Search Results (36985 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-36909 1 Jenkins 1 Openshift Deployer 2024-11-21 6.5 Medium
A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenkins controller file system to an attacker-specified URL.
CVE-2022-36907 1 Jenkins 1 Openshift Deployer 2024-11-21 6.5 Medium
A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password.
CVE-2022-36904 1 Jenkins 1 Repository Connector 2024-11-21 4.3 Medium
Jenkins Repository Connector Plugin 2.2.0 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.
CVE-2022-36903 1 Jenkins 1 Repository Connector 2024-11-21 4.3 Medium
A missing permission check in Jenkins Repository Connector Plugin 2.2.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
CVE-2022-36898 1 Jenkins 1 Compuware Ispw Operations 2024-11-21 4.3 Medium
A missing permission check in Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins.
CVE-2022-36897 1 Jenkins 1 Compuware Xpediter Code Coverage 2024-11-21 4.3 Medium
A missing permission check in Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins.
CVE-2022-36896 1 Jenkins 1 Compuware Source Code Download For Endevor\, Pds\, And Ispw 2024-11-21 6.5 Medium
A missing permission check in Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins.
CVE-2022-36895 1 Jenkins 1 Compuware Topaz Utilities 2024-11-21 4.3 Medium
A missing permission check in Jenkins Compuware Topaz Utilities Plugin 1.0.8 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins.
CVE-2022-36893 1 Jenkins 1 Rpmsign-plugin 2024-11-21 4.3 Medium
Jenkins rpmsign-plugin Plugin 0.5.0 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace contents.
CVE-2022-36892 1 Jenkins 1 Rhnpush-plugin 2024-11-21 4.3 Medium
Jenkins rhnpush-plugin Plugin 0.5.1 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace contents.
CVE-2022-36891 1 Jenkins 1 Deployer Framework 2024-11-21 4.3 Medium
A missing permission check in Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier allows attackers with Item/Read permission but without Deploy Now/Deploy permission to read deployment logs.
CVE-2022-36888 1 Jenkins 1 Hashicorp Vault 2024-11-21 6.5 Medium
A missing permission check in Jenkins HashiCorp Vault Plugin 354.vdb_858fd6b_f48 and earlier allows attackers with Overall/Read permission to obtain credentials stored in Vault with attacker-specified path and keys.
CVE-2022-36883 2 Jenkins, Redhat 2 Git, Openshift 2024-11-21 7.5 High
A missing permission check in Jenkins Git Plugin 4.11.3 and earlier allows unauthenticated attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit.
CVE-2022-36856 1 Google 1 Android 2024-11-21 4 Medium
Improper access control vulnerability in Telecom application prior to SMR Sep-2022 Release 1 allows attacker to start emergency calls via undefined permission.
CVE-2022-36839 1 Samsung 1 Checkout 2024-11-21 5.9 Medium
SQL injection vulnerability via IAPService in Samsung Checkout prior to version 5.0.53.1 allows attackers to access IAP information.
CVE-2022-36836 1 Samsung 2 Charm, Charm Firmware 2024-11-21 6.2 Medium
Unprotected provider vulnerability in Charm by Samsung prior to version 1.2.3 allows attackers to read connection state without permission.
CVE-2022-36754 1 Oretnom23 1 Expense Management System 2024-11-21 7.2 High
Expense Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /Home/debit_credit_p.
CVE-2022-36750 1 Oretnom23 1 Clinic\'s Patient Management System 2024-11-21 9.8 Critical
Clinic's Patient Management System v1.0 is vulnerable to SQL injection via /pms/update_user.php?id=.
CVE-2022-36735 1 Library Management System Project 1 Library Management System 2024-11-21 9.8 Critical
Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at /admin/delete.php.
CVE-2022-36734 1 Library Management System Project 1 Library Management System 2024-11-21 9.8 Critical
Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the RollNo parameter at /admin/delstu.php.