Search Results (363530 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-28167 1 Broadcom 1 Sannav 2024-11-21 6.5 Medium
Brocade SANnav before Brocade SANvav v. 2.2.0.2 and Brocade SANanv v.2.1.1.8 logs the Brocade Fabric OS switch password in plain text in asyncjobscheduler-manager.log
CVE-2022-28166 1 Broadcom 1 Sannav 2024-11-21 7.5 High
In Brocade SANnav version before SANN2.2.0.2 and Brocade SANNav before 2.1.1.8, the implementation of TLS/SSL Server Supports the Use of Static Key Ciphers (ssl-static-key-ciphers) on ports 443 & 18082.
CVE-2022-28165 1 Broadcom 1 Sannav 2024-11-21 8.8 High
A vulnerability in the role-based access control (RBAC) functionality of the Brocade SANNav before 2.2.0 could allow an authenticated, remote attacker to access resources that they should not be able to access and perform actions that they should not be able to perform. The vulnerability exists because restrictions are not performed on Server side to ensure the user has required permission before processing requests.
CVE-2022-28164 1 Broadcom 1 Sannav 2024-11-21 6.5 Medium
Brocade SANnav before SANnav 2.2.0 application uses the Blowfish symmetric encryption algorithm for the storage of passwords. This could allow an authenticated attacker to decrypt stored account passwords.
CVE-2022-28163 1 Broadcom 1 Sannav 2024-11-21 9.8 Critical
In Brocade SANnav before Brocade SANnav 2.2.0, multiple endpoints associated with Zone management are susceptible to SQL injection, allowing an attacker to run arbitrary SQL commands.
CVE-2022-28162 1 Broadcom 1 Sannav 2024-11-21 3.3 Low
Brocade SANnav before version SANnav 2.2.0 logs the REST API Authentication token in plain text.
CVE-2022-28161 1 Brocade 1 Sannav 2024-11-21 5.5 Medium
An information exposure through log file vulnerability in Brocade SANNav versions before Brocade SANnav 2.2.0 could allow an authenticated, local attacker to view sensitive information such as ssh passwords in filetansfer.log in debug mode. To exploit this vulnerability, the attacker would need to have valid user credentials and turn on debug mode.
CVE-2022-28160 1 Jenkins 1 Tests Selector 2024-11-21 6.5 Medium
Jenkins Tests Selector Plugin 1.3.3 and earlier allows users with Item/Configure permission to read arbitrary files on the Jenkins controller.
CVE-2022-28159 1 Jenkins 1 Tests Selector 2024-11-21 5.4 Medium
Jenkins Tests Selector Plugin 1.3.3 and earlier does not escape the Properties File Path option for Choosing Tests parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2022-28158 1 Jenkins 1 Pipeline\ 2024-11-21 6.5 Medium
A missing permission check in Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
CVE-2022-28157 1 Jenkins 1 Pipeline\ 2024-11-21 6.5 Medium
Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Item/Configure permission to upload arbitrary files from the Jenkins controller via FTP to an attacker-specified FTP server.
CVE-2022-28156 1 Jenkins 1 Pipeline\ 2024-11-21 6.5 Medium
Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Item/Configure permission to copy arbitrary files and directories from the Jenkins controller to the agent workspace.
CVE-2022-28155 1 Jenkins 1 Pipeline\ 2024-11-21 8.1 High
Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVE-2022-28154 1 Jenkins 1 Coverage\/complexity Scatter Plot 2024-11-21 8.1 High
Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVE-2022-28153 1 Jenkins 1 Sitemonitor 2024-11-21 5.4 Medium
Jenkins SiteMonitor Plugin 0.6 and earlier does not escape URLs of sites to monitor in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2022-28152 1 Jenkins 1 Job And Node Ownership 2024-11-21 4.3 Medium
A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to restore the default ownership of a job.
CVE-2022-28151 1 Jenkins 1 Job And Node Ownership 2024-11-21 4.3 Medium
A missing permission check in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers with Item/Read permission to change the owners and item-specific permissions of a job.
CVE-2022-28150 1 Jenkins 1 Job And Node Ownership 2024-11-21 8.8 High
A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to change the owners and item-specific permissions of a job.
CVE-2022-28149 1 Jenkins 1 Job And Node Ownership 2024-11-21 5.4 Medium
Jenkins Job and Node ownership Plugin 0.13.0 and earlier does not escape the names of the secondary owners, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2022-28148 2 Jenkins, Microsoft 2 Continuous Integration With Toad Edge, Windows 2024-11-21 6.5 Medium
The file browser in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Item/Read permission to obtain the contents of arbitrary files on Windows controllers.