Total
3292 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-35293 | 1 Sap | 1 Enable Now Manager | 2024-08-03 | 9.1 Critical |
| Due to insecure session management, SAP Enable Now allows an unauthenticated attacker to gain access to user's account. On successful exploitation, an attacker can view or modify user data causing limited impact on confidentiality and integrity of the application. | ||||
| CVE-2022-35249 | 1 Rocket.chat | 1 Rocket.chat | 2024-08-03 | 4.3 Medium |
| A information disclosure vulnerability exists in Rocket.Chat <v5 where the getUserMentionsByChannel meteor server method discloses messages from private channels and direct messages regardless of the users access permission to the room. | ||||
| CVE-2022-35247 | 1 Rocket.chat | 1 Rocket.chat | 2024-08-03 | 4.3 Medium |
| A information disclosure vulnerability exists in Rocket.chat <v5, <v4.8.2 and <v4.7.5 where the lack of ACL checks in the getRoomRoles Meteor method leak channel members with special roles to unauthorized clients. | ||||
| CVE-2022-34781 | 1 Jenkins | 1 Xebialabs Xl Release | 2024-08-03 | 6.5 Medium |
| Missing permission checks in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2022-34810 | 1 Jenkins | 1 Rqm | 2024-08-03 | 6.5 Medium |
| A missing check in Jenkins RQM Plugin 2.8 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | ||||
| CVE-2022-34811 | 1 Jenkins | 1 Xpath Configuration Viewer | 2024-08-03 | 4.3 Medium |
| A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to access the XPath Configuration Viewer page. | ||||
| CVE-2022-34794 | 1 Jenkins | 1 Recipe | 2024-08-03 | 6.5 Medium |
| Missing permission checks in Jenkins Recipe Plugin 1.2 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML. | ||||
| CVE-2022-34796 | 1 Jenkins | 1 Deployment Dashboard | 2024-08-03 | 4.3 Medium |
| A missing permission check in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | ||||
| CVE-2022-34813 | 1 Jenkins | 1 Xpath Configuration Viewer | 2024-08-03 | 4.3 Medium |
| A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to create and delete XPath expressions. | ||||
| CVE-2022-34779 | 1 Jenkins | 1 Xebialabs Xl Release | 2024-08-03 | 4.3 Medium |
| A missing permission check in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | ||||
| CVE-2022-34818 | 1 Jenkins | 1 Failed Job Deactivator | 2024-08-03 | 4.3 Medium |
| Jenkins Failed Job Deactivator Plugin 1.2.1 and earlier does not perform permission checks in several views and HTTP endpoints, allowing attackers with Overall/Read permission to disable jobs. | ||||
| CVE-2022-34798 | 1 Jenkins | 1 Deployment Dashboard | 2024-08-03 | 4.3 Medium |
| Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials. | ||||
| CVE-2022-34344 | 1 Rymera | 1 Wholesale Suite | 2024-08-03 | 5.4 Medium |
| Missing Authorization vulnerability in Rymera Web Co Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More.This issue affects Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More: from n/a through 2.1.5. | ||||
| CVE-2022-34210 | 1 Jenkins | 1 Threadfix | 2024-08-03 | 6.5 Medium |
| A missing permission check in Jenkins ThreadFix Plugin 1.5.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. | ||||
| CVE-2022-34212 | 1 Jenkins | 1 Vrealize Orchestrator | 2024-08-03 | 5.7 Medium |
| A missing permission check in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request to an attacker-specified URL. | ||||
| CVE-2022-34204 | 1 Jenkins | 1 Easyqa | 2024-08-03 | 4.3 Medium |
| A missing permission check in Jenkins EasyQA Plugin 1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server. | ||||
| CVE-2022-34201 | 1 Jenkins | 1 Convertigo Mobile Platform | 2024-08-03 | 6.5 Medium |
| A missing permission check in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. | ||||
| CVE-2022-34206 | 1 Jenkins | 1 Jianliao Notification | 2024-08-03 | 4.3 Medium |
| A missing permission check in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers with Overall/Read permission to send HTTP POST requests to an attacker-specified URL. | ||||
| CVE-2022-34208 | 1 Jenkins | 1 Beaker Builder | 2024-08-03 | 4.3 Medium |
| A missing permission check in Jenkins Beaker builder Plugin 1.10 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. | ||||
| CVE-2022-33913 | 1 Mahara | 1 Mahara | 2024-08-03 | 7.5 High |
| In Mahara 21.04 before 21.04.6, 21.10 before 21.10.4, and 22.04.2, files can sometimes be downloaded through thumb.php with no permission check. | ||||