βΌ CVE-2022-41245 βΌ
π Read
via "National Vulnerability Database".
A cross-site request forgery (CSRF) vulnerability in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41230 βΌ
π Read
via "National Vulnerability Database".
Jenkins Build-Publisher Plugin 1.22 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain names and URLs of Jenkins servers that the plugin is configured to publish builds to, as well as builds pending for publication to those Jenkins servers.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41250 βΌ
π Read
via "National Vulnerability Database".
A missing permission check in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3250 βΌ
π Read
via "National Vulnerability Database".
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.6.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41244 βΌ
π Read
via "National Vulnerability Database".
Jenkins View26 Test-Reporting Plugin 1.0.7 and earlier does not perform hostname validation when connecting to the configured View26 server that could be abused using a man-in-the-middle attack to intercept these connections.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3251 βΌ
π Read
via "National Vulnerability Database".
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/minarca prior to 4.2.2.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41240 βΌ
π Read
via "National Vulnerability Database".
Jenkins Walti Plugin 1.0.1 and earlier does not escape the information provided by the Walti API, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide malicious API responses from Walti.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41226 βΌ
π Read
via "National Vulnerability Database".
Jenkins Compuware Common Configuration Plugin 1.0.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41239 βΌ
π Read
via "National Vulnerability Database".
Jenkins DotCi Plugin 2.40.00 and earlier does not escape the GitHub user name parameter provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting (XSS) vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30578 βΌ
π Read
via "National Vulnerability Database".
The Web Server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 5.4.1 and below.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40029 βΌ
π Read
via "National Vulnerability Database".
SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component newProjectValidation.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the shortName parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23952 βΌ
π Read
via "National Vulnerability Database".
In Keylime before 6.3.0, current keylime installer installs the keylime.conf file, which can contain sensitive data, as world-readable.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40028 βΌ
π Read
via "National Vulnerability Database".
SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component newProjectValidation.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fullName parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29800 βΌ
π Read
via "National Vulnerability Database".
A time-of-check-time-of-use (TOCTOU) race condition vulnerability was found in networkd-dispatcher. This flaw exists because there is a certain time between the scripts being discovered and them being run. An attacker can abuse this vulnerability to replace scripts that networkd-dispatcher believes to be owned by root with ones that are not.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30577 βΌ
π Read
via "National Vulnerability Database".
The Web Server component of TIBCO Software Inc.'s TIBCO EBX contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 6.0.0 through 6.0.8.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23950 βΌ
π Read
via "National Vulnerability Database".
In Keylime before 6.3.0, Revocation Notifier uses a fixed /tmp path for UNIX domain socket which can allow unprivileged users a method to prohibit keylime operations.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40026 βΌ
π Read
via "National Vulnerability Database".
SourceCodester Simple Task Managing System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at board.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40219 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in SedLex FavIcon Switcher plugin <= 1.2.11 at WordPress allows plugin settings change.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23948 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in Keylime before 6.3.0. The logic in the Keylime agent for checking for a secure mount can be fooled by previously created unprivileged mounts allowing secrets to be leaked to other processes on the host.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35621 βΌ
π Read
via "National Vulnerability Database".
Access control vulnerability in Evoh NFT EvohClaimable contract with sha256 hash code fa2084d5abca91a62ed1d2f1cad3ec318e6a9a2d7f1510a00d898737b05f48ae allows remote attackers to execute fraudulent NFT transfers.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29799 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in networkd-dispatcher. This flaw exists because no functions are sanitized by the OperationalState or the AdministrativeState of networkd-dispatcher. This attack leads to a directory traversal to escape from the Γ’β¬Ε/etc/networkd-dispatcherΓ’β¬οΏ½ base directory.π Read
via "National Vulnerability Database".