PT-2022-5343 · Cisco · Cisco Roomos +1

Name of the Vulnerable Software and Affected Versions: Cisco TelePresence Collaboration Endpoint CE Software affected versions not specified Cisco RoomOS Software affected versions not specified Description: The issue is related to multiple vulnerabilities in the software, including a command-lin...

CVE-2022-43418

A cross-site request forgery CSRF vulnerability in Jenkins Katalon Plugin 1.0.33 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2022-43418

A cross-site request forgery CSRF vulnerability in Jenkins Katalon Plugin 1.0.33 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

PT-2022-24752 · Unisoc (Shanghai) Technologies Co. +1 · Sc9863A/Sc9832E/Sc7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000 +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned, use: affected versions not specified Description: The issue is related to a sensor driver, where a missing bounds check can cause an out of bounds write. This could potentially lead to a local denia...

PT-2022-5642 · Microsoft · Windows Tcp/Ip Driver +1

Name of the Vulnerable Software and Affected Versions: Windows TCP/IP Driver affected versions not specified Description: The issue is related to an uncontrolled consumption of resources in the Windows TCP/IP Driver, which can be exploited by a remote attacker to cause a denial of service. This c...

PT-2022-5444 · Microsoft · Windows Portable Device Enumerator Service +1

Name of the Vulnerable Software and Affected Versions: Windows Portable Device Enumerator Service affected versions not specified Description: The issue is related to the use of a hardcoded cryptographic key in the Windows Portable Device Enumerator Service. This could allow an attacker to bypass...

PT-2022-5426 · Microsoft · Windows Local Session Manager +1

Name of the Vulnerable Software and Affected Versions: Windows Local Session Manager affected versions not specified Description: The issue is related to insufficient input validation in the Windows Local Session Manager component of the Windows operating system. This can be exploited by a remote...

PT-2022-6017 · Cisco · Cisco Sd-Wan

Name of the Vulnerable Software and Affected Versions: Cisco SD-WAN Software affected versions not specified Description: A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite and possibly corrupt files on an affected system. This issue is d...

PT-2022-37302 · Exiv2 · Exiv2

Name of the Vulnerable Software and Affected Versions: Exiv2 affected versions not specified Description: The issue is related to a heap buffer overflow error. Technical details about the error include the crash type being a heap-buffer-overflow WRITE and the crash state involving functions such ...

PT-2022-23690 · Whatsapp · Whatsapp

Name of the Vulnerable Software and Affected Versions: WhatsApp affected versions not specified Description: An integer overflow in WhatsApp could result in remote code execution in an established video call. The issue affects WhatsApp mobile apps. Recommendations: At the moment, there is no...

CVE-2022-41245

A cross-site request forgery CSRF vulnerability in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

Design/Logic Flaw

A missing permission check in Jenkins DotCi Plugin 2.40.00 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository for attacker-specified commits...

CVE-2022-41254

Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2022-41238

A missing permission check in Jenkins DotCi Plugin 2.40.00 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository for attacker-specified commits...

CVE-2022-41227

A cross-site request forgery CSRF vulnerability in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials...

Jenkins Security Inspector Plugin 跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A cross-site request...

PT-2022-25761 · Jenkins · Jenkins Worksoft Execution Manager Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Worksoft Execution Manager Plugin versions 10.0.3.503 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified...

PT-2022-25321 · Seagate · Seagate

Name of the Vulnerable Software and Affected Versions: Seagate affected versions not specified Description: The issue involves exploiting a Seagate service to create a SYSTEM shell. This is related to local privilege escalation exploits. There is no information provided about the estimated number...

PT-2022-7604 · Apple +7 · Macos Ventura +13

Name of the Vulnerable Software and Affected Versions: Safari versions prior to 16.2 tvOS versions prior to 16.2 macOS Ventura versions prior to 13.1 iOS versions prior to 16.2 iPadOS versions prior to 16.2 watchOS versions prior to 9.2 WebKitGTK affected versions not specified WPE WebKit affecte...

walkerbooks.com.au Cross Site Scripting vulnerability OBB-2922918

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...