Skip to main content
CVE-2022-40884 MEDIUM This Month

Bento4 1.6.0 has memory leaks via the mp4fragment. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Bento4
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-3586 MEDIUM PATCH This Month

A flaw was found in the Linux kernel’s networking code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Linux Denial Of Service Use After Free Linux Kernel +1
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-39253 MEDIUM This Month

Git is an open source, scalable, distributed revision control system. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Git Fedora Xcode Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.3%
CVE-2022-25664 MEDIUM This Month

Information disclosure due to exposure of information while GPU reads the data in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qualcomm Apq8009 Firmware Apq8052 Firmware Apq8053 Firmware +107
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-25663 MEDIUM This Month

Possible buffer overflow due to lack of buffer length check during management frame Rx handling lead to denial of service in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qualcomm Denial Of Service Buffer Overflow Aqt1000 Firmware +30
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-3606 MEDIUM PATCH This Month

A vulnerability was found in Linux Kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Denial Of Service Linux Kernel
NVD VulDB
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-43425 MEDIUM This Month

Jenkins Custom Checkbox Parameter Plugin 1.4 and earlier does not escape the name and description of Custom Checkbox Parameter parameters on views displaying parameters, resulting in a stored. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Custom Checkbox Parameter
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-43420 MEDIUM PATCH This Month

Jenkins Contrast Continuous Application Security Plugin 3.9 and earlier does not escape data returned from the Contrast service when generating a report, resulting in a stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Contrast Continuous Application Security
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-43409 MEDIUM PATCH This Month

Jenkins Pipeline: Supporting APIs Plugin 838.va_3a_087b_4055b and earlier does not sanitize or properly encode URLs of hyperlinks sending POST requests in build logs, resulting in a stored cross-site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Pipeline
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-38107 MEDIUM PATCH This Month

Sensitive information could be displayed when a detailed technical error message is posted. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Sql Sentry
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-43435 MEDIUM This Month

Jenkins 360 FireLine Plugin 1.7.2 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jenkins 360 Fireline
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-43434 MEDIUM PATCH This Month

Jenkins NeuVector Vulnerability Scanner Plugin 1.20 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Neuvector Vulnerability Scanner
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-43428 MEDIUM PATCH This Month

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Jenkins Compuware Topaz For Total Test
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-43426 MEDIUM This Month

Jenkins S3 Explorer Plugin 1.0.8 and earlier does not mask the AWS_SECRET_ACCESS_KEY form field, increasing the potential for attackers to observe and capture it. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jenkins S3 Explorer
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-43424 MEDIUM PATCH This Month

Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Jenkins Compuware Xpediter Code Coverage
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-43423 MEDIUM PATCH This Month

Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Jenkins Compuware Source Code Download For Endevor Pds And Ispw
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-43422 MEDIUM PATCH This Month

Jenkins Compuware Topaz Utilities Plugin 1.0.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Jenkins Compuware Topaz Utilities
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-43421 MEDIUM PATCH This Month

A missing permission check in Jenkins Tuleap Git Branch Source Plugin 3.2.4 and earlier allows unauthenticated attackers to trigger Tuleap projects whose configured repository matches the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Tuleap Git Branch Source
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-43414 MEDIUM PATCH This Month

Jenkins NUnit Plugin 0.27 and earlier implements an agent-to-controller message that parses files inside a user-specified directory as test results, allowing attackers able to control agent processes. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Path Traversal Jenkins Nunit
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-43412 MEDIUM PATCH This Month

Jenkins Generic Webhook Trigger Plugin 1.84.1 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Generic Webhook Trigger
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-43411 MEDIUM PATCH This Month

Jenkins GitLab Plugin 1.5.35 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure Jenkins
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-43410 MEDIUM PATCH This Month

Jenkins Mercurial Plugin 1251.va_b_121f184902 and earlier provides information about which jobs were triggered or scheduled for polling through its webhook endpoint, including jobs the user has no. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Mercurial
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-42467 MEDIUM PATCH This Month

When running in prototype mode, the h2 webconsole module (accessible from the Prototype menu) is automatically made available with the ability to directly query the database. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Isis
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2022-41694 MEDIUM This Month

In BIG-IP versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, and BIG-IQ versions 8.x before 8.2.0.1 and all versions of 7.x, when an SSL key is. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +7
NVD
CVSS 3.1
4.9
EPSS
0.6%
CVE-2022-22078 MEDIUM PATCH This Month

Denial of service in BOOT when partition size for a particular partition is requested due to integer overflow when blocks are calculated in Snapdragon Auto, Snapdragon Compute, Snapdragon. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity.

Integer Overflow Qualcomm Denial Of Service Aqt1000 Firmware Ar8035 Firmware +65
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2022-31684 MEDIUM PATCH This Month

Reactor Netty HTTP Server, in versions 1.0.11 - 1.0.23, may log request headers in some cases of invalid HTTP requests. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Reactor Netty
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-43433 MEDIUM This Month

Jenkins ScreenRecorder Plugin 0.7 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Screenrecorder
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-43432 MEDIUM This Month

Jenkins XFramium Builder Plugin 1.0.22 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Xframium Builder
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-43431 MEDIUM PATCH This Month

Jenkins Compuware Strobe Measurement Plugin 1.0.1 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Compuware Strobe Measurement
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-43427 MEDIUM PATCH This Month

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Compuware Topaz For Total Test
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-43418 MEDIUM PATCH This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Katalon Plugin 1.0.33 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Katalon
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-43417 MEDIUM PATCH This Month

Jenkins Katalon Plugin 1.0.32 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified URL using. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Katalon
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-43413 MEDIUM PATCH This Month

Jenkins Job Import Plugin 3.5 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Job Import
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-41983 LOW Monitor

On specific hardware platforms, on BIG-IP versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, while Intel QAT (QuickAssist Technology) and the. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Intel Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Advanced Web Application Firewall +16
NVD
CVSS 3.1
3.7
EPSS
0.2%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy