| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-31651 |
|
|
|
2022-05-25 |
2022-05-25 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in libsox.a. |
|
2 |
CVE-2022-31650 |
|
|
|
2022-05-25 |
2022-05-25 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a. |
|
3 |
CVE-2022-31624 |
|
|
DoS |
2022-05-25 |
2022-05-25 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock. |
|
4 |
CVE-2022-31623 |
|
|
DoS |
2022-05-25 |
2022-05-25 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service due to the deadlock. |
|
5 |
CVE-2022-31622 |
|
|
DoS |
2022-05-25 |
2022-05-25 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. |
|
6 |
CVE-2022-31621 |
|
|
DoS |
2022-05-25 |
2022-05-25 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. |
|
7 |
CVE-2022-31620 |
|
|
DoS |
2022-05-25 |
2022-05-25 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In libjpeg before 1.64, BitStream<false>::Get in bitstream.hpp has an assertion failure that may cause denial of service. This is related to out-of-bounds array access during arithmetically coded lossless scan or arithmetically coded sequential scan. |
|
8 |
CVE-2022-31489 |
|
|
Sql |
2022-05-23 |
2022-05-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Inout Blockchain AltExchanger 1.2.1 allows index.php/home/about inoutio_language cookie SQL injection. |
|
9 |
CVE-2022-31488 |
|
|
Sql |
2022-05-23 |
2022-05-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Inout Blockchain AltExchanger 1.2.1 allows index.php/coins/update_marketboxslider marketcurrency SQL injection. |
|
10 |
CVE-2022-31487 |
|
|
Sql |
2022-05-23 |
2022-05-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Inout Blockchain AltExchanger 1.2.1 and Inout Blockchain FiatExchanger 2.2.1 allow Chart/TradingView/chart_content/master.php symbol SQL injection. |
|
11 |
CVE-2022-31467 |
|
|
|
2022-05-23 |
2022-05-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Quick Heal Total Security before 12.1.1.27 allows DLL hijacking during installation. |
|
12 |
CVE-2022-31466 |
|
|
|
2022-05-23 |
2022-05-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Quick Heal Total Security before 12.1.1.27 has a TOCTOU race condition that leads to privilege escalation. It may follow a symlink that was created after a malware check. |
|
13 |
CVE-2022-31268 |
|
|
|
2022-05-21 |
2022-05-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A Path Traversal vulnerability in Gitblit 1.9.3 can lead to reading website files via /resources//../ (e.g., followed by a WEB-INF or META-INF pathname). |
|
14 |
CVE-2022-31267 |
|
|
|
2022-05-21 |
2022-05-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Gitblit 1.9.2 allows privilege escalation via the Config User Service: a control character can be placed in a profile data field, such as an emailAddress%3Atext 'attacker@example.com\n\trole = "#admin"' value. |
|
15 |
CVE-2022-31264 |
|
|
Overflow |
2022-05-21 |
2022-05-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Solana solana_rbpf before 0.2.29 has an addition integer overflow via invalid ELF program headers. elf.rs has a panic via a malformed eBPF program. |
|
16 |
CVE-2022-31263 |
|
|
Bypass |
2022-05-24 |
2022-05-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
app/models/user.rb in Mastodon before 3.5.0 allows a bypass of e-mail restrictions. |
|
17 |
CVE-2022-31261 |
|
|
|
2022-05-24 |
2022-05-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An XXE issue was discovered in Morpheus through 5.2.16 and 5.4.x through 5.4.4. A successful attack requires a SAML identity provider to be configured. In order to exploit the vulnerability, the attacker must know the unique SAML callback ID of the configured identity source. A remote attacker can send a request crafted with an XXE payload to invoke a malicious DTD hosted on a system that they control. This results in reading local files that the application has access to. |
|
18 |
CVE-2022-31259 |
|
|
Bypass |
2022-05-21 |
2022-05-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
The route lookup process in beego through 1.12.4 and 2.x through 2.0.2 allows attackers to bypass access control. When a /p1/p2/:name route is configured, attackers can access it by appending .xml in various places (e.g., p1.xml instead of p1). |
|
19 |
CVE-2022-31258 |
|
|
|
2022-05-20 |
2022-05-21 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In Checkmk before 1.6.0p29, 2.x before 2.0.0p25, and 2.1.x before 2.1.0b10, a site user can escalate to root by editing an OMD hook symlink. |
|
20 |
CVE-2022-31245 |
|
|
|
2022-05-20 |
2022-05-20 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
mailcow before 2022-05d allows a remote authenticated user to inject OS commands and escalate privileges to domain admin via the --debug option in conjunction with the ---PIPEMESS option in Sync Jobs. |
|
21 |
CVE-2022-31215 |
|
|
Bypass |
2022-05-20 |
2022-05-20 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In certain Goverlan products, the Windows Firewall is temporarily turned off upon a Goverlan agent update operation. This allows remote attackers to bypass firewall blocking rules for a time period of up to 30 seconds. This affects Goverlan Reach Console before 10.5.1, Reach Server before 3.70.1, and Reach Client Agents before 10.1.11. |
|
22 |
CVE-2022-30994 |
|
|
|
2022-05-18 |
2022-05-18 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Cleartext transmission of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 29240 |
|
23 |
CVE-2022-30993 |
|
|
|
2022-05-18 |
2022-05-18 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Cleartext transmission of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240 |
|
24 |
CVE-2022-30992 |
|
|
|
2022-05-18 |
2022-05-18 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Open redirect via user-controlled query parameter. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240 |
|
25 |
CVE-2022-30991 |
|
|
|
2022-05-18 |
2022-05-18 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
HTML injection via report name. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240 |
|
26 |
CVE-2022-30990 |
|
|
|
2022-05-18 |
2022-05-18 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 15 (Linux) before build 29240, Acronis Agent (Linux) before build 28037 |
|
27 |
CVE-2022-30976 |
|
|
|
2022-05-18 |
2022-05-18 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
GPAC 2.0.0 misuses a certain Unicode utf8_wcslen (renamed gf_utf8_wcslen) function in utils/utf.c, resulting in a heap-based buffer over-read, as demonstrated by MP4Box. |
|
28 |
CVE-2022-30975 |
|
|
|
2022-05-18 |
2022-05-18 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In Artifex MuJS through 1.2.0, jsP_dumpsyntax in jsdump.c has a NULL pointer dereference, as demonstrated by mujs-pp. |
|
29 |
CVE-2022-30974 |
|
|
|
2022-05-18 |
2022-05-18 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
compile in regexp.c in Artifex MuJS through 1.2.0 results in stack consumption because of unlimited recursion, a different issue than CVE-2019-11413. |
|
30 |
CVE-2022-30970 |
79 |
|
XSS |
2022-05-17 |
2022-05-25 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Jenkins Autocomplete Parameter Plugin 1.1 and earlier references Dropdown Autocomplete parameter and Auto Complete String parameter names in an unsafe manner from Javascript embedded in view definitions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. |
|
31 |
CVE-2022-30968 |
79 |
|
XSS |
2022-05-17 |
2022-05-25 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Jenkins vboxwrapper Plugin 1.3 and earlier does not escape the name and description of VBox node parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. |
|
32 |
CVE-2022-30967 |
79 |
|
XSS |
2022-05-17 |
2022-05-25 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Jenkins Selection tasks Plugin 1.0 and earlier does not escape the name and description of Script Selection task variable parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. |
|
33 |
CVE-2022-30966 |
79 |
|
XSS |
2022-05-17 |
2022-05-25 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Jenkins Random String Parameter Plugin 1.0 and earlier does not escape the name and description of Random String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. |
|
34 |
CVE-2022-30965 |
79 |
|
XSS |
2022-05-17 |
2022-05-25 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Jenkins Promoted Builds (Simple) Plugin 1.9 and earlier does not escape the name and description of Promotion Level parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. |
|
35 |
CVE-2022-30964 |
79 |
|
XSS |
2022-05-17 |
2022-05-25 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Jenkins Multiselect parameter Plugin 1.3 and earlier does not escape the name and description of Multiselect parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. |
|
36 |
CVE-2022-30963 |
79 |
|
XSS |
2022-05-17 |
2022-05-25 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Jenkins JDK Parameter Plugin 1.0 and earlier does not escape the name and description of JDK parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. |
|
37 |
CVE-2022-30962 |
79 |
|
XSS |
2022-05-17 |
2022-05-25 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Jenkins Global Variable String Parameter Plugin 1.2 and earlier does not escape the name and description of Global Variable String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. |
|
38 |
CVE-2022-30961 |
79 |
|
XSS |
2022-05-17 |
2022-05-25 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Jenkins Autocomplete Parameter Plugin 1.1 and earlier does not escape the name of Dropdown Autocomplete and Auto Complete String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. |
|
39 |
CVE-2022-30960 |
79 |
|
XSS |
2022-05-17 |
2022-05-25 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Jenkins Application Detector Plugin 1.0.8 and earlier does not escape the name of Chois Application Version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. |
|
40 |
CVE-2022-30957 |
|
|
|
2022-05-17 |
2022-05-17 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. |
|
41 |
CVE-2022-30956 |
|
|
XSS |
2022-05-17 |
2022-05-17 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Jenkins Rundeck Plugin 3.6.10 and earlier does not restrict URL schemes in Rundeck webhook submissions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to submit crafted Rundeck webhook payloads. |
|
42 |
CVE-2022-30955 |
|
|
|
2022-05-17 |
2022-05-17 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Jenkins GitLab Plugin 1.5.31 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. |
|
43 |
CVE-2022-30954 |
|
|
|
2022-05-17 |
2022-05-17 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server. |
|
44 |
CVE-2022-30953 |
|
|
CSRF |
2022-05-17 |
2022-05-17 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server. |
|
45 |
CVE-2022-30952 |
|
|
|
2022-05-17 |
2022-05-17 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Jenkins Pipeline SCM API for Blue Ocean Plugin 1.25.3 and earlier allows attackers with Job/Configure permission to access credentials with attacker-specified IDs stored in the private per-user credentials stores of any attacker-specified user in Jenkins. |
|
46 |
CVE-2022-30951 |
|
|
|
2022-05-17 |
2022-05-17 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Jenkins WMI Windows Agents Plugin 1.8 and earlier includes the Windows Remote Command library does not implement access control, potentially allowing users to start processes even if they're not allowed to log in. |
|
47 |
CVE-2022-30950 |
|
|
Exec Code Overflow |
2022-05-17 |
2022-05-17 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Jenkins WMI Windows Agents Plugin 1.8 and earlier includes the Windows Remote Command library which has a buffer overflow vulnerability that may allow users able to connect to a named pipe to execute commands on the Windows agent machine. |
|
48 |
CVE-2022-30949 |
|
|
+Info |
2022-05-17 |
2022-05-17 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Jenkins REPO Plugin 1.14.0 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents. |
|
49 |
CVE-2022-30948 |
|
|
+Info |
2022-05-17 |
2022-05-17 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Jenkins Mercurial Plugin 2.16 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents. |
|
50 |
CVE-2022-30947 |
|
|
+Info |
2022-05-17 |
2022-05-17 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Jenkins Git Plugin 4.11.1 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents. |
