Total
3291 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-27948 | 1 Tesla | 6 Model 3, Model 3 Firmware, Model S and 3 more | 2024-08-03 | 7.2 High |
| Certain Tesla vehicles through 2022-03-26 allow attackers to open the charging port via a 315 MHz RF signal containing a fixed sequence of approximately one hundred symbols. NOTE: the vendor's perspective is that the behavior is as intended | ||||
| CVE-2022-29051 | 1 Jenkins | 1 Publish Over Ftp | 2024-08-03 | 4.3 Medium |
| Missing permission checks in Jenkins Publish Over FTP Plugin 1.16 and earlier allow attackers with Overall/Read permission to connect to an FTP server using attacker-specified credentials. | ||||
| CVE-2022-28993 | 1 Bdtask | 1 Multi Store Inventory Management System | 2024-08-03 | 9.8 Critical |
| Multi Store Inventory Management System v1.0 allows attackers to perform an account takeover via a crafted POST request. | ||||
| CVE-2022-28866 | 1 Nokia | 1 Airframe Bmc Web Gui R18 Firmware | 2024-08-03 | 8.8 High |
| Multiple Improper Access Control was discovered in Nokia AirFrame BMC Web GUI < R18 Firmware v4.13.00. It does not properly validate requests for access to (or editing of) data and functionality in all endpoints under /#settings/* and /api/settings/*. By not verifying the permissions for access to resources, it allows a potential attacker to view pages, with sensitive data, that are not allowed, and modify system configurations also causing DoS, which should be accessed only by user with administration profile, bypassing all controls (without checking for user identity). | ||||
| CVE-2022-28789 | 1 Samsung | 1 Voice Note | 2024-08-03 | 6.2 Medium |
| Unprotected activities in Voice Note prior to version 21.3.51.11 allows attackers to record voice without user interaction. The patch adds proper permission for vulnerable activities. | ||||
| CVE-2022-28137 | 1 Jenkins | 1 Jiratestresultreporter | 2024-08-03 | 4.3 Medium |
| A missing permission check in Jenkins JiraTestResultReporter Plugin 165.v817928553942 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | ||||
| CVE-2022-28158 | 1 Jenkins | 1 Pipeline\ | 2024-08-03 | 6.5 Medium |
| A missing permission check in Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | ||||
| CVE-2022-28147 | 1 Jenkins | 1 Continuous Integration With Toad Edge | 2024-08-03 | 4.3 Medium |
| A missing permission check in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. | ||||
| CVE-2022-28151 | 1 Jenkins | 1 Job And Node Ownership | 2024-08-03 | 4.3 Medium |
| A missing permission check in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers with Item/Read permission to change the owners and item-specific permissions of a job. | ||||
| CVE-2022-28144 | 1 Jenkins | 1 Proxmox | 2024-08-03 | 6.5 Medium |
| Jenkins Proxmox Plugin 0.7.0 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified host using attacker-specified username and password (perform a connection test), disable SSL/TLS validation for the entire Jenkins controller JVM as part of the connection test (see CVE-2022-28142), and test a rollback with attacker-specified parameters. | ||||
| CVE-2022-28134 | 1 Jenkins | 1 Bitbucket Server Integration | 2024-08-03 | 5.4 Medium |
| Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to create, view, and delete BitBucket Server consumers. | ||||
| CVE-2022-28139 | 1 Jenkins | 1 Rocketchat Notifier | 2024-08-03 | 4.3 Medium |
| A missing permission check in Jenkins RocketChat Notifier Plugin 1.4.10 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | ||||
| CVE-2022-27669 | 1 Sap | 1 Netweaver Application Server For Java | 2024-08-03 | 7.5 High |
| An unauthenticated user can use functions of XML Data Archiving Service of SAP NetWeaver Application Server for Java - version 7.50, to which access should be restricted. This may result in an escalation of privileges. | ||||
| CVE-2022-27658 | 1 Sap | 1 Innovation Management | 2024-08-03 | 7.5 High |
| Under certain conditions, SAP Innovation management - version 2.0, allows an attacker to access information which could lead to information gathering for further exploits and attacks. | ||||
| CVE-2022-27480 | 1 Siemens | 4 Sicam A8000 Cp-8031, Sicam A8000 Cp-8031 Firmware, Sicam A8000 Cp-8050 and 1 more | 2024-08-03 | 7.5 High |
| A vulnerability has been identified in SICAM A8000 CP-8031 (All versions < V4.80), SICAM A8000 CP-8050 (All versions < V4.80). Affected devices do not require an user to be authenticated to access certain files. This could allow unauthenticated attackers to download these files. | ||||
| CVE-2022-27215 | 1 Jenkins | 1 Release Helper | 2024-08-03 | 4.3 Medium |
| A missing permission check in Jenkins Release Helper Plugin 1.3.3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | ||||
| CVE-2022-27209 | 1 Jenkins | 1 Kubernetes Continuous Deploy | 2024-08-03 | 6.5 Medium |
| A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | ||||
| CVE-2022-27199 | 1 Jenkins | 1 Cloudbees Aws Credentials | 2024-08-03 | 4.3 Medium |
| A missing permission check in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token. | ||||
| CVE-2022-27205 | 1 Jenkins | 1 Extended Choice Parameter | 2024-08-03 | 4.3 Medium |
| A missing permission check in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. | ||||
| CVE-2022-26581 | 1 Paxtechnology | 2 A930, Paydroid | 2024-08-03 | 6.8 Medium |
| PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow an unauthorized attacker to perform privileged actions through the execution of specific binaries listed in ADB daemon. The attacker must have physical USB access to the device in order to exploit this vulnerability. | ||||