Total
2382 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-41574 | 1 Gradle | 1 Enterprise | 2024-11-21 | 7.5 High |
| An access-control vulnerability in Gradle Enterprise 2022.4 through 2022.3.1 allows remote attackers to prevent backups from occurring, and send emails with arbitrary text content to the configured installation-administrator contact address, via HTTP access to an accidentally exposed internal endpoint. This is fixed in 2022.3.2. | ||||
| CVE-2022-40682 | 1 Fortinet | 1 Forticlient | 2024-11-21 | 7.1 High |
| A incorrect authorization in Fortinet FortiClient (Windows) 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10 allows an attacker to execute unauthorized code or commands via sending a crafted request to a specific named pipe. | ||||
| CVE-2022-40681 | 1 Fortinet | 1 Forticlient | 2024-11-21 | 7.1 High |
| A incorrect authorization in Fortinet FortiClient (Windows) 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10 allows an attacker to cause denial of service via sending a crafted request to a specific named pipe. | ||||
| CVE-2022-40529 | 1 Qualcomm | 392 Aqt1000, Aqt1000 Firmware, Ar8031 and 389 more | 2024-11-21 | 7.1 High |
| Memory corruption due to improper access control in kernel while processing a mapping request from root process. | ||||
| CVE-2022-3585 | 1 Oretnom23 | 1 Simple Cold Storage Management System | 2024-11-21 | 4.3 Medium |
| A vulnerability classified as problematic has been found in SourceCodester Simple Cold Storage Management System 1.0. Affected is an unknown function of the file /csms/?page=contact_us of the component Contact Us. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-211194 is the identifier assigned to this vulnerability. | ||||
| CVE-2022-3582 | 1 Oretnom23 | 1 Simple Cold Storage Management System | 2024-11-21 | 4.3 Medium |
| A vulnerability has been found in SourceCodester Simple Cold Storage Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument change password leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-211189 was assigned to this vulnerability. | ||||
| CVE-2022-3248 | 1 Redhat | 6 Acm, Advanced Cluster Management For Kubernetes, Ansible Automation Platform and 3 more | 2024-11-21 | 4.4 Medium |
| A flaw was found in OpenShift API, as admission checks do not enforce "custom-host" permissions. This issue could allow an attacker to violate the boundaries, as permissions will not be applied. | ||||
| CVE-2022-39337 | 1 Apache | 1 Hertzbeat | 2024-11-21 | 7.5 High |
| Hertzbeat is an open source, real-time monitoring system with custom-monitoring, high performance cluster, prometheus-like and agentless. Hertzbeat versions 1.20 and prior have a permission bypass vulnerability. System authentication can be bypassed and invoke interfaces without authorization. Version 1.2.1 contains a patch for this issue. | ||||
| CVE-2022-37767 | 1 Pebbletemplates | 1 Pebble Templates | 2024-11-21 | 9.8 Critical |
| Pebble Templates 3.1.5 allows attackers to bypass a protection mechanism and implement arbitrary code execution with springbok. NOTE: the vendor disputes this because input to the Pebble templating engine is intended to include arbitrary Java code, and thus either the input should not arrive from an untrusted source, or else the application using the engine should apply restrictions to the input. The engine is not responsible for validating the input. | ||||
| CVE-2022-36634 | 1 Zkteco | 1 Zkbiosecurity V5000 | 2024-11-21 | 8.8 High |
| An access control issue in ZKTeco ZKBioSecurity V5000 3.0.5_r allows attackers to arbitrarily create admin users via a crafted HTTP request. | ||||
| CVE-2022-36129 | 1 Hashicorp | 1 Vault | 2024-11-21 | 9.1 Critical |
| HashiCorp Vault Enterprise 1.7.0 through 1.9.7, 1.10.4, and 1.11.0 clusters using Integrated Storage expose an unauthenticated API endpoint that could be abused to override the voter status of a node within a Vault HA cluster, introducing potential for future data loss or catastrophic failure. Fixed in Vault Enterprise 1.9.8, 1.10.5, and 1.11.1. | ||||
| CVE-2022-36126 | 1 Inductiveautomation | 1 Ignition | 2024-11-21 | 7.2 High |
| An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. The ScriptInvoke function allows remote attackers to execute arbitrary code by supplying a Python script. | ||||
| CVE-2022-35890 | 1 Inductiveautomation | 1 Ignition | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. Designer and Vision Client Session IDs are mishandled. An attacker can determine which session IDs were generated in the past and then hijack sessions assigned to these IDs via Randy. | ||||
| CVE-2022-35716 | 1 Ibm | 1 Urbancode Deploy | 2024-11-21 | 6.5 Medium |
| IBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.16, 7.0.0.0 through 7.0.5.11, 7.1.0.0 through 7.1.2.7, and 7.2.0.0 through 7.2.3.0 could allow an authenticated user to obtain sensitive information in some instances due to improper security checking. IBM X-Force ID: 231360. | ||||
| CVE-2022-35487 | 1 Zammad | 1 Zammad | 2024-11-21 | 7.5 High |
| Zammad 5.2.0 suffers from Incorrect Access Control. Zammad did not correctly perform authorization on certain attachment endpoints. This could be abused by an unauthenticated attacker to gain access to attachments, such as emails or attached files. | ||||
| CVE-2022-34814 | 1 Jenkins | 1 Request Rename Or Delete | 2024-11-21 | 4.3 Medium |
| Jenkins Request Rename Or Delete Plugin 1.1.0 and earlier does not correctly perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to view an administrative configuration page listing pending requests. | ||||
| CVE-2022-34785 | 1 Jenkins | 1 Build-metrics | 2024-11-21 | 4.3 Medium |
| Jenkins build-metrics Plugin 1.3 and earlier does not perform permission checks in multiple HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about jobs otherwise inaccessible to them. | ||||
| CVE-2022-34782 | 1 Jenkins | 1 Requests | 2024-11-21 | 4.3 Medium |
| An incorrect permission check in Jenkins requests-plugin Plugin 2.2.16 and earlier allows attackers with Overall/Read permission to view the list of pending requests. | ||||
| CVE-2022-34180 | 1 Jenkins | 1 Embeddable Build Status | 2024-11-21 | 7.5 High |
| Jenkins Embeddable Build Status Plugin 2.0.3 and earlier does not correctly perform the ViewStatus permission check in the HTTP endpoint it provides for "unprotected" status badge access, allowing attackers without any permissions to obtain the build status badge icon for any attacker-specified job and/or build. | ||||
| CVE-2022-34175 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 7.5 High |
| Jenkins 2.335 through 2.355 (both inclusive) allows attackers in some cases to bypass a protection mechanism, thereby directly accessing some view fragments containing sensitive information, bypassing any permission checks in the corresponding view. | ||||