Total
3184 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-34208 | 1 Jenkins | 1 Beaker Builder | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins Beaker builder Plugin 1.10 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. | |||||
| CVE-2022-34206 | 1 Jenkins | 1 Jianliao Notification | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers with Overall/Read permission to send HTTP POST requests to an attacker-specified URL. | |||||
| CVE-2022-34204 | 1 Jenkins | 1 Easyqa | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins EasyQA Plugin 1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server. | |||||
| CVE-2022-34201 | 1 Jenkins | 1 Convertigo Mobile Platform | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A missing permission check in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. | |||||
| CVE-2022-33913 | 1 Mahara | 1 Mahara | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
| In Mahara 21.04 before 21.04.6, 21.10 before 21.10.4, and 22.04.2, files can sometimes be downloaded through thumb.php with no permission check. | |||||
| CVE-2022-32966 | 1 Realtek | 2 Rtl8111fp-cg, Rtl8111fp-cg Firmware | 2024-11-21 | N/A | 6.5 MEDIUM |
| RTL8168FP-CG Dash remote management function has missing authorization. An unauthenticated attacker within the adjacent network can connect to DASH service port to disrupt service. | |||||
| CVE-2022-32769 | 1 Wwbn | 1 Avideo | 2024-11-21 | N/A | 5.0 MEDIUM |
| Multiple authentication bypass vulnerabilities exist in the objects id handling functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request by an authenticated user can lead to unauthorized access and takeover of resources. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the Playlists plugin, allowing an attacker to bypass authentication by guessing a sequential ID, allowing them to take over the another user's playlists. | |||||
| CVE-2022-32768 | 1 Wwbn | 1 Avideo | 2024-11-21 | N/A | 4.2 MEDIUM |
| Multiple authentication bypass vulnerabilities exist in the objects id handling functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request by an authenticated user can lead to unauthorized access and takeover of resources. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the Live Schedules plugin, allowing an attacker to bypass authentication by guessing a sequential ID, allowing them to take over the another user's streams. | |||||
| CVE-2022-32560 | 1 Couchbase | 1 Couchbase Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Couchbase Server before 7.0.4. XDCR lacks role checking when changing internal settings. | |||||
| CVE-2022-32220 | 1 Rocket.chat | 1 Rocket.chat | 2024-11-21 | N/A | 6.5 MEDIUM |
| An information disclosure vulnerability exists in Rocket.Chat <v5 due to the getUserMentionsByChannel meteor server method discloses messages from private channels and direct messages regardless of the users access permission to the room. | |||||
| CVE-2022-31765 | 1 Siemens | 372 6ag1206-2bb00-7ac2, 6ag1206-2bb00-7ac2 Firmware, 6ag1206-2bs00-7ac2 and 369 more | 2024-11-21 | N/A | 8.8 HIGH |
| Affected devices do not properly authorize the change password function of the web interface. This could allow low privileged users to escalate their privileges. | |||||
| CVE-2022-31752 | 1 Huawei | 2 Emui, Magic Ui | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Missing authorization vulnerability in the system components. Successful exploitation of this vulnerability will affect confidentiality. | |||||
| CVE-2022-31597 | 1 Sap | 2 S\/4hana, Sapscore | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
| Within SAP S/4HANA - versions S4CORE 101, 102, 103, 104, 105, 106, SAPSCORE 127, the application business partner extension for Spain/Slovakia does not perform necessary authorization checks for a low privileged authenticated user over the network, resulting in escalation of privileges leading to low impact on confidentiality and integrity of the data. | |||||
| CVE-2022-31595 | 1 Sap | 1 Adaptive Server Enterprise | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SAP Financial Consolidation - version 1010,?does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | |||||
| CVE-2022-31592 | 1 Sap | 1 Enterprise Extension Defense Forces \& Public Security | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| The application SAP Enterprise Extension Defense Forces & Public Security - versions 605, 606, 616,617,618, 802, 803, 804, 805, 806, does not perform necessary authorization checks for an authenticated user over the network, resulting in escalation of privileges leading to a limited impact on confidentiality. | |||||
| CVE-2022-31167 | 1 Xwiki | 1 Xwiki | 2024-11-21 | N/A | 7.1 HIGH |
| XWiki Platform Security Parent POM contains the security APIs for XWiki Platform, a generic wiki platform. Starting with version 5.0 and prior to 12.10.11, 13.10.1, and 13.4.6, a bug in the security cache stores rules associated to document Page1.Page2 and space Page1.Page2 in the same cache entry. That means that it's possible to overwrite the rights of a space or a document by creating the page of the space with the same name and checking the right of the new one first so that they end up in the security cache and are used for the other too. The problem has been patched in XWiki 12.10.11, 13.10.1, and 13.4.6. There are no known workarounds. | |||||
| CVE-2022-31128 | 1 Enalean | 1 Tuleap | 2024-11-21 | N/A | 5.4 MEDIUM |
| Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not properly verify permissions when creating branches with the REST API in Git repositories using the fine grained permissions. Users can create branches via the REST endpoint `POST git/:id/branches` regardless of the permissions set on the repository. This issue has been fixed in version 13.10.99.82 Tuleap Community Edition as well as in version 13.10-3 of Tuleap Enterprise Edition. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2022-31095 | 1 Discourse | 1 Discourse-chat | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| discourse-chat is a chat plugin for the Discourse application. Versions prior to 0.4 are vulnerable to an exposure of sensitive information, where an attacker who knows the message ID for a channel they do not have access to can view that message using the chat message lookup endpoint, primarily affecting direct message channels. There are no known workarounds for this issue, and users are advised to update the plugin. | |||||
| CVE-2022-30959 | 1 Jenkins | 1 Ssh | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2022-30957 | 1 Jenkins | 1 Ssh | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | |||||