CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2022-31651 2022-05-25 2022-05-25
0.0
None ??? ??? ??? ??? ??? ???
In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in libsox.a.
2 CVE-2022-31650 2022-05-25 2022-05-25
0.0
None ??? ??? ??? ??? ??? ???
In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a.
3 CVE-2022-31624 DoS 2022-05-25 2022-05-25
0.0
None ??? ??? ??? ??? ??? ???
MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock.
4 CVE-2022-31623 DoS 2022-05-25 2022-05-25
0.0
None ??? ??? ??? ??? ??? ???
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service due to the deadlock.
5 CVE-2022-31622 DoS 2022-05-25 2022-05-25
0.0
None ??? ??? ??? ??? ??? ???
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock.
6 CVE-2022-31621 DoS 2022-05-25 2022-05-25
0.0
None ??? ??? ??? ??? ??? ???
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock.
7 CVE-2022-31620 DoS 2022-05-25 2022-05-25
0.0
None ??? ??? ??? ??? ??? ???
In libjpeg before 1.64, BitStream<false>::Get in bitstream.hpp has an assertion failure that may cause denial of service. This is related to out-of-bounds array access during arithmetically coded lossless scan or arithmetically coded sequential scan.
8 CVE-2022-31489 Sql 2022-05-23 2022-05-23
0.0
None ??? ??? ??? ??? ??? ???
Inout Blockchain AltExchanger 1.2.1 allows index.php/home/about inoutio_language cookie SQL injection.
9 CVE-2022-31488 Sql 2022-05-23 2022-05-23
0.0
None ??? ??? ??? ??? ??? ???
Inout Blockchain AltExchanger 1.2.1 allows index.php/coins/update_marketboxslider marketcurrency SQL injection.
10 CVE-2022-31487 Sql 2022-05-23 2022-05-23
0.0
None ??? ??? ??? ??? ??? ???
Inout Blockchain AltExchanger 1.2.1 and Inout Blockchain FiatExchanger 2.2.1 allow Chart/TradingView/chart_content/master.php symbol SQL injection.
11 CVE-2022-31467 2022-05-23 2022-05-23
0.0
None ??? ??? ??? ??? ??? ???
Quick Heal Total Security before 12.1.1.27 allows DLL hijacking during installation.
12 CVE-2022-31466 2022-05-23 2022-05-23
0.0
None ??? ??? ??? ??? ??? ???
Quick Heal Total Security before 12.1.1.27 has a TOCTOU race condition that leads to privilege escalation. It may follow a symlink that was created after a malware check.
13 CVE-2022-31268 2022-05-21 2022-05-23
0.0
None ??? ??? ??? ??? ??? ???
A Path Traversal vulnerability in Gitblit 1.9.3 can lead to reading website files via /resources//../ (e.g., followed by a WEB-INF or META-INF pathname).
14 CVE-2022-31267 2022-05-21 2022-05-23
0.0
None ??? ??? ??? ??? ??? ???
Gitblit 1.9.2 allows privilege escalation via the Config User Service: a control character can be placed in a profile data field, such as an emailAddress%3Atext 'attacker@example.com\n\trole = "#admin"' value.
15 CVE-2022-31264 Overflow 2022-05-21 2022-05-23
0.0
None ??? ??? ??? ??? ??? ???
Solana solana_rbpf before 0.2.29 has an addition integer overflow via invalid ELF program headers. elf.rs has a panic via a malformed eBPF program.
16 CVE-2022-31263 Bypass 2022-05-24 2022-05-24
0.0
None ??? ??? ??? ??? ??? ???
app/models/user.rb in Mastodon before 3.5.0 allows a bypass of e-mail restrictions.
17 CVE-2022-31261 2022-05-24 2022-05-24
0.0
None ??? ??? ??? ??? ??? ???
An XXE issue was discovered in Morpheus through 5.2.16 and 5.4.x through 5.4.4. A successful attack requires a SAML identity provider to be configured. In order to exploit the vulnerability, the attacker must know the unique SAML callback ID of the configured identity source. A remote attacker can send a request crafted with an XXE payload to invoke a malicious DTD hosted on a system that they control. This results in reading local files that the application has access to.
18 CVE-2022-31259 Bypass 2022-05-21 2022-05-23
0.0
None ??? ??? ??? ??? ??? ???
The route lookup process in beego through 1.12.4 and 2.x through 2.0.2 allows attackers to bypass access control. When a /p1/p2/:name route is configured, attackers can access it by appending .xml in various places (e.g., p1.xml instead of p1).
19 CVE-2022-31258 2022-05-20 2022-05-21
0.0
None ??? ??? ??? ??? ??? ???
In Checkmk before 1.6.0p29, 2.x before 2.0.0p25, and 2.1.x before 2.1.0b10, a site user can escalate to root by editing an OMD hook symlink.
20 CVE-2022-31245 2022-05-20 2022-05-20
0.0
None ??? ??? ??? ??? ??? ???
mailcow before 2022-05d allows a remote authenticated user to inject OS commands and escalate privileges to domain admin via the --debug option in conjunction with the ---PIPEMESS option in Sync Jobs.
21 CVE-2022-31215 Bypass 2022-05-20 2022-05-20
0.0
None ??? ??? ??? ??? ??? ???
In certain Goverlan products, the Windows Firewall is temporarily turned off upon a Goverlan agent update operation. This allows remote attackers to bypass firewall blocking rules for a time period of up to 30 seconds. This affects Goverlan Reach Console before 10.5.1, Reach Server before 3.70.1, and Reach Client Agents before 10.1.11.
22 CVE-2022-30994 2022-05-18 2022-05-18
0.0
None ??? ??? ??? ??? ??? ???
Cleartext transmission of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 29240
23 CVE-2022-30993 2022-05-18 2022-05-18
0.0
None ??? ??? ??? ??? ??? ???
Cleartext transmission of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240
24 CVE-2022-30992 2022-05-18 2022-05-18
0.0
None ??? ??? ??? ??? ??? ???
Open redirect via user-controlled query parameter. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240
25 CVE-2022-30991 2022-05-18 2022-05-18
0.0
None ??? ??? ??? ??? ??? ???
HTML injection via report name. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240
26 CVE-2022-30990 2022-05-18 2022-05-18
0.0
None ??? ??? ??? ??? ??? ???
Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 15 (Linux) before build 29240, Acronis Agent (Linux) before build 28037
27 CVE-2022-30976 2022-05-18 2022-05-18
0.0
None ??? ??? ??? ??? ??? ???
GPAC 2.0.0 misuses a certain Unicode utf8_wcslen (renamed gf_utf8_wcslen) function in utils/utf.c, resulting in a heap-based buffer over-read, as demonstrated by MP4Box.
28 CVE-2022-30975 2022-05-18 2022-05-18
0.0
None ??? ??? ??? ??? ??? ???
In Artifex MuJS through 1.2.0, jsP_dumpsyntax in jsdump.c has a NULL pointer dereference, as demonstrated by mujs-pp.
29 CVE-2022-30974 2022-05-18 2022-05-18
0.0
None ??? ??? ??? ??? ??? ???
compile in regexp.c in Artifex MuJS through 1.2.0 results in stack consumption because of unlimited recursion, a different issue than CVE-2019-11413.
30 CVE-2022-30970 79 XSS 2022-05-17 2022-05-25
3.5
None Remote Medium ??? None Partial None
Jenkins Autocomplete Parameter Plugin 1.1 and earlier references Dropdown Autocomplete parameter and Auto Complete String parameter names in an unsafe manner from Javascript embedded in view definitions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
31 CVE-2022-30968 79 XSS 2022-05-17 2022-05-25
3.5
None Remote Medium ??? None Partial None
Jenkins vboxwrapper Plugin 1.3 and earlier does not escape the name and description of VBox node parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
32 CVE-2022-30967 79 XSS 2022-05-17 2022-05-25
3.5
None Remote Medium ??? None Partial None
Jenkins Selection tasks Plugin 1.0 and earlier does not escape the name and description of Script Selection task variable parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
33 CVE-2022-30966 79 XSS 2022-05-17 2022-05-25
3.5
None Remote Medium ??? None Partial None
Jenkins Random String Parameter Plugin 1.0 and earlier does not escape the name and description of Random String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
34 CVE-2022-30965 79 XSS 2022-05-17 2022-05-25
3.5
None Remote Medium ??? None Partial None
Jenkins Promoted Builds (Simple) Plugin 1.9 and earlier does not escape the name and description of Promotion Level parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
35 CVE-2022-30964 79 XSS 2022-05-17 2022-05-25
3.5
None Remote Medium ??? None Partial None
Jenkins Multiselect parameter Plugin 1.3 and earlier does not escape the name and description of Multiselect parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
36 CVE-2022-30963 79 XSS 2022-05-17 2022-05-25
3.5
None Remote Medium ??? None Partial None
Jenkins JDK Parameter Plugin 1.0 and earlier does not escape the name and description of JDK parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
37 CVE-2022-30962 79 XSS 2022-05-17 2022-05-25
3.5
None Remote Medium ??? None Partial None
Jenkins Global Variable String Parameter Plugin 1.2 and earlier does not escape the name and description of Global Variable String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
38 CVE-2022-30961 79 XSS 2022-05-17 2022-05-25
3.5
None Remote Medium ??? None Partial None
Jenkins Autocomplete Parameter Plugin 1.1 and earlier does not escape the name of Dropdown Autocomplete and Auto Complete String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
39 CVE-2022-30960 79 XSS 2022-05-17 2022-05-25
3.5
None Remote Medium ??? None Partial None
Jenkins Application Detector Plugin 1.0.8 and earlier does not escape the name of Chois Application Version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
40 CVE-2022-30957 2022-05-17 2022-05-17
0.0
None ??? ??? ??? ??? ??? ???
A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
41 CVE-2022-30956 XSS 2022-05-17 2022-05-17
0.0
None ??? ??? ??? ??? ??? ???
Jenkins Rundeck Plugin 3.6.10 and earlier does not restrict URL schemes in Rundeck webhook submissions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to submit crafted Rundeck webhook payloads.
42 CVE-2022-30955 2022-05-17 2022-05-17
0.0
None ??? ??? ??? ??? ??? ???
Jenkins GitLab Plugin 1.5.31 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
43 CVE-2022-30954 2022-05-17 2022-05-17
0.0
None ??? ??? ??? ??? ??? ???
Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server.
44 CVE-2022-30953 CSRF 2022-05-17 2022-05-17
0.0
None ??? ??? ??? ??? ??? ???
A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server.
45 CVE-2022-30952 2022-05-17 2022-05-17
0.0
None ??? ??? ??? ??? ??? ???
Jenkins Pipeline SCM API for Blue Ocean Plugin 1.25.3 and earlier allows attackers with Job/Configure permission to access credentials with attacker-specified IDs stored in the private per-user credentials stores of any attacker-specified user in Jenkins.
46 CVE-2022-30951 2022-05-17 2022-05-17
0.0
None ??? ??? ??? ??? ??? ???
Jenkins WMI Windows Agents Plugin 1.8 and earlier includes the Windows Remote Command library does not implement access control, potentially allowing users to start processes even if they're not allowed to log in.
47 CVE-2022-30950 Exec Code Overflow 2022-05-17 2022-05-17
0.0
None ??? ??? ??? ??? ??? ???
Jenkins WMI Windows Agents Plugin 1.8 and earlier includes the Windows Remote Command library which has a buffer overflow vulnerability that may allow users able to connect to a named pipe to execute commands on the Windows agent machine.
48 CVE-2022-30949 +Info 2022-05-17 2022-05-17
0.0
None ??? ??? ??? ??? ??? ???
Jenkins REPO Plugin 1.14.0 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents.
49 CVE-2022-30948 +Info 2022-05-17 2022-05-17
0.0
None ??? ??? ??? ??? ??? ???
Jenkins Mercurial Plugin 2.16 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents.
50 CVE-2022-30947 +Info 2022-05-17 2022-05-17
0.0
None ??? ??? ??? ??? ??? ???
Jenkins Git Plugin 4.11.1 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.