Search Results (363527 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-28144 1 Jenkins 1 Proxmox 2024-11-21 6.5 Medium
Jenkins Proxmox Plugin 0.7.0 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified host using attacker-specified username and password (perform a connection test), disable SSL/TLS validation for the entire Jenkins controller JVM as part of the connection test (see CVE-2022-28142), and test a rollback with attacker-specified parameters.
CVE-2022-28143 1 Jenkins 1 Proxmox 2024-11-21 6.5 Medium
A cross-site request forgery (CSRF) vulnerability in Jenkins Proxmox Plugin 0.7.0 and earlier allows attackers to connect to an attacker-specified host using attacker-specified username and password (perform a connection test), disable SSL/TLS validation for the entire Jenkins controller JVM as part of the connection test (see CVE-2022-28142), and test a rollback with attacker-specified parameters.
CVE-2022-28142 1 Jenkins 1 Proxmox 2024-11-21 7.5 High
Jenkins Proxmox Plugin 0.6.0 and earlier disables SSL/TLS certificate validation globally for the Jenkins controller JVM when configured to ignore SSL/TLS issues.
CVE-2022-28141 1 Jenkins 1 Proxmox 2024-11-21 6.5 Medium
Jenkins Proxmox Plugin 0.5.0 and earlier stores the Proxmox Datacenter password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
CVE-2022-28140 1 Jenkins 1 Flaky Test Handler 2024-11-21 8.1 High
Jenkins Flaky Test Handler Plugin 1.2.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVE-2022-28139 1 Jenkins 1 Rocketchat Notifier 2024-11-21 4.3 Medium
A missing permission check in Jenkins RocketChat Notifier Plugin 1.4.10 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.
CVE-2022-28138 1 Jenkins 1 Rocketchat Notifier 2024-11-21 4.3 Medium
A cross-site request forgery (CSRF) vulnerability in Jenkins RocketChat Notifier Plugin 1.4.10 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credential.
CVE-2022-28137 1 Jenkins 1 Jiratestresultreporter 2024-11-21 4.3 Medium
A missing permission check in Jenkins JiraTestResultReporter Plugin 165.v817928553942 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.
CVE-2022-28136 1 Jenkins 1 Jiratestresultreporter 2024-11-21 8.8 High
A cross-site request forgery (CSRF) vulnerability in Jenkins JiraTestResultReporter Plugin 165.v817928553942 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials.
CVE-2022-28135 1 Jenkins 1 Instant-messaging 2024-11-21 6.5 Medium
Jenkins instant-messaging Plugin 1.41 and earlier stores passwords for group chats unencrypted in the global configuration file of plugins based on Jenkins instant-messaging Plugin on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.
CVE-2022-28134 1 Jenkins 1 Bitbucket Server Integration 2024-11-21 5.4 Medium
Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to create, view, and delete BitBucket Server consumers.
CVE-2022-28133 1 Jenkins 1 Bitbucket Server Integration 2024-11-21 5.4 Medium
Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not limit URL schemes for callback URLs on OAuth consumers, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create BitBucket Server consumers.
CVE-2022-28131 4 Fedoraproject, Golang, Netapp and 1 more 16 Fedora, Go, Cloud Insights Telegraf and 13 more 2024-11-21 7.5 High
Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document.
CVE-2022-28129 3 Apache, Debian, Fedoraproject 3 Traffic Server, Debian Linux, Fedora 2024-11-21 7.5 High
Improper Input Validation vulnerability in HTTP/1.1 header parsing of Apache Traffic Server allows an attacker to send invalid headers. This issue affects Apache Traffic Server 8.0.0 to 9.1.2.
CVE-2022-28128 2 Hibara, Microsoft 2 Attachecase, Windows 2024-11-21 7.8 High
Untrusted search path vulnerability in AttacheCase ver.3.6.1.0 and earlier allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory.
CVE-2022-28120 1 Rainier 1 Open Virtual Simulation Experiment Teaching Management Platform 2024-11-21 9.8 Critical
Beijing Runnier Network Technology Co., Ltd Open virtual simulation experiment teaching management platform software 2.0 has a file upload vulnerability, which can be exploited by an attacker to gain control of the server.
CVE-2022-28118 1 Sscms 1 Siteserver Cms 2024-11-21 9.8 Critical
SiteServer CMS v7.x allows attackers to execute arbitrary code via a crafted plug-in.
CVE-2022-28117 1 Naviwebs 1 Navigate Cms 2024-11-21 4.9 Medium
A Server-Side Request Forgery (SSRF) in feed_parser class of Navigate CMS v2.9.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter.
CVE-2022-28116 1 Online Banking System Project 1 Online Banking System 2024-11-21 9.8 Critical
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter.
CVE-2022-28115 1 Online Sports Complex Booking Project 1 Online Sports Complex Booking 2024-11-21 9.8 Critical
Online Sports Complex Booking v1.0 was discovered to contain a SQL injection vulnerability via the id parameter.