Total
5168 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-39119 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-11-21 | N/A | 7.8 HIGH |
| In network service, there is a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed | |||||
| CVE-2022-38685 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| In bluetooth service, there is a possible missing permission check. This could lead to local denial of service in bluetooth service with no additional execution privileges needed. | |||||
| CVE-2022-38370 | 1 Apache | 1 Iotdb | 2024-11-21 | N/A | 7.5 HIGH |
| Apache IoTDB grafana-connector version 0.13.0 contains an interface without authorization, which may expose the internal structure of database. Users should upgrade to version 0.13.1 which addresses this issue. | |||||
| CVE-2022-38367 | 1 Netic | 1 User Export For Jira | 2024-11-21 | N/A | 5.3 MEDIUM |
| The Netic User Export add-on before 2.0.6 for Atlassian Jira does not perform authorization checks. This might allow an unauthenticated user to export all users from Jira by making an HTTP request to the affected endpoint. | |||||
| CVE-2022-38183 | 1 Gitea | 1 Gitea | 2024-11-21 | N/A | 6.5 MEDIUM |
| In Gitea before 1.16.9, it was possible for users to add existing issues to projects. Due to improper access controls, an attacker could assign any issue to any project in Gitea (there was no permission check for fetching the issue). As a result, the attacker would get access to private issue titles. | |||||
| CVE-2022-38141 | 1 Zorem | 1 Sales Report Email For Woocommerce | 2024-11-21 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in Zorem Sales Report Email for WooCommerce.This issue affects Sales Report Email for WooCommerce: from n/a through 2.8. | |||||
| CVE-2022-36921 | 1 Jenkins | 1 Coverity | 2024-11-21 | N/A | 8.1 HIGH |
| A missing permission check in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2022-36919 | 1 Jenkins | 1 Coverity | 2024-11-21 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | |||||
| CVE-2022-36918 | 1 Jenkins | 1 Buckminster | 2024-11-21 | N/A | 4.3 MEDIUM |
| Jenkins Buckminster Plugin 1.1.1 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. | |||||
| CVE-2022-36917 | 1 Jenkins | 1 Google Cloud Backup | 2024-11-21 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins Google Cloud Backup Plugin 0.6 and earlier allows attackers with Overall/Read permission to request a manual backup. | |||||
| CVE-2022-36915 | 1 Jenkins | 1 Android Signing | 2024-11-21 | N/A | 4.3 MEDIUM |
| Jenkins Android Signing Plugin 2.2.5 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace contents. | |||||
| CVE-2022-36914 | 1 Jenkins | 1 Files Found Trigger | 2024-11-21 | N/A | 4.3 MEDIUM |
| Jenkins Files Found Trigger Plugin 1.5 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. | |||||
| CVE-2022-36913 | 1 Jenkins | 1 Openstack Heat | 2024-11-21 | N/A | 4.3 MEDIUM |
| Jenkins Openstack Heat Plugin 1.5 and earlier does not perform permission checks in methods implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. | |||||
| CVE-2022-36910 | 1 Jenkins | 1 Lucene-search | 2024-11-21 | N/A | 5.4 MEDIUM |
| Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to reindex the database and to obtain information about jobs otherwise inaccessible to them. | |||||
| CVE-2022-36909 | 1 Jenkins | 1 Openshift Deployer | 2024-11-21 | N/A | 6.5 MEDIUM |
| A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenkins controller file system to an attacker-specified URL. | |||||
| CVE-2022-36907 | 1 Jenkins | 1 Openshift Deployer | 2024-11-21 | N/A | 6.5 MEDIUM |
| A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password. | |||||
| CVE-2022-36904 | 1 Jenkins | 1 Repository Connector | 2024-11-21 | N/A | 4.3 MEDIUM |
| Jenkins Repository Connector Plugin 2.2.0 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. | |||||
| CVE-2022-36903 | 1 Jenkins | 1 Repository Connector | 2024-11-21 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins Repository Connector Plugin 2.2.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | |||||
| CVE-2022-36898 | 1 Jenkins | 1 Compuware Ispw Operations | 2024-11-21 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins. | |||||
| CVE-2022-36897 | 1 Jenkins | 1 Compuware Xpediter Code Coverage | 2024-11-21 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins. | |||||