Total
3302 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-41254 | 1 Jenkins | 1 Cons3rt | 2024-08-03 | 6.5 Medium |
| Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2022-41251 | 1 Jenkins | 1 Apprenda | 2024-08-03 | 4.3 Medium |
| A missing permission check in Jenkins Apprenda Plugin 2.2.0 and earlier allows users with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | ||||
| CVE-2022-41234 | 1 Jenkins | 1 Rundeck | 2024-08-03 | 8.8 High |
| Jenkins Rundeck Plugin 3.6.11 and earlier does not protect access to the /plugin/rundeck/webhook/ endpoint, allowing users with Overall/Read permission to trigger jobs that are configured to be triggerable via Rundeck. | ||||
| CVE-2022-41242 | 1 Jenkins | 1 Extreme-feedback | 2024-08-03 | 5.4 Medium |
| A missing permission check in Jenkins extreme-feedback Plugin 1.7 and earlier allows attackers with Overall/Read permission to discover information about job names attached to lamps, discover MAC and IP addresses of existing lamps, and rename lamps. | ||||
| CVE-2022-41228 | 1 Jenkins | 1 Ns-nd Integration Performance Publisher | 2024-08-03 | 8.8 High |
| A missing permission check in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers with Overall/Read permissions to connect to an attacker-specified webserver using attacker-specified credentials. | ||||
| CVE-2022-41233 | 1 Jenkins | 1 Rundeck | 2024-08-03 | 4.3 Medium |
| Jenkins Rundeck Plugin 3.6.11 and earlier does not perform Run/Artifacts permission checks in multiple HTTP endpoints, allowing attackers with Item/Read permission to obtain information about build artifacts of a given job, if the optional Run/Artifacts permission is enabled. | ||||
| CVE-2022-41230 | 1 Jenkins | 1 Build-publisher | 2024-08-03 | 4.3 Medium |
| Jenkins Build-Publisher Plugin 1.22 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain names and URLs of Jenkins servers that the plugin is configured to publish builds to, as well as builds pending for publication to those Jenkins servers. | ||||
| CVE-2022-41238 | 1 Jenkins | 1 Dotci | 2024-08-03 | 9.8 Critical |
| A missing permission check in Jenkins DotCi Plugin 2.40.00 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository for attacker-specified commits. | ||||
| CVE-2022-41252 | 1 Jenkins | 1 Cons3rt | 2024-08-03 | 4.3 Medium |
| Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allows users with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins. | ||||
| CVE-2022-40975 | 2024-08-03 | 5.4 Medium | ||
| Missing Authorization vulnerability in Aazztech Post Slider.This issue affects Post Slider: from n/a through 1.6.7. | ||||
| CVE-2022-40702 | 1 Zorem | 1 Advanced Local Pickup For Woocommerce | 2024-08-03 | 5.4 Medium |
| Missing Authorization vulnerability in Zorem Advanced Local Pickup for WooCommerce.This issue affects Advanced Local Pickup for WooCommerce: from n/a through 1.5.2. | ||||
| CVE-2022-40673 | 2 Fedoraproject, Kdiskmark Project | 2 Fedora, Kdiskmark | 2024-08-03 | 7.8 High |
| KDiskMark before 3.1.0 lacks authorization checking for D-Bus methods such as Helper::flushPageCache. | ||||
| CVE-2022-40316 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-08-03 | 4.3 Medium |
| The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to. | ||||
| CVE-2022-40203 | 1 Algolplus | 1 Advanced Dynamic Pricing For Woocommerce | 2024-08-03 | 6.3 Medium |
| Missing Authorization vulnerability in AlgolPlus Advanced Dynamic Pricing for WooCommerce.This issue affects Advanced Dynamic Pricing for WooCommerce: from n/a through 4.1.5. | ||||
| CVE-2022-40218 | 2024-08-03 | 6.5 Medium | ||
| Missing Authorization vulnerability in ThemeHunk Advance WordPress Search Plugin.This issue affects Advance WordPress Search Plugin: from n/a through 1.1.4. | ||||
| CVE-2022-39960 | 1 Netic | 1 Group Export | 2024-08-03 | 5.3 Medium |
| The Netic Group Export add-on before 1.0.3 for Atlassian Jira does not perform authorization checks. This might allow an unauthenticated user to export all groups from the Jira instance by making a groupexport_download=true request to a plugins/servlet/groupexportforjira/admin/ URI. | ||||
| CVE-2022-39975 | 1 Liferay | 2 Dxp, Liferay Portal | 2024-08-03 | 4.3 Medium |
| The Layout module in Liferay Portal v7.3.3 through v7.4.3.34, and Liferay DXP 7.3 before update 10, and 7.4 before update 35 does not check user permission before showing the preview of a "Content Page" type page, allowing attackers to view unpublished "Content Page" pages via URL manipulation. | ||||
| CVE-2022-39861 | 1 Samsung | 1 Factorycamera | 2024-08-03 | 5.9 Medium |
| Unprotected Receiver in AtBroadcastReceiver in FactoryCamera prior to version 3.5.51 allows attackers to record video without camera privilege. | ||||
| CVE-2022-39811 | 1 Italtel | 1 Netmatch-s Ci | 2024-08-03 | 9.1 Critical |
| Italtel NetMatch-S CI 5.2.0-20211008 has incorrect Access Control under NMSCI-WebGui/advancedsettings.jsp and NMSCIWebGui/SaveFileUploader. By not verifying permissions for access to resources, it allows an attacker to view pages that are not allowed, and modify the system configuration, bypassing all controls (without checking for user identity). | ||||
| CVE-2022-39329 | 1 Nextcloud | 2 Nextcloud Enterprise Server, Nextcloud Server | 2024-08-03 | 3.5 Low |
| Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server and Nextcloud Enterprise Server prior to versions 23.0.9 and 24.0.5 are vulnerable to exposure of information that cannot be controlled by administrators without direct database access. Versions 23.0.9 and 24.0.5 contains patches for this issue. No known workarounds are available. | ||||