Total
5147 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-25195 | 1 Jenkins | 1 Autonomiq | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins autonomiq Plugin 1.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | ||||
| CVE-2022-25193 | 1 Jenkins | 1 Snow Commander | 2024-11-21 | 6.5 Medium |
| Missing permission checks in Jenkins Snow Commander Plugin 1.10 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2022-25190 | 1 Jenkins | 1 Conjur Secrets | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins Conjur Secrets Plugin 1.0.11 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | ||||
| CVE-2022-24594 | 1 Waline | 1 Waline | 2024-11-21 | 5.3 Medium |
| In waline 1.6.1, an attacker can submit messages using X-Forwarded-For to forge any IP address. | ||||
| CVE-2022-24450 | 2 Nats, Redhat | 3 Nats Server, Nats Streaming Server, Acm | 2024-11-21 | 8.8 High |
| NATS nats-server before 2.7.2 has Incorrect Access Control. Any authenticated user can obtain the privileges of the System account by misusing the "dynamically provisioned sandbox accounts" feature. | ||||
| CVE-2022-24317 | 1 Schneider-electric | 1 Interactive Graphical Scada System Data Server | 2024-11-21 | 7.5 High |
| A CWE-862: Missing Authorization vulnerability exists that could cause information exposure when an attacker sends a specific message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) | ||||
| CVE-2022-23945 | 1 Apache | 1 Shenyu | 2024-11-21 | 7.5 High |
| Missing authentication on ShenYu Admin when register by HTTP. This issue affected Apache ShenYu 2.4.0 and 2.4.1. | ||||
| CVE-2022-23944 | 1 Apache | 1 Shenyu | 2024-11-21 | 9.1 Critical |
| User can access /plugin api without authentication. This issue affected Apache ShenYu 2.4.0 and 2.4.1. | ||||
| CVE-2022-23709 | 1 Elastic | 1 Kibana | 2024-11-21 | 4.3 Medium |
| A flaw was discovered in Kibana in which users with Read access to the Uptime feature could modify alerting rules. A user with this privilege would be able to create new alerting rules or overwrite existing ones. However, any new or modified rules would not be enabled, and a user with this privilege could not modify alerting connectors. This effectively means that Read users could disable existing alerting rules. | ||||
| CVE-2022-23183 | 1 Advancedcustomfields | 1 Advanced Custom Fields | 2024-11-21 | 6.5 Medium |
| Missing authorization vulnerability in Advanced Custom Fields versions prior to 5.12.1 and Advanced Custom Fields Pro versions prior to 5.12.1 allows a remote authenticated attacker to view the information on the database without the access permission. | ||||
| CVE-2022-23112 | 1 Jenkins | 1 Publish Over Ssh | 2024-11-21 | 6.5 Medium |
| A missing permission check in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers with Overall/Read access to connect to an attacker-specified SSH server using attacker-specified credentials. | ||||
| CVE-2022-23055 | 1 Frappe | 1 Erpnext | 2024-11-21 | N/A |
| In ERPNext, versions v11.0.0-beta through v13.0.2 are vulnerable to Missing Authorization, in the chat rooms functionality. A low privileged attacker can send a direct message or a group message to any member or group, impersonating themselves as the administrator. The attacker can also read chat messages of groups that they do not belong to, and of other users. | ||||
| CVE-2022-22854 | 1 Hospital\'s Patient Records Management System Project | 1 Hospital\'s Patient Records Management System | 2024-11-21 | 8.8 High |
| An access control issue in hprms/admin/?page=user/list of Hospital Patient Record Management System v1.0 allows attackers to escalate privileges via accessing and editing the user list. | ||||
| CVE-2022-22535 | 1 Sap | 1 Erp Human Capital Management | 2024-11-21 | 6.5 Medium |
| SAP ERP HCM Portugal - versions 600, 604, 608, does not perform necessary authorization checks for a report that reads the payroll data of employees in a certain area. Since the affected report only reads the payroll information, the attacker can neither modify any information nor cause availability impacts. | ||||
| CVE-2022-22111 | 1 Daybydaycrm | 1 Daybyday Crm | 2024-11-21 | 8.8 High |
| In DayByDay CRM, version 2.2.0 is vulnerable to missing authorization. Any application user in the application who has update user permission enabled is able to change the password of other users, including the administrator’s. This allows the attacker to gain access to the highest privileged user in the application. | ||||
| CVE-2022-22108 | 1 Daybydaycrm | 1 Daybyday Crm | 2024-11-21 | 4.3 Medium |
| In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account (employee type user), can view the absences of all users in the system including administrators. This type of user is not authorized to view this kind of information. | ||||
| CVE-2022-22107 | 1 Daybydaycrm | 1 Daybyday Crm | 2024-11-21 | 4.3 Medium |
| In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account (employee type user), can view the appointments of all users in the system including administrators. However, this type of user is not authorized to view the calendar at all. | ||||
| CVE-2022-21777 | 2 Google, Mediatek | 42 Android, Mt6580, Mt6735 and 39 more | 2024-11-21 | 7.8 High |
| In Autoboot, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06713894; Issue ID: ALPS06713894. | ||||
| CVE-2022-21764 | 2 Google, Mediatek | 45 Android, Mt6739, Mt6761 and 42 more | 2024-11-21 | 5.5 Medium |
| In telecom service, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07044717; Issue ID: ALPS07044717. | ||||
| CVE-2022-21763 | 2 Google, Mediatek | 45 Android, Mt6739, Mt6761 and 42 more | 2024-11-21 | 5.5 Medium |
| In telecom service, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07044717; Issue ID: ALPS07044708. | ||||