Export limit exceeded: 357324 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (8492 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-27549 | 1 Hcltechsw | 1 Hcl Launch | 2024-11-21 | 4 Medium |
| HCL Launch may store certain data for recurring activities in a plain text format. | ||||
| CVE-2022-27548 | 1 Hcltechsw | 1 Hcl Launch | 2024-11-21 | 4.9 Medium |
| HCL Launch stores user credentials in plain clear text which can be read by a local user. | ||||
| CVE-2022-27544 | 1 Hcltech | 1 Bigfix Platform | 2024-11-21 | 5 Medium |
| BigFix Web Reports authorized users may see SMTP credentials in clear text. | ||||
| CVE-2022-27442 | 1 Tpcms Project | 1 Tpcms | 2024-11-21 | 7.5 High |
| TPCMS v3.2 allows attackers to access the ThinkPHP log directory and obtain sensitive information such as the administrator's user name and password. | ||||
| CVE-2022-27218 | 1 Jenkins | 1 Incapptic Connect Uploader | 2024-11-21 | 4.3 Medium |
| Jenkins incapptic connect uploader Plugin 1.15 and earlier stores tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | ||||
| CVE-2022-27217 | 1 Jenkins | 1 Vmware Vrealize Codestream | 2024-11-21 | 6.5 Medium |
| Jenkins Vmware vRealize CodeStream Plugin 1.2 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | ||||
| CVE-2022-27216 | 1 Jenkins | 1 Dbcharts | 2024-11-21 | 6.5 Medium |
| Jenkins dbCharts Plugin 0.5.2 and earlier stores JDBC connection passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2022-27206 | 1 Jenkins | 1 Gitlab Authentication | 2024-11-21 | 6.5 Medium |
| Jenkins GitLab Authentication Plugin 1.13 and earlier stores the GitLab client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2022-27192 | 1 Asseco | 1 Dvs Avilys | 2024-11-21 | 7.5 High |
| The Reporting module in Aseco Lietuva document management system DVS Avilys before 3.5.58 allows unauthorized file download. An unauthenticated attacker can impersonate an administrator by reading administrative files. | ||||
| CVE-2022-27158 | 1 Php | 1 Pearweb | 2024-11-21 | 9.8 Critical |
| pearweb < 1.32 suffers from Deserialization of Untrusted Data. | ||||
| CVE-2022-26948 | 1 Rsa | 1 Archer | 2024-11-21 | 5.8 Medium |
| The Archer RSS feed integration for Archer 6.x through 6.9 SP1 (6.9.1.0) is affected by an insecure credential storage vulnerability. A malicious attacker may obtain access to credential information to use it in further attacks. | ||||
| CVE-2022-26877 | 1 Asana | 1 Desktop | 2024-11-21 | 6.5 Medium |
| Asana Desktop before 1.6.0 allows remote attackers to exfiltrate local files if they can trick the Asana desktop app into loading a malicious web page. | ||||
| CVE-2022-26856 | 1 Dell | 1 Emc Repository Manager | 2024-11-21 | 8.2 High |
| Dell EMC Repository Manager version 3.4.0 contains a plain-text password storage vulnerability. A local attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application's database with privileges of the compromised account. | ||||
| CVE-2022-26704 | 1 Apple | 2 Mac Os X, Macos | 2024-11-21 | 7.8 High |
| A validation issue existed in the handling of symlinks and was addressed with improved validation of symlinks. This issue is fixed in macOS Monterey 12.4. An app may be able to gain elevated privileges. | ||||
| CVE-2022-26688 | 1 Apple | 2 Mac Os X, Macos | 2024-11-21 | 4.4 Medium |
| An issue in the handling of symlinks was addressed with improved validation. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A malicious app with root privileges may be able to modify the contents of system files. | ||||
| CVE-2022-26659 | 2 Docker, Microsoft | 2 Docker Desktop, Windows | 2024-11-21 | 7.1 High |
| Docker Desktop installer on Windows in versions before 4.6.0 allows an attacker to overwrite any administrator writable files by creating a symlink in place of where the installer writes its log file. Starting from version 4.6.0, the Docker Desktop installer, when run elevated, will write its log files to a location not writable by non-administrator users. | ||||
| CVE-2022-26612 | 2 Apache, Microsoft | 2 Hadoop, Windows | 2024-11-21 | 9.8 Critical |
| In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes. As a result, a TAR entry may create a symlink under the expected extraction directory which points to an external directory. A subsequent TAR entry may extract an arbitrary file into the external directory using the symlink name. This however would be caught by the same targetDirPath check on Unix because of the getCanonicalPath call. However on Windows, getCanonicalPath doesn't resolve symbolic links, which bypasses the check. unpackEntries during TAR extraction follows symbolic links which allows writing outside expected base directory on Windows. This was addressed in Apache Hadoop 3.2.3 | ||||
| CVE-2022-26520 | 3 Debian, Postgresql, Redhat | 5 Debian Linux, Postgresql Jdbc Driver, Jboss Enterprise Bpms Platform and 2 more | 2024-11-21 | 9.8 Critical |
| In pgjdbc before 42.3.3, an attacker (who controls the jdbc URL or properties) can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. An example situation is that an attacker could create an executable JSP file under a Tomcat web root. NOTE: the vendor's position is that there is no pgjdbc vulnerability; instead, it is a vulnerability for any application to use the pgjdbc driver with untrusted connection properties | ||||
| CVE-2022-26503 | 2 Microsoft, Veeam | 2 Windows, Veeam | 2024-11-21 | 7.8 High |
| Deserialization of untrusted data in Veeam Agent for Windows 2.0, 2.1, 2.2, 3.0.2, 4.x, and 5.x allows local users to run arbitrary code with local system privileges. | ||||
| CVE-2022-26472 | 2 Google, Mediatek | 40 Android, Mt6739, Mt6761 and 37 more | 2024-11-21 | 7.8 High |
| In ims, there is a possible escalation of privilege due to a parcel format mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07319095; Issue ID: ALPS07319095. | ||||