PT-2022-5784 · Microsoft · Sharepoint Server +1

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Description: The issue is related to insufficient input validation in Microsoft SharePoint Server, which can be exploited by a remote attacker to execute arbitrary code. This can...

PT-2022-5632 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to insufficient access control in the Windows operating system kernel. It allows an attacker to elevate privileges in the system. Recommendations: At the moment, there ...

PT-2022-11367 · Unknown · Ansible Tower

Name of the Vulnerable Software and Affected Versions: ansible-tower affected versions not specified Description: A flaw was found in ansible-tower where the default installation is vulnerable to job isolation escape. This flaw allows an attacker to elevate the privilege from a low privileged use...

Improper Validation of Specified Quantity in Input in vim/vim

...

CVE-2022-30946

A cross-site request forgery CSRF vulnerability in Jenkins Script Security Plugin 1158.v7c1b73a69a08 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-specified webserver...

PT-2022-16001 · Jsonxx · Jsonxx

Name of the Vulnerable Software and Affected Versions: jsonxx affected versions not specified Description: The issue is related to the use of the Value class in jsonxx, which may lead to memory corruption via a double free or a use after free. This occurs because the Value class has a default...

PT-2022-19174 · Intel · Intel Standard Manageability +1

Name of the Vulnerable Software and Affected Versions: IntelR AMT and IntelR Standard Manageability affected versions not specified Description: The issue is related to improper access control in the firmware of IntelR AMT and IntelR Standard Manageability, which may allow an unauthenticated user...

CVE-2022-2845

CVE-2022-2845 (vim): Vim before 9.0.0218 is affected by a buffer over-read in vim/vim due to improper validation of input quantity. This can lead to a crash or memory corruption when opening crafted files. The issue is fixed in 9.0.0218 and later; update Vim to an affected product version >= 9...

PT-2022-22573 · Swftools · Swftools

Name of the Vulnerable Software and Affected Versions: SWFTools affected versions not specified Description: The issue is related to a segmentation violation in SWFTools, specifically via the FoFiTrueType::computeTableChecksumunsigned char, int function at /xpdf/FoFiTrueType.cc. Recommendations: ...

PT-2022-4332 · Microsoft · Azure Site Recovery

Name of the Vulnerable Software and Affected Versions: Azure Site Recovery affected versions not specified Description: The issue is related to insufficient access restriction in the Azure Site Recovery emergency recovery tool for VMWare to Azure, which could allow a remote attacker to elevate...

PT-2022-4306 · Microsoft · Azure Sphere

Name of the Vulnerable Software and Affected Versions: Azure Sphere affected versions not specified Description: The issue is related to a lack of protection for service data in the Azure Sphere operating system. Exploitation of this issue may allow an attacker to gain unauthorized access to...

PT-2022-4266 · Microsoft · Windows Bluetooth Driver +1

Name of the Vulnerable Software and Affected Versions: Windows Bluetooth Driver affected versions not specified Description: The issue is related to insufficient access control in the Windows Bluetooth Driver, which can be exploited to elevate privileges. This can allow an attacker to affect the...

PT-2022-4113 · Microsoft · Exchange Server

Name of the Vulnerable Software and Affected Versions: Microsoft Exchange Server affected versions not specified Description: The issue is related to insufficient access controls in Microsoft Exchange Server, allowing a remote attacker to elevate their privileges. This can impact the system,...

PT-2022-4161 · Microsoft · Edge

Name of the Vulnerable Software and Affected Versions: Microsoft Edge Chromium-based affected versions not specified Description: The issue is related to a buffer overflow in memory, which can be exploited by a remote attacker to execute arbitrary code. Recommendations: At the moment, there is no...

CVE-2022-36920

A cross-site request forgery CSRF vulnerability in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2022-36912

A missing permission check in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

CVE-2022-36911

A cross-site request forgery CSRF vulnerability in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers to connect to an attacker-specified URL...

CVE-2022-36911

A cross-site request forgery CSRF vulnerability in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers to connect to an attacker-specified URL...

CVE-2022-36906

A cross-site request forgery CSRF vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password...

CVE-2022-36888

A missing permission check in Jenkins HashiCorp Vault Plugin 354.vdb858fd6bf48 and earlier allows attackers with Overall/Read permission to obtain credentials stored in Vault with attacker-specified path and keys...