CVEs from 2022
Total
5,370
critical
critical 88
high
high 1,219
medium
medium 945
low
low 24
% Critical
1.6%
% with KEV
2.4%
% with exploit
3.3%
Top vendors
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-34797 | unknown | — | — | 4y ago | Cross-Site Request Forgery in Jenkins Deployment Dashboard Plugin | |||
| CVE-2022-34799 | unknown | — | — | 4y ago | Plaintext Storage of a Password in Jenkins Deployment Dashboard Plugin | |||
| CVE-2022-34786 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins Rich Text Publisher Plugin | |||
| CVE-2022-34796 | unknown | — | — | 4y ago | Jenkins Deployment Dashboard Plugin has Insufficiently Protected Credentials | |||
| CVE-2022-34783 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins Plot Plugin | |||
| CVE-2022-34791 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins Validating Email Parameter Plugin | |||
| CVE-2022-34795 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins Deployment Dashboard Plugin | |||
| CVE-2022-34789 | unknown | — | — | 4y ago | Jenkins Matrix Reloaded Plugin vulnerable to CSRF | |||
| CVE-2022-34792 | unknown | — | — | 4y ago | Cross-Site Request Forgery in Jenkins Recipe Plugin | |||
| CVE-2022-34787 | unknown | — | — | 4y ago | Jenkins Project Inheritance Plugin vulnerable to cross site scripting | |||
| CVE-2022-34794 | unknown | — | — | 4y ago | Missing Authorization in Jenkins Recipe Plugin | |||
| CVE-2022-34793 | unknown | — | — | 4y ago | XML External Entity Reference in Jenkins Recipe Plugin | |||
| CVE-2022-34782 | unknown | — | — | 4y ago | Incorrect Authorization in Jenkins requests-plugin | |||
| CVE-2022-34785 | unknown | — | — | 4y ago | Jenkins build-metrics Plugin Missing Authorization vulnerability | |||
| CVE-2022-34779 | unknown | — | — | 4y ago | Missing permission checks in Jenkins XebiaLabs XL Release Plugin allow enumerating credentials IDs | |||
| CVE-2022-34801 | unknown | — | — | 4y ago | Cleartext Storage of Sensitive Information in Jenkins Build Notifications Plugin | |||
| CVE-2022-34798 | unknown | — | — | 4y ago | Missing Authorization in Jenkins Deployment Dashboard Plugin | |||
| CVE-2022-34777 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins GitLab Plugin | |||
| CVE-2022-34780 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins XebiaLabs XL Release Plugin allow capturing credentials | |||
| CVE-2022-32532 | unknown | — | — | 4y ago | Improper Authorization in Apache Shiro | |||
| CVE-2022-26477 | unknown | — | — | 4y ago | SystemDS CPU exhaustion vulnerability | |||
| CVE-2022-33879 | unknown | — | — | 4y ago | Apache Tika contains incomplete fix for regex DoS | |||
| CVE-2022-34207 | unknown | — | — | 4y ago | Cross-Site Request Forgery in Jenkins Beaker builder Plugin | |||
| CVE-2022-34205 | unknown | — | — | 4y ago | Cross-Site Request Forgery in Jenkins Jianliao Notification Plugin | |||
| CVE-2022-34211 | unknown | — | — | 4y ago | Cross-Site Request Forgery in Jenkins vRealize Orchestrator Plugin | |||
| CVE-2022-34210 | unknown | — | — | 4y ago | Missing permission check in Jenkins ThreadFix Plugin | |||
| CVE-2022-34198 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins Stash Branch Parameter Plugin | |||
| CVE-2022-34208 | unknown | — | — | 4y ago | Jenkins Beaker builder Plugin Missing Authorization vulnerability | |||
| CVE-2022-34298 | unknown | — | — | 4y ago | NT auth module vulnerability in OpenAM | |||
| CVE-2022-34209 | unknown | — | — | 4y ago | Cross-Site Request Forgery in Jenkins ThreadFix Plugin | |||
| CVE-2022-34212 | unknown | — | — | 4y ago | Missing permission check in Jenkins vRealize Orchestrator Plugin | |||
| CVE-2022-34305 | unknown | — | — | 4y ago | In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data with… | |||
| CVE-2022-34213 | unknown | — | — | 4y ago | Squash TM Publisher (Squash4Jenkins) Plugin stores passwords stored in plain text | |||
| CVE-2022-34174 | unknown | — | — | 4y ago | Observable timing discrepancy allows determining username validity in Jenkins | |||
| CVE-2022-34185 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins Date Parameter Plugin | |||
| CVE-2022-33113 | unknown | — | — | 4y ago | Cross-site Scripting in Jfinal CMS | |||
| CVE-2022-34191 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins NS-ND Integration Performance Publisher Plugin | |||
| CVE-2022-34176 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins JUnit Plugin | |||
| CVE-2022-34197 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins Sauce OnDemand Plugin | |||
| CVE-2022-34188 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins Hidden Parameter Plugin | |||
| CVE-2022-34171 | unknown | — | — | 4y ago | Cross-site Scripting vulnerability in Jenkins | |||
| CVE-2022-34178 | unknown | — | — | 4y ago | Reflected Cross site scripting in Jenkins Embeddable Build Status Plugin | |||
| CVE-2022-34201 | unknown | — | — | 4y ago | Missing permission check in Jenkins Convertigo Mobile Platform Plugin | |||
| CVE-2022-34186 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins Dynamic Extended Choice Parameter Plugin | |||
| CVE-2022-34190 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins Maven Metadata Plugin | |||
| CVE-2022-34199 | unknown | — | — | 4y ago | Plaintext Storage of a Password in Jenkins Convertigo Mobile Platform Plugin | |||
| CVE-2022-34204 | unknown | — | — | 4y ago | Jenkins EasyQA Plugin Missing Authorization vulnerability | |||
| CVE-2022-34193 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins Package Version Plugin | |||
| CVE-2022-34187 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins Filesystem List Parameter Plugin | |||
| CVE-2022-34202 | unknown | — | — | 4y ago | User passwords stored in plain text by Jenkins EasyQA Plugin | |||
| CVE-2022-34194 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins Readonly Parameter Plugin | |||
| CVE-2022-34182 | unknown | — | — | 4y ago | Reflected Cross-site Scripting in Jenkins Nested View Plugin | |||
| CVE-2022-34195 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins Repository Connector Plugin | |||
| CVE-2022-34173 | unknown | — | — | 4y ago | Cross-site Scripting vulnerability in Jenkins | |||
| CVE-2022-34180 | unknown | — | — | 4y ago | Improper authorization in Jenkins Embeddable Build Status Plugin bypasses ViewStatus permission requirement | |||
| CVE-2022-34192 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins ontrack Jenkins Plugin | |||
| CVE-2022-34196 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins REST List Parameter Plugin | |||
| CVE-2022-34170 | unknown | — | — | 4y ago | Cross-site Scripting vulnerability in Jenkins | |||
| CVE-2022-34179 | unknown | — | — | 4y ago | Path Traversal vulnerability in Jenkins Embeddable Build Status Plugin | |||
| CVE-2022-34206 | unknown | — | — | 4y ago | Jenkins Jianliao Notification Plugin Missing Authorization vulnerability | |||
| CVE-2022-34172 | unknown | — | — | 4y ago | Cross-site Scripting vulnerability in Jenkins | |||
| CVE-2022-34184 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins CRX Content Package Deployer Plugin | |||
| CVE-2022-34175 | unknown | — | — | 4y ago | Unauthorized view fragment access in Jenkins | |||
| CVE-2022-34181 | unknown | — | — | 4y ago | Agent-to-controller security bypass in Jenkins xUnit Plugin | |||
| CVE-2022-34183 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins Agent Server Parameter Plugin | |||
| CVE-2022-34189 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins Image Tag Parameter Plugin | |||
| CVE-2022-34203 | unknown | — | — | 4y ago | Cross-Site Request Forgery in Jenkins EasyQA Plugin | |||
| CVE-2022-34177 | unknown | — | — | 4y ago | Arbitrary file write vulnerability in Jenkins Pipeline: Input Step Plugin | |||
| CVE-2022-22980 | unknown | — | — | 4y ago | SpEL Injection in Spring Data MongoDB | |||
| CVE-2022-32549 | unknown | — | — | 4y ago | Log Injection in Apache Sling Commons Log and Apache Sling API | |||
| CVE-2022-22979 | unknown | — | — | 4y ago | Denial of Service in Spring Cloud Function | |||
| CVE-2022-26850 | unknown | — | — | 4y ago | Insufficiently Protected Credentials via Insecure Temporary File in org.apache.nifi:nifi-single-user-utils | |||
| CVE-2022-31044 | unknown | — | — | 4y ago | Rundeck's Key Storage converter plugin mechanism's encryption layer not working in 4.2.0, 4.2.1, 4.3.0 | |||
| CVE-2022-32210 | unknown | — | — | 4y ago | `Undici.ProxyAgent` never verifies the remote server's certificate, and always exposes all request & response data to the proxy. This unexpectedly means that proxies can MitM all HTTPS traffic, and i… | |||
| CVE-2022-31053 | unknown | — | — | 4y ago | Signature forgery in Biscuit | |||
| CVE-2022-33140 | unknown | — | — | 4y ago | Code injection in Apache NiFi and NiFi Registry | |||
| CVE-2022-25167 | unknown | — | — | 4y ago | Remote Code Execution in Apache Flume | |||
| CVE-2022-25845 | unknown | — | — | 4y ago | Unsafe deserialization in com.alibaba:fastjson | |||
| CVE-2022-24969 | unknown | — | — | 4y ago | Server-side request forgery in Apache Dubbo | |||
| CVE-2022-23712 | unknown | — | — | 4y ago | Improper Check for Unusual or Exceptional Conditions in Elasticsearch | |||
| CVE-2022-29631 | unknown | — | — | 4y ago | Server-Side Request Forgery in Jodd HTTP | |||
| CVE-2022-29770 | unknown | — | — | 4y ago | Cross site scripting in XXL-job | |||
| CVE-2022-31023 | unknown | — | — | 4y ago | Dev error stack trace leaking into prod in Play Framework | |||
| CVE-2022-31018 | unknown | — | — | 4y ago | Denial of service binding form from JSON in Play Framework | |||
| CVE-2022-30506 | unknown | — | — | 4y ago | Code injection in MCMS | |||
| CVE-2022-29647 | unknown | — | — | 4y ago | Cross Site Request Forgery in Mingsoft MCMS | |||
| CVE-2022-29648 | unknown | — | — | 4y ago | Cross site scripting in Jfinal | |||
| CVE-2022-29258 | unknown | — | — | 4y ago | Cross-site Scripting in Filter Stream Converter Application in XWiki Platform | |||
| CVE-2022-29253 | unknown | — | — | 4y ago | Path Traversal in XWiki Platform | |||
| CVE-2022-30973 | unknown | — | — | 4y ago | Regular expression denial of service in apache tika | |||
| CVE-2022-23082 | unknown | — | — | 4y ago | Path traversal in CureKit | |||
| CVE-2022-30500 | unknown | — | — | 4y ago | SQL injection in jflyfox jfinal | |||
| CVE-2022-29405 | unknown | — | — | 4y ago | Missing Authorization in Apache Archiva | |||
| CVE-2022-29252 | unknown | — | — | 4y ago | Cross-site Scripting in wiki manager join wiki page | |||
| CVE-2022-29251 | unknown | — | — | 4y ago | Cross-site Scripting in the Flamingo theme manager | |||
| CVE-2022-29567 | unknown | — | — | 4y ago | Possible information disclosure inside TreeGrid component with default data provider | |||
| CVE-2022-29249 | unknown | — | — | 4y ago | Reversible One-Way Hash in io.github.javaezlib:JavaEZ | |||
| CVE-2022-29237 | unknown | — | — | 4y ago | Limited Authentication Bypass for Media Files | |||
| CVE-2022-1848 | unknown | — | — | 4y ago | Business Logic Errors in Para | |||
| CVE-2022-29173 | unknown | — | — | 4y ago | go-tuf is a Go implementation of The Update Framework (TUF). go-tuf does not correctly implement the client workflow for updating the metadata files for roles other than the root role. Specifically, … |