Total
857 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-32477 | 1 Moodle | 1 Moodle | 2022-07-02 | 4.0 MEDIUM | 4.3 MEDIUM |
The last time a user accessed the mobile app is displayed on their profile page, but should be restricted to users with the relevant capability (site administrators by default). Moodle versions 3.10 to 3.10.3 are affected. | |||||
CVE-2022-1521 | 1 Illumina | 8 Iseq 100, Local Run Manager, Miniseq and 5 more | 2022-07-01 | 6.4 MEDIUM | 9.1 CRITICAL |
LRM does not implement authentication or authorization by default. A malicious actor can inject, replay, modify, and/or intercept sensitive data. | |||||
CVE-2022-34813 | 2022-06-30 | N/A | N/A | ||
A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to create and delete XPath expressions. | |||||
CVE-2022-34785 | 2022-06-30 | N/A | N/A | ||
Jenkins build-metrics Plugin 1.3 and earlier does not perform permission checks in multiple HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about jobs otherwise inaccessible to them. | |||||
CVE-2022-34798 | 2022-06-30 | N/A | N/A | ||
Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials. | |||||
CVE-2022-34810 | 2022-06-30 | N/A | N/A | ||
A missing check in Jenkins RQM Plugin 2.8 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | |||||
CVE-2022-34779 | 2022-06-30 | N/A | N/A | ||
A missing permission check in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | |||||
CVE-2022-34781 | 2022-06-30 | N/A | N/A | ||
Missing permission checks in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
CVE-2022-34794 | 2022-06-30 | N/A | N/A | ||
Missing permission checks in Jenkins Recipe Plugin 1.2 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML. | |||||
CVE-2022-34818 | 2022-06-30 | N/A | N/A | ||
Jenkins Failed Job Deactivator Plugin 1.2.1 and earlier does not perform permission checks in several views and HTTP endpoints, allowing attackers with Overall/Read permission to disable jobs. | |||||
CVE-2022-34811 | 2022-06-30 | N/A | N/A | ||
A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to access the XPath Configuration Viewer page. | |||||
CVE-2022-34208 | 1 Jenkins | 1 Beaker Builder | 2022-06-30 | 4.0 MEDIUM | 4.3 MEDIUM |
A missing permission check in Jenkins Beaker builder Plugin 1.10 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. | |||||
CVE-2022-34206 | 1 Jenkins | 1 Jianliao Notification | 2022-06-30 | 4.0 MEDIUM | 4.3 MEDIUM |
A missing permission check in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers with Overall/Read permission to send HTTP POST requests to an attacker-specified URL. | |||||
CVE-2022-34204 | 1 Jenkins | 1 Easyqa | 2022-06-30 | 4.0 MEDIUM | 4.3 MEDIUM |
A missing permission check in Jenkins EasyQA Plugin 1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server. | |||||
CVE-2022-34210 | 1 Jenkins | 1 Threadfix | 2022-06-29 | 4.0 MEDIUM | 6.5 MEDIUM |
A missing permission check in Jenkins ThreadFix Plugin 1.5.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. | |||||
CVE-2022-34212 | 1 Jenkins | 1 Vrealize Orchestrator | 2022-06-29 | 3.5 LOW | 5.7 MEDIUM |
A missing permission check in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request to an attacker-specified URL. | |||||
CVE-2022-34201 | 1 Jenkins | 1 Convertigo Mobile Platform | 2022-06-29 | 4.0 MEDIUM | 6.5 MEDIUM |
A missing permission check in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. | |||||
CVE-2022-34180 | 1 Jenkins | 1 Embeddable Build Status | 2022-06-29 | 5.0 MEDIUM | 7.5 HIGH |
Jenkins Embeddable Build Status Plugin 2.0.3 and earlier does not correctly perform the ViewStatus permission check in the HTTP endpoint it provides for "unprotected" status badge access, allowing attackers without any permissions to obtain the build status badge icon for any attacker-specified job and/or build. | |||||
CVE-2021-37764 | 1 Xos-shop | 1 Xos Shop System | 2022-06-28 | 5.5 MEDIUM | 8.1 HIGH |
Arbitrary File Deletion vulnerability in XOS-Shop xos_shop_system 1.0.9 via current_manufacturer_image parameter to /shop/admin/manufacturers.php. | |||||
CVE-2021-46820 | 1 Xos-shop | 1 Xos Shop System | 2022-06-28 | 5.5 MEDIUM | 8.1 HIGH |
Arbitrary File Deletion vulnerability in XOS-Shop xos_shop_system 1.0.9 via current_manufacturer_image parameter to /shop/admin/categories.php |