The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2022-23227 | NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users because of the lack of handle_import_user.php authentication. When combined with another flaw (CVE-2011-5325), it is possible to overwrite arbitrary files under the web root and achieve code execution as root. | -- | Jan 14, 2022 |
| CVE-2022-23222 | kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of the availability of pointer arithmetic via certain *_OR_NULL pointer types. | -- | Jan 14, 2022 |
| CVE-2022-23219 | The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. | -- | Jan 14, 2022 |
| CVE-2022-23218 | The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. | -- | Jan 14, 2022 |
| CVE-2022-23178 | An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switcher is accessed unauthenticated, user credentials are disclosed that are valid to authenticate to the web interface. Specifically, aj.html sends a JSON document with uname and upassword fields. | -- | Jan 15, 2022 |
| CVE-2022-23134 | After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend. | -- | Jan 13, 2022 |
| CVE-2022-23133 | An authenticated user can create a hosts group from the configuration with XSS payload, which will be available for other users. When XSS is stored by an authenticated malicious actor and other users try to search for groups during new host creation, the XSS payload will fire and the actor can steal session cookies and perform session hijacking to impersonate users or take over their accounts. | -- | Jan 13, 2022 |
| CVE-2022-23132 | During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability is in use to access PID files in [/var/run/zabbix] folder. In this case, Zabbix Proxy or Server processes can bypass file read, write and execute permissions check on the file system level | -- | Jan 13, 2022 |
| CVE-2022-23131 | In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified. Malicious unauthenticated actor may exploit this issue to escalate privileges and gain admin access to Zabbix Frontend. To perform the attack, SAML authentication is required to be enabled and the actor has to know the username of Zabbix user (or use the guest account, which is disabled by default). | -- | Jan 13, 2022 |
| CVE-2022-23118 | Jenkins Debian Package Builder Plugin 1.6.11 and earlier implements functionality that allows agents to invoke command-line `git` at an attacker-specified path on the controller, allowing attackers able to control agent processes to invoke arbitrary OS commands on the controller. | -- | Jan 13, 2022 |
| CVE-2022-23117 | Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to retrieve all username/password credentials stored on the Jenkins controller. | -- | Jan 13, 2022 |
| CVE-2022-23116 | Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to decrypt secrets stored in Jenkins obtained through another method. | -- | Jan 13, 2022 |
| CVE-2022-23115 | Cross-site request forgery (CSRF) vulnerabilities in Jenkins batch task Plugin 1.19 and earlier allows attackers with Overall/Read access to retrieve logs, build or delete a batch task. | -- | Jan 13, 2022 |
| CVE-2022-23114 | Jenkins Publish Over SSH Plugin 1.22 and earlier stores password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | -- | Jan 13, 2022 |
| CVE-2022-23113 | Jenkins Publish Over SSH Plugin 1.22 and earlier performs a validation of the file name specifying whether it is present or not, resulting in a path traversal vulnerability allowing attackers with Item/Configure permission to discover the name of the Jenkins controller files. | -- | Jan 13, 2022 |
| CVE-2022-23112 | A missing permission check in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers with Overall/Read access to connect to an attacker-specified SSH server using attacker-specified credentials. | -- | Jan 13, 2022 |
| CVE-2022-23111 | A cross-site request forgery (CSRF) vulnerability in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials. | -- | Jan 13, 2022 |
| CVE-2022-23110 | Jenkins Publish Over SSH Plugin 1.22 and earlier does not escape the SSH server name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission. | -- | Jan 13, 2022 |
| CVE-2022-23109 | Jenkins HashiCorp Vault Plugin 3.7.0 and earlier does not mask Vault credentials in Pipeline build logs or in Pipeline step descriptions when Pipeline: Groovy Plugin 2.85 or later is installed. | -- | Jan 13, 2022 |
| CVE-2022-23108 | Jenkins Badge Plugin 1.9 and earlier does not escape the description and does not check for allowed protocols when creating a badge, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | -- | Jan 13, 2022 |
| CVE-2022-23107 | Jenkins Warnings Next Generation Plugin 9.10.2 and earlier does not restrict the name of a file when configuring custom ID, allowing attackers with Item/Configure permission to write and read specific files with a hard-coded suffix on the Jenkins controller file system. | -- | Jan 13, 2022 |
| CVE-2022-23106 | Jenkins Configuration as Code Plugin 1.55 and earlier used a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token. | -- | Jan 13, 2022 |
| CVE-2022-23105 | Jenkins Active Directory Plugin 2.25 and earlier does not encrypt the transmission of data between the Jenkins controller and Active Directory servers in most configurations. | -- | Jan 13, 2022 |
| CVE-2022-23095 | Open Design Alliance Drawings SDK before 2022.12.1 mishandles the loading of JPG files. Unchecked input data from a crafted JPG file leads to memory corruption. An attacker can leverage this vulnerability to execute code in the context of the current process. | -- | Jan 15, 2022 |
| CVE-2022-23094 | Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted IKEv1 packet because pluto/ikev1.c wrongly expects that a state object exists. This is fixed in 4.6. | -- | Jan 16, 2022 |
| CVE-2022-22991 | A malicious user on the same LAN could use DNS spoofing followed by a command injection attack to trick a NAS device into loading through an unsecured HTTP call. Addressed this vulnerability by disabling checks for internet connectivity using HTTP. | -- | Jan 14, 2022 |
| CVE-2022-22990 | A limited authentication bypass vulnerability was discovered that could allow an attacker to achieve remote code execution and escalate privileges on the My Cloud devices. Addressed this vulnerability by changing access token validation logic and rewriting rule logic on PHP scripts. | -- | Jan 14, 2022 |
| CVE-2022-22989 | My Cloud OS 5 was vulnerable to a pre-authenticated stack overflow vulnerability on the FTP service. Addressed the vulnerability by adding defenses against stack overflow issues. | -- | Jan 14, 2022 |
| CVE-2022-22988 | File and directory permissions have been corrected to prevent unintended users from modifying or accessing resources. | -- | Jan 14, 2022 |
| CVE-2022-22847 | Formpipe Lasernet before 9.13.3 allows file inclusion in Client Web Services (either by an authenticated attacker, or in a configuration that does not require authentication). | -- | Jan 10, 2022 |
| CVE-2022-22846 | The dnslib package through 0.9.16 for Python does not verify that the ID value in a DNS reply matches an ID value in a query. | -- | Jan 10, 2022 |
| CVE-2022-22845 | QXIP SIPCAPTURE homer-app before 1.4.28 for HOMER 7.x has the same 167f0db2-f83e-4baa-9736-d56064a5b415 JWT secret key across different customers\' installations. | -- | Jan 10, 2022 |
| CVE-2022-22844 | tiffset: Global-buffer-overflow in _TIFFmemcpy, tif_unix.c | -- | Jan 10, 2022 |
| CVE-2022-22836 | CoreFTP Server before 727 allows directory traversal (for file creation) by an authenticated attacker via ../ in an HTTP PUT request. | -- | Jan 10, 2022 |
| CVE-2022-22827 | lib: Prevent more integer overflows | MEDIUM | Jan 9, 2022 |
| CVE-2022-22826 | lib: Prevent integer overflow at multiple places | MEDIUM | Jan 9, 2022 |
| CVE-2022-22825 | lib: Prevent integer overflow at multiple places | MEDIUM | Jan 9, 2022 |
| CVE-2022-22824 | lib: Prevent integer overflow at multiple places | HIGH | Jan 9, 2022 |
| CVE-2022-22823 | lib: Prevent integer overflow at multiple places | HIGH | Jan 9, 2022 |
| CVE-2022-22822 | lib: Prevent more integer overflows | HIGH | Jan 9, 2022 |
| CVE-2022-22821 | NVIDIA NeMo before 1.6.0 contains a vulnerability in ASR WebApp, in which ../ Path Traversal may lead to deletion of any directory when admin privileges are available. | -- | Jan 10, 2022 |
| CVE-2022-22817 | Restrict builtins for ImageMath.eval() | -- | Jan 9, 2022 |
| CVE-2022-22816 | Fixed ImagePath.Path array handling | -- | Jan 9, 2022 |
| CVE-2022-22815 | Fixed ImagePath.Path array handling | -- | Jan 9, 2022 |
| CVE-2022-22747 | Crash when handling empty pkcs7 sequence | -- | Jan 14, 2022 |
| CVE-2022-22707 | In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes), as demonstrated by remote denial of service (daemon crash). | MEDIUM | Jan 6, 2022 |
| CVE-2022-22704 | The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes allows privilege escalation to root because the design incorrectly expected that systemd would (in effect) determine part of the configuration. | HIGH | Jan 6, 2022 |
| CVE-2022-22702 | PartKeepr versions up to v1.4.0, in the functionality to upload attachments using a URL when creating a part does not validate that requests can be made to local ports, allowing an authenticated user to carry out SSRF attacks and port enumeration. | -- | Jan 10, 2022 |
| CVE-2022-22701 | PartKeepr versions up to v1.4.0, loads attachments using a URL while creating a part and allows the use of the \'file://\' URI scheme, allowing an authenticated user to read local files. | -- | Jan 10, 2022 |
| CVE-2022-22531 | The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to run arbitrary script code, resulting in sensitive information being disclosed or modified. | -- | Jan 14, 2022 |
