βΌ CVE-2022-22478 βΌ
π Read
via "National Vulnerability Database".
IBM Spectrum Protect Client 8.1.0.0 through 8.1.14.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 225886.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22496 βΌ
π Read
via "National Vulnerability Database".
While a user account for the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 is being established, it may be configured to use SESSIONSECURITY=TRANSITIONAL. While in this mode, it may be susceptible to an offline dictionary attack. IBM X-Force ID: 226942.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37791 βΌ
π Read
via "National Vulnerability Database".
MyAdmin v1.0 is affected by an incorrect access control vulnerability in viewing personal center in /api/user/userData?userCode=admin.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22487 βΌ
π Read
via "National Vulnerability Database".
An IBM Spectrum Protect storage agent could allow a remote attacker to perform a brute force attack by allowing unlimited attempts to login to the storage agent without locking the administrative ID. A remote attacker could exploit this vulnerability using brute force techniques to gain unauthorized administrative access to both the IBM Spectrum Protect storage agent and the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 with which it communicates. IBM X-Force ID: 226326.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2056 βΌ
π Read
via "National Vulnerability Database".
Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1955 βΌ
π Read
via "National Vulnerability Database".
Session 1.13.0 allows an attacker with physical access to the victim's device to bypass the application's password/pin lock to access user data. This is possible due to lack of adequate security controls to prevent dynamic code manipulation.π Read
via "National Vulnerability Database".
π What is Data Security? π
π Read
via "".
What is data security, why does it matter, and what are the best ways to address data security?π Read
via "".
βΌ CVE-2022-34794 βΌ
π Read
via "National Vulnerability Database".
Missing permission checks in Jenkins Recipe Plugin 1.2 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-33312 βΌ
π Read
via "National Vulnerability Database".
Multiple command injection vulnerabilities exist in the web_server action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/action/import_cert_file/` API is affected by command injection vulnerability.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-34790 βΌ
π Read
via "National Vulnerability Database".
Jenkins eXtreme Feedback Panel Plugin 2.0.1 and earlier does not escape the job names used in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2197 βΌ
π Read
via "National Vulnerability Database".
By using a specific credential string, an attacker with network access to the deviceΓ’β¬β’s web interface could circumvent the authentication scheme and perform administrative operations.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34785 βΌ
π Read
via "National Vulnerability Database".
Jenkins build-metrics Plugin 1.3 and earlier does not perform permission checks in multiple HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about jobs otherwise inaccessible to them.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34783 βΌ
π Read
via "National Vulnerability Database".
Jenkins Plot Plugin 2.1.10 and earlier does not escape plot descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34786 βΌ
π Read
via "National Vulnerability Database".
Jenkins Rich Text Publisher Plugin 1.4 and earlier does not escape the HTML message set by its post-build step, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34799 βΌ
π Read
via "National Vulnerability Database".
Jenkins Deployment Dashboard Plugin 1.0.10 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34777 βΌ
π Read
via "National Vulnerability Database".
Jenkins GitLab Plugin 1.5.34 and earlier does not escape multiple fields inserted into the description of webhook-triggered builds, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34779 βΌ
π Read
via "National Vulnerability Database".
A missing permission check in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34780 βΌ
π Read
via "National Vulnerability Database".
A cross-site request forgery (CSRF) vulnerability in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34795 βΌ
π Read
via "National Vulnerability Database".
Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not escape environment names on its Deployment Dashboard view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33327 βΌ
π Read
via "National Vulnerability Database".
Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/ajax/remove_sniffer_raw_log/` API is affected by a command injection vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34804 βΌ
π Read
via "National Vulnerability Database".
Jenkins OpsGenie Plugin 1.9 and earlier transmits API keys in plain text as part of the global Jenkins configuration form and job configuration forms, potentially resulting in their exposure.π Read
via "National Vulnerability Database".