Search Results (363504 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-30949 1 Jenkins 1 Repo 2024-11-21 5.3 Medium
Jenkins REPO Plugin 1.14.0 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents.
CVE-2022-30948 2 Jenkins, Redhat 2 Mercurial, Openshift 2024-11-21 7.5 High
Jenkins Mercurial Plugin 2.16 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents.
CVE-2022-30947 1 Jenkins 1 Git 2024-11-21 7.5 High
Jenkins Git Plugin 4.11.1 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents.
CVE-2022-30946 2 Jenkins, Redhat 2 Script Security, Openshift 2024-11-21 4.3 Medium
A cross-site request forgery (CSRF) vulnerability in Jenkins Script Security Plugin 1158.v7c1b_73a_69a_08 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-specified webserver.
CVE-2022-30945 2 Jenkins, Redhat 2 Pipeline\, Openshift 2024-11-21 8.5 High
Jenkins Pipeline: Groovy Plugin 2689.v434009a_31b_f1 and earlier allows loading any Groovy source files on the classpath of Jenkins and Jenkins plugins in sandboxed pipelines.
CVE-2022-30943 1 Cybozu 1 Garoon 2024-11-21 4.3 Medium
Browsing restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data of Bulletin.
CVE-2022-30938 1 Siemens 6 En100 Ethernet Module, En100 Ethernet Module Dnp3 Ip Firmware, En100 Ethernet Module Iec 104 Firmware and 3 more 2024-11-21 7.5 High
A vulnerability has been identified in EN100 Ethernet module DNP3 IP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.40), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). Affected applications contains a memory corruption vulnerability while parsing specially crafted HTTP packets to /txtrace endpoint manupulating a specific argument. This could allow an attacker to crash the affected application leading to a denial of service condition
CVE-2022-30937 1 Siemens 6 En100 Ethernet Module, En100 Ethernet Module Dnp3 Firmware, En100 Ethernet Module Iec 104 Firmware and 3 more 2024-11-21 7.5 High
A vulnerability has been identified in EN100 Ethernet module DNP3 IP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). Affected applications contains a memory corruption vulnerability while parsing specially crafted HTTP packets to /txtrace endpoint. This could allow an attacker to crash the affected application leading to a denial of service condition.
CVE-2022-30931 1 Employee Leaves Management System Project 1 Employee Leaves Management System 2024-11-21 6.5 Medium
Employee Leaves Management System (ELMS) V 2.1 is vulnerable to Cross Site Request Forgery (CSRF) via /myprofile.php.
CVE-2022-30930 1 Phpgurukul 1 Tourism Management System 2024-11-21 4.3 Medium
Tourism Management System Version: V 3.2 is affected by: Cross Site Request Forgery (CSRF).
CVE-2022-30929 1 Mini Tmall Project 1 Mini Tmall 2024-11-21 8.8 High
Mini-Tmall v1.0 is vulnerable to Insecure Permissions via tomcat-embed-jasper.
CVE-2022-30927 1 Simple Task Scheduling System Project 1 Simple Task Scheduling System 2024-11-21 9.8 Critical
A SQL injection vulnerability exists in Simple Task Scheduling System 1.0 when MySQL is being used as the application database. An attacker can issue SQL commands to the MySQL database through the vulnerable "id" parameter.
CVE-2022-30926 1 H3c 2 Magic R100, Magic R100 Firmware 2024-11-21 9.8 Critical
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the EditMacList parameter at /goform/aspForm.
CVE-2022-30925 1 H3c 2 Magic R100, Magic R100 Firmware 2024-11-21 9.8 Critical
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the AddMacList parameter at /goform/aspForm.
CVE-2022-30924 1 H3c 2 Magic R100, Magic R100 Firmware 2024-11-21 9.8 Critical
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the SetAPWifiorLedInfoById parameter at /goform/aspForm.
CVE-2022-30923 1 H3c 2 Magic R100, Magic R100 Firmware 2024-11-21 9.8 Critical
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Asp_SetTimingtimeWifiAndLed parameter at /goform/aspForm.
CVE-2022-30922 1 H3c 2 Magic R100, Magic R100 Firmware 2024-11-21 9.8 Critical
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the EditWlanMacList parameter at /goform/aspForm.
CVE-2022-30921 1 H3c 2 Magic R100, Magic R100 Firmware 2024-11-21 9.8 Critical
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the SetMobileAPInfoById parameter at /goform/aspForm.
CVE-2022-30920 1 H3c 2 Magic R100, Magic R100 Firmware 2024-11-21 9.8 Critical
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Edit_BasicSSID parameter at /goform/aspForm.
CVE-2022-30919 1 H3c 2 Magic R100, Magic R100 Firmware 2024-11-21 9.8 Critical
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Edit_BasicSSID_5G parameter at /goform/aspForm.