CVE-2022-2550

OS Command Injection in GitHub repository hestiacp/hestiacp prior to 1.6.5.

Source: CVE-2022-2550

CVE-2022-36883

A missing permission check in Jenkins Git Plugin 4.11.3 and earlier allows unauthenticated attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit.

Source: CVE-2022-36883

CVE-2022-36884

The webhook endpoint in Jenkins Git Plugin 4.11.3 and earlier provide unauthenticated attackers information about the existence of jobs configured to use an attacker-specified Git repository.

Source: CVE-2022-36884

CVE-2022-36885

Jenkins GitHub Plugin 1.34.4 and earlier uses a non-constant time comparison function when checking whether the provided and computed webhook signatures are equal, allowing attackers to use statistical methods to obtain a valid webhook signature.

Source: CVE-2022-36885

CVE-2022-36881

Jenkins Git client Plugin 3.11.0 and earlier does not perform SSH host key verification when connecting to Git repositories via SSH, enabling man-in-the-middle attacks.

Source: CVE-2022-36881

CVE-2022-34529

WASM3 v0.5.0 was discovered to contain a segmentation fault via the component Compile_Memory_CopyFill.

Source: CVE-2022-34529

CVE-2022-34551

Sims v1.0 was discovered to allow path traversal when downloading attachments.

Source: CVE-2022-34551

CVE-2022-23100

OX App Suite through 7.10.6 allows OS Command Injection via Documentconverter (e.g., through an email attachment).

Source: CVE-2022-23100

CVE-2022-23101

OX App Suite through 7.10.6 allows XSS via appHandler in a deep link in an e-mail message.

Source: CVE-2022-23101

CVE-2022-24406

OX App Suite through 7.10.6 allows SSRF because multipart/form-data boundaries are predictable, and this can lead to injection into internal Documentconverter API calls.

Source: CVE-2022-24406