Total
34346 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-30949 | 1 Jenkins | 1 Repo | 2024-11-21 | 5.3 Medium |
| Jenkins REPO Plugin 1.14.0 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents. | ||||
| CVE-2022-30948 | 2 Jenkins, Redhat | 2 Mercurial, Openshift | 2024-11-21 | 7.5 High |
| Jenkins Mercurial Plugin 2.16 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents. | ||||
| CVE-2022-30947 | 1 Jenkins | 1 Git | 2024-11-21 | 7.5 High |
| Jenkins Git Plugin 4.11.1 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents. | ||||
| CVE-2022-30943 | 1 Cybozu | 1 Garoon | 2024-11-21 | 4.3 Medium |
| Browsing restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data of Bulletin. | ||||
| CVE-2022-30882 | 1 Pyanxdns Project | 1 Pyanxdns | 2024-11-21 | 9.8 Critical |
| pyanxdns package in PyPI version 0.2 is vulnerable to code execution backdoor. The impact is: execute arbitrary code (remote). When installing the pyanxdns package of version 0.2, the request package will be installed. | ||||
| CVE-2022-30785 | 3 Debian, Fedoraproject, Tuxera | 3 Debian Linux, Fedora, Ntfs-3g | 2024-11-21 | 6.7 Medium |
| A file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations in NTFS-3G through 2021.8.22 when using libfuse-lite. | ||||
| CVE-2022-30756 | 1 Google | 1 Android | 2024-11-21 | 8.5 High |
| Implicit Intent hijacking vulnerability in Finder prior to SMR Jul-2022 Release 1 allow allows attackers to launch certain activities with privilege of Finder. | ||||
| CVE-2022-30754 | 1 Google | 1 Android | 2024-11-21 | 8.5 High |
| Implicit Intent hijacking vulnerability in AppLinker prior to SMR Jul-2022 Release 1 allow allows attackers to launch certain activities with privilege of AppLinker. | ||||
| CVE-2022-30737 | 1 Samsung | 1 Account | 2024-11-21 | 4 Medium |
| Implicit Intent hijacking vulnerability in Samsung Account prior to version 13.2.00.6 allows attackers to get email ID. | ||||
| CVE-2022-30726 | 1 Google | 1 Android | 2024-11-21 | 6.2 Medium |
| Unprotected component vulnerability in DeviceSearchTrampoline in SecSettingsIntelligence prior to SMR Jun-2022 Release 1 allows local attackers to launch activities of SecSettingsIntelligence. | ||||
| CVE-2022-30722 | 1 Google | 1 Android | 2024-11-21 | 6.2 Medium |
| Implicit Intent hijacking vulnerability in Samsung Account prior to SMR Jun-2022 Release 1 allows attackers to bypass user confirmation of Samsung Account. | ||||
| CVE-2022-30708 | 1 Webmin | 1 Webmin | 2024-11-21 | 8.8 High |
| Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). This occurs because settings-editor_write.cgi does not properly restrict the file parameter. | ||||
| CVE-2022-30703 | 2 Microsoft, Trendmicro | 2 Windows, Security | 2024-11-21 | 7.8 High |
| Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an exposed dangerous method vulnerability that could allow an attacker to obtain access to leaked kernel addresses and disclose sensitive information. This vulnerability could also potentially be chained for privilege escalation. | ||||
| CVE-2022-30697 | 1 Acronis | 1 Snap Deploy | 2024-11-21 | 7.8 High |
| Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 3640 | ||||
| CVE-2022-30689 | 1 Hashicorp | 1 Vault | 2024-11-21 | 5.3 Medium |
| HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not correctly configure and enforce MFA on login after server restarts. This affects the Login MFA feature introduced in Vault and Vault Enterprise 1.10.0 and does not affect the separate Enterprise MFA feature set. Fixed in 1.10.3. | ||||
| CVE-2022-30628 | 1 Supersmart | 1 Supersmart.me - Walk Through | 2024-11-21 | 4.8 Medium |
| It was possible to download all receipts without authentication. Must first access the API https://XXXX.supersmart.me/services/v4/customer/signin to get a TOKEN. Then you can then access the API that provides invoice images based on the URL https://XXXX.supersmart.me/services/v4/invoiceImg?orderId=XXXXX | ||||
| CVE-2022-30616 | 1 Ibm | 1 Robotic Process Automation | 2024-11-21 | 7.2 High |
| IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to elevate their privilege to platform administrator through manipulation of APIs. IBM X-Force ID: 227978. | ||||
| CVE-2022-30614 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-11-21 | 7.5 High |
| IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to a denial of service via email flooding caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available CPU resources. IBM X-Force ID: 227591. | ||||
| CVE-2022-30613 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-11-21 | 5.5 Medium |
| IBM QRadar SIEM 7.4 and 7.5 could disclose sensitive information via a local service to a privileged user. IBM X-Force ID: 227366. | ||||
| CVE-2022-30602 | 1 Cybozu | 1 Garoon | 2024-11-21 | 8.1 High |
| Operation restriction bypass in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to alter the file information and/or delete the files. | ||||