CVE-2022-36903
- A missing permission check in Jenkins Repository Connector Plugin 2.2.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
Published:
July 27, 2022; 11:15:09 AM -0400
V3.1: 4.3 MEDIUM
CVE-2022-36918
- Jenkins Buckminster Plugin 1.1.1 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins...
read CVE-2022-36918
Published:
July 27, 2022; 11:15:12 AM -0400
V3.1: 4.3 MEDIUM
CVE-2022-31169
- Wasmtime is a standalone runtime for WebAssembly. There is a bug in Wasmtime's code generator, Cranelift, for AArch64 targets where constant divisors can result in incorrect division results at runtime. This affects Wasmtime prior to version 0.38....
read CVE-2022-31169
Published:
July 22, 2022; 12:15:14 AM -0400
V3.1: 7.5 HIGH
CVE-2022-36904
- Jenkins Repository Connector Plugin 2.2.0 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on th...
read CVE-2022-36904
Published:
July 27, 2022; 11:15:09 AM -0400
V3.1: 4.3 MEDIUM
CVE-2022-36905
- Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.2 and earlier does not perform URL validation for the Repository Base URL of List maven artifact versions parameters, resulting in a stored cross-site scripting (XSS) vulnerability explo...
read CVE-2022-36905
Published:
July 27, 2022; 11:15:10 AM -0400
V3.1: 5.4 MEDIUM
CVE-2022-36906
- A cross-site request forgery (CSRF) vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password.
Published:
July 27, 2022; 11:15:10 AM -0400
V3.1: 6.5 MEDIUM
CVE-2022-31163
- TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when used with the Ruby data source tzinfo-data, are vulnerable to r...
read CVE-2022-31163
Published:
July 22, 2022; 12:15:14 AM -0400
V3.1: 8.1 HIGH
CVE-2022-36897
- A missing permission check in Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jen...
read CVE-2022-36897
Published:
July 27, 2022; 11:15:09 AM -0400
V3.1: 4.3 MEDIUM
CVE-2022-23000
- The Western Digital My Cloud Web App [https://os5.mycloud.com/] uses a weak SSLContext when attempting to configure port forwarding rules. This was enabled to maintain compatibility with old or outdated home routers. By using an "SSL" context inst...
read CVE-2022-23000
Published:
July 25, 2022; 3:15:30 PM -0400
V3.1: 7.8 HIGH
CVE-2022-2164
- Inappropriate implementation in Extensions API in Google Chrome prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted HTML page.
Published:
July 27, 2022; 9:15:17 PM -0400
V3.1: 6.3 MEDIUM
CVE-2022-36896
- A missing permission check in Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of...
read CVE-2022-36896
Published:
July 27, 2022; 11:15:09 AM -0400
V3.1: 6.5 MEDIUM
CVE-2022-36907
- A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password.
Published:
July 27, 2022; 11:15:10 AM -0400
V3.1: 6.5 MEDIUM
CVE-2022-36895
- A missing permission check in Jenkins Compuware Topaz Utilities Plugin 1.0.8 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins.
Published:
July 27, 2022; 11:15:09 AM -0400
V3.1: 4.3 MEDIUM
CVE-2022-2162
- Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 103.0.5060.53 allowed a remote attacker to bypass file system access via a crafted HTML page.
Published:
July 27, 2022; 9:15:17 PM -0400
V3.1: 8.8 HIGH
CVE-2022-2161
- Use after free in WebApp Provider in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who convinced the user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.
Published:
July 27, 2022; 9:15:16 PM -0400
V3.1: 8.8 HIGH
CVE-2022-36908
- A cross-site request forgery (CSRF) vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key f...
read CVE-2022-36908
Published:
July 27, 2022; 11:15:10 AM -0400
V3.1: 6.5 MEDIUM
CVE-2022-36894
- An arbitrary file write vulnerability in Jenkins CLIF Performance Testing Plugin 64.vc0d66de1dfb_f and earlier allows attackers with Overall/Read permission to create or replace arbitrary files on the Jenkins controller file system with attacker-s...
read CVE-2022-36894
Published:
July 27, 2022; 11:15:09 AM -0400
V3.1: 6.5 MEDIUM
CVE-2022-2160
- Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from a user's local files via a cr...
read CVE-2022-2160
Published:
July 27, 2022; 9:15:16 PM -0400
V3.1: 6.5 MEDIUM
CVE-2022-34966
- OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an HTML injection vulnerability via the location parameter at http://ip_address/:port/ossn/home.
Published:
July 25, 2022; 3:15:43 PM -0400
V3.1: 7.5 HIGH
CVE-2022-36893
- Jenkins rpmsign-plugin Plugin 0.5.0 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether att...
read CVE-2022-36893
Published:
July 27, 2022; 11:15:09 AM -0400
V3.1: 4.3 MEDIUM