Export limit exceeded: 337774 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (7792 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-34799 | 1 Jenkins | 1 Deployment Dashboard | 2024-11-21 | 4.3 Medium |
| Jenkins Deployment Dashboard Plugin 1.0.10 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2022-34772 | 1 Tabit | 1 Tabit | 2024-11-21 | 4.3 Medium |
| Tabit - password enumeration. Description: Tabit - password enumeration. The passwords for the Tabit system is a 4 digit OTP. One can resend OTP and try logging in indefinitely. Once again, this is an example of OWASP: API4 - Rate limiting. | ||||
| CVE-2022-34668 | 1 Nvidia | 1 Nvflare | 2024-11-21 | 9.8 Critical |
| NVFLARE, versions prior to 2.1.4, contains a vulnerability that deserialization of Untrusted Data due to Pickle usage may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity. | ||||
| CVE-2022-34615 | 1 Mealie | 1 Mealie | 2024-11-21 | 9.8 Critical |
| Mealie 1.0.0beta3 employs weak password requirements which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. | ||||
| CVE-2022-34570 | 1 Wavlink | 2 Wl-wn579x3, Wl-wn579x3 Firmware | 2024-11-21 | 7.5 High |
| WAVLINK WN579 X3 M79X3.V5030.191012/M79X3.V5030.191012 contains an information leak which allows attackers to obtain the key information via accessing the messages.txt page. | ||||
| CVE-2022-34371 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 8.1 High |
| Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.3, contain an unprotected transport of credentials vulnerability. A malicious unprivileged network attacker could potentially exploit this vulnerability, leading to full system compromise. | ||||
| CVE-2022-34369 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 8.1 High |
| Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3 , contain an insertion of sensitive information in log files vulnerability. A remote unprivileged attacker could potentially exploit this vulnerability, leading to exposure of this sensitive data. | ||||
| CVE-2022-34268 | 1 Rws | 1 Worldserver | 2024-11-21 | 9.8 Critical |
| An issue was discovered in RWS WorldServer before 11.7.3. /clientLogin deserializes Java objects without authentication, leading to command execution on the host. | ||||
| CVE-2022-34213 | 1 Jenkins | 1 Squash Tm Publisher | 2024-11-21 | 6.5 Medium |
| Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2022-34202 | 1 Jenkins | 1 Easyqa | 2024-11-21 | 6.5 Medium |
| Jenkins EasyQA Plugin 1.0 and earlier stores user passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2022-34199 | 1 Jenkins | 1 Convertigo Mobile Platform | 2024-11-21 | 6.5 Medium |
| Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | ||||
| CVE-2022-34049 | 1 Wavlink | 2 Wl-wn530hg4, Wl-wn530hg4 Firmware | 2024-11-21 | 5.3 Medium |
| An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows unauthenticated attackers to download log files and configuration data. | ||||
| CVE-2022-34008 | 1 Comodo | 1 Antivirus | 2024-11-21 | 7.8 High |
| Comodo Antivirus 12.2.2.8012 has a quarantine flaw that allows privilege escalation. To escalate privilege, a low-privileged attacker can use an NTFS directory junction to restore a malicious DLL from quarantine into the System32 folder. | ||||
| CVE-2022-33953 | 1 Ibm | 3 Robotic Process Automation, Robotic Process Automation As A Service, Robotic Process Automation For Cloud Pak | 2024-11-21 | 4.6 Medium |
| IBM Robotic Process Automation 21.0.1 and 21.0.2 could allow a user with psychical access to the system to obtain sensitive information due to insufficiently protected access tokens. IBM X-Force ID: 229198. | ||||
| CVE-2022-33947 | 1 F5 | 1 Big-ip Domain Name System | 2024-11-21 | 5.4 Medium |
| In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, a vulnerability exists in undisclosed pages of the BIG-IP DNS Traffic Management User Interface (TMUI) that allows an authenticated attacker with at least operator role privileges to cause the Tomcat process to restart and perform unauthorized DNS requests and operations through undisclosed requests. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2022-33911 | 1 Couchbase | 1 Couchbase Server | 2024-11-21 | 5.3 Medium |
| An issue was discovered in Couchbase Server 7.x before 7.0.4. Field names are not redacted in logged validation messages for Analytics Service. An Unauthorized Actor may be able to obtain Sensitive Information. | ||||
| CVE-2022-33737 | 1 Openvpn | 1 Openvpn Access Server | 2024-11-21 | 7.5 High |
| The OpenVPN Access Server installer creates a log file readable for everyone, which from version 2.10.0 and before 2.11.0 may contain a random generated admin password | ||||
| CVE-2022-33726 | 1 Google | 1 Android | 2024-11-21 | 3.3 Low |
| Unprotected dynamic receiver in Samsung Galaxy Friends prior to SMR Aug-2022 Release 1 allows attacker to launch activity. | ||||
| CVE-2022-33697 | 1 Google | 1 Android | 2024-11-21 | 3.3 Low |
| Sensitive information exposure vulnerability in ImsServiceSwitchBase in ImsCore prior to SMR Jul-2022 Release 1 allows local attackers with log access permission to get IMSI through device log. | ||||
| CVE-2022-33693 | 1 Google | 1 Android | 2024-11-21 | 2 Low |
| Exposure of Sensitive Information in CID Manager prior to SMR Jul-2022 Release 1 allows local attacker to access iccid via log. | ||||