ||||
| CVE-2022-28144 | 1 Jenkins | 1 Proxmox | 2024-11-21 | 6.5 Medium |
| Jenkins Proxmox Plugin 0.7.0 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified host using attacker-specified username and password (perform a connection test), disable SSL/TLS validation for the entire Jenkins controller JVM as part of the connection test (see CVE-2022-28142), and test a rollback with attacker-specified parameters. | ||||
| CVE-2022-28139 | 1 Jenkins | 1 Rocketchat Notifier | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins RocketChat Notifier Plugin 1.4.10 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | ||||
| CVE-2022-28137 | 1 Jenkins | 1 Jiratestresultreporter | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins JiraTestResultReporter Plugin 165.v817928553942 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | ||||
| CVE-2022-28134 | 1 Jenkins | 1 Bitbucket Server Integration | 2024-11-21 | 5.4 Medium |
| Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to create, view, and delete BitBucket Server consumers. | ||||
| CVE-2022-27948 | 1 Tesla | 6 Model 3, Model 3 Firmware, Model S and 3 more | 2024-11-21 | 7.2 High |
| Certain Tesla vehicles through 2022-03-26 allow attackers to open the charging port via a 315 MHz RF signal containing a fixed sequence of approximately one hundred symbols. NOTE: the vendor's perspective is that the behavior is as intended | ||||
| CVE-2022-27836 | 1 Google | 1 Android | 2024-11-21 | 8.4 High |
| Improper access control and path traversal vulnerability in Storage Manager and Storage Manager Service prior to SMR Apr-2022 Release 1 allow local attackers to access arbitrary system files without a proper permission. The patch adds proper validation logic to prevent arbitrary files access. | ||||
| CVE-2022-27669 | 1 Sap | 1 Netweaver Application Server For Java | 2024-11-21 | 7.5 High |
| An unauthenticated user can use functions of XML Data Archiving Service of SAP NetWeaver Application Server for Java - version 7.50, to which access should be restricted. This may result in an escalation of privileges. | ||||
| CVE-2022-27668 | 1 Sap | 4 Netweaver As Abap, Netweaver As Abap Krnl64nuc, Netweaver As Abap Krnl64uc and 1 more | 2024-11-21 | 9.8 Critical |
| Depending on the configuration of the route permission table in file 'saprouttab', it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability. | ||||
| CVE-2022-27658 | 1 Sap | 1 Innovation Management | 2024-11-21 | 7.5 High |
| Under certain conditions, SAP Innovation management - version 2.0, allows an attacker to access information which could lead to information gathering for further exploits and attacks. | ||||
| CVE-2022-27609 | 1 Forcepoint | 1 One Endpoint | 2024-11-21 | 6 Medium |
| Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows does not provide sufficient anti-tampering protection of services by users with Administrator privileges. This could result in a user disabling Forcepoint One Endpoint and the protection offered by it. | ||||
| CVE-2022-27608 | 1 Forcepoint | 1 One Endpoint | 2024-11-21 | 6 Medium |
| Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows is vulnerable to registry key tampering by users with Administrator privileges. This could result in a user disabling anti-tampering mechanisms which would then allow the user to disable Forcepoint One Endpoint and the protection offered by it. | ||||
| CVE-2022-27575 | 1 Google | 1 Android | 2024-11-21 | 3.3 Low |
| Information exposure vulnerability in One UI Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission. | ||||
| CVE-2022-27551 | 1 Hcltechsw | 1 Hcl Launch | 2024-11-21 | 5.3 Medium |
| HCL Launch could allow an authenticated user to obtain sensitive information in some instances due to improper security checking. | ||||
| CVE-2022-27480 | 1 Siemens | 4 Sicam A8000 Cp-8031, Sicam A8000 Cp-8031 Firmware, Sicam A8000 Cp-8050 and 1 more | 2024-11-21 | 7.5 High |
| A vulnerability has been identified in SICAM A8000 CP-8031 (All versions < V4.80), SICAM A8000 CP-8050 (All versions < V4.80). Affected devices do not require an user to be authenticated to access certain files. This could allow unauthenticated attackers to download these files. | ||||
| CVE-2022-27215 | 1 Jenkins | 1 Release Helper | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins Release Helper Plugin 1.3.3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | ||||
| CVE-2022-27211 | 1 Jenkins | 1 Kubernetes Continuous Deploy | 2024-11-21 | 6.5 Medium |
| A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2022-27209 | 1 Jenkins | 1 Kubernetes Continuous Deploy | 2024-11-21 | 6.5 Medium |
| A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | ||||
| CVE-2022-27205 | 1 Jenkins | 1 Extended Choice Parameter | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. | ||||