Search Results (36979 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-34810 1 Jenkins 1 Rqm 2024-11-21 6.5 Medium
A missing check in Jenkins RQM Plugin 2.8 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
CVE-2022-34798 1 Jenkins 1 Deployment Dashboard 2024-11-21 4.3 Medium
Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials.
CVE-2022-34796 1 Jenkins 1 Deployment Dashboard 2024-11-21 4.3 Medium
A missing permission check in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
CVE-2022-34794 1 Jenkins 1 Recipe 2024-11-21 6.5 Medium
Missing permission checks in Jenkins Recipe Plugin 1.2 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML.
CVE-2022-34785 1 Jenkins 1 Build-metrics 2024-11-21 4.3 Medium
Jenkins build-metrics Plugin 1.3 and earlier does not perform permission checks in multiple HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about jobs otherwise inaccessible to them.
CVE-2022-34782 1 Jenkins 1 Requests 2024-11-21 4.3 Medium
An incorrect permission check in Jenkins requests-plugin Plugin 2.2.16 and earlier allows attackers with Overall/Read permission to view the list of pending requests.
CVE-2022-34781 1 Jenkins 1 Xebialabs Xl Release 2024-11-21 6.5 Medium
Missing permission checks in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
CVE-2022-34779 1 Jenkins 1 Xebialabs Xl Release 2024-11-21 4.3 Medium
A missing permission check in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
CVE-2022-34760 1 Schneider-electric 4 Opc Ua Module For M580, Opc Ua Module For M580 Firmware, X80 Advanced Rtu Module and 1 more 2024-11-21 7.5 High
A CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability exists that could cause a denial of service of the webserver due to improper handling of the cookies. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V1.0), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior)
CVE-2022-34590 1 Hospital Management System Project 1 Hospital Management System 2024-11-21 7.2 High
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in /HMS/admin.php.
CVE-2022-34588 1 Advanced School Management System Project 1 Advanced School Management System 2024-11-21 8.8 High
itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via the grade parameter at /school/view/timetable_insert_form.php.
CVE-2022-34586 1 Advanced School Management System Project 1 Advanced School Management System 2024-11-21 8.8 High
itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via the grade parameter at /school/view/student_grade_wise.php.
CVE-2022-34557 1 Barangay Management System Project 1 Barangay Management System 2024-11-21 8.8 High
Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /pages/permit/permit.php.
CVE-2022-34212 1 Jenkins 1 Vrealize Orchestrator 2024-11-21 5.7 Medium
A missing permission check in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request to an attacker-specified URL.
CVE-2022-34210 1 Jenkins 1 Threadfix 2024-11-21 6.5 Medium
A missing permission check in Jenkins ThreadFix Plugin 1.5.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.
CVE-2022-34208 1 Jenkins 1 Beaker Builder 2024-11-21 4.3 Medium
A missing permission check in Jenkins Beaker builder Plugin 1.10 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.
CVE-2022-34206 1 Jenkins 1 Jianliao Notification 2024-11-21 4.3 Medium
A missing permission check in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers with Overall/Read permission to send HTTP POST requests to an attacker-specified URL.
CVE-2022-34204 1 Jenkins 1 Easyqa 2024-11-21 4.3 Medium
A missing permission check in Jenkins EasyQA Plugin 1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server.
CVE-2022-34201 1 Jenkins 1 Convertigo Mobile Platform 2024-11-21 6.5 Medium
A missing permission check in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.
CVE-2022-34180 1 Jenkins 1 Embeddable Build Status 2024-11-21 7.5 High
Jenkins Embeddable Build Status Plugin 2.0.3 and earlier does not correctly perform the ViewStatus permission check in the HTTP endpoint it provides for "unprotected" status badge access, allowing attackers without any permissions to obtain the build status badge icon for any attacker-specified job and/or build.