CVEs from 2022
Total
5,236
critical
critical 92
high
high 1,236
medium
medium 953
low
low 24
% Critical
1.8%
% with KEV
2.5%
% with exploit
3.4%
Top vendors
- oracle 616
- netapp 438
- microsoft 165
- omron 109
- azul 82
- schneider-electric 33
- mitsubishielectric 32
- siemens 10
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-34803 | unknown | — | — | 4y ago | Jenkins OpsGenie Plugin Plaintext Storage of a Password vulnerability | |||
| CVE-2022-34811 | unknown | — | — | 4y ago | Missing Authorization in Jenkins XPath Configuration Viewer Plugin | |||
| CVE-2022-34815 | unknown | — | — | 4y ago | Cross-Site Request Forgery in Jenkins Request Rename Or Delete Plugin | |||
| CVE-2022-34804 | unknown | — | — | 4y ago | Jenkins OpsGenie Plugin vulnerable to Cleartext Transmission of Sensitive Information | |||
| CVE-2022-34808 | unknown | — | — | 4y ago | Token stored in plain text by Jenkins Cisco Spark Plugin | |||
| CVE-2022-34812 | unknown | — | — | 4y ago | Cross-Site Request Forgery in Jenkins XPath Configuration Viewer Plugin | |||
| CVE-2022-34814 | unknown | — | — | 4y ago | Incorrect Authorization in Jenkins Request Rename Or Delete Plugin | |||
| CVE-2022-34813 | unknown | — | — | 4y ago | Jenkins XPath Configuration Viewer Plugin Missing Authorization vulnerability | |||
| CVE-2022-34816 | unknown | — | — | 4y ago | Passwords stored in plain text by Jenkins hpe-network-virtualization plugin | |||
| CVE-2022-34806 | unknown | — | — | 4y ago | Plaintext Storage of a Password in Jenkins Jigomerge Plugin | |||
| CVE-2022-34805 | unknown | — | — | 4y ago | Plaintext Storage of a Password in Jenkins Skype notifier Plugin | |||
| CVE-2022-34807 | unknown | — | — | 4y ago | Plaintext Storage of a Password in Jenkins Elasticsearch Query Plugin | |||
| CVE-2022-34809 | unknown | — | — | 4y ago | Password stored in plain text by Jenkins RQM Plugin | |||
| CVE-2022-34817 | unknown | — | — | 4y ago | Cross-Site Request Forgery in Jenkins Failed Job Deactivator Plugin | |||
| CVE-2022-34801 | unknown | — | — | 4y ago | Cleartext Storage of Sensitive Information in Jenkins Build Notifications Plugin | |||
| CVE-2022-34797 | unknown | — | — | 4y ago | Cross-Site Request Forgery in Jenkins Deployment Dashboard Plugin | |||
| CVE-2022-34780 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins XebiaLabs XL Release Plugin allow capturing credentials | |||
| CVE-2022-34802 | unknown | — | — | 4y ago | Plaintext Storage of a Password in Jenkins RocketChat Notifier Plugin | |||
| CVE-2022-34777 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins GitLab Plugin | |||
| CVE-2022-34783 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins Plot Plugin | |||
| CVE-2022-34784 | unknown | — | — | 4y ago | Cross site scripting in Jenkins build-metrics Plugin | |||
| CVE-2022-34799 | unknown | — | — | 4y ago | Plaintext Storage of a Password in Jenkins Deployment Dashboard Plugin | |||
| CVE-2022-34800 | unknown | — | — | 4y ago | Plaintext Storage of a Password in Jenkins Build Notifications Plugin | |||
| CVE-2022-34794 | unknown | — | — | 4y ago | Missing Authorization in Jenkins Recipe Plugin | |||
| CVE-2022-34786 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins Rich Text Publisher Plugin | |||
| CVE-2022-34792 | unknown | — | — | 4y ago | Cross-Site Request Forgery in Jenkins Recipe Plugin | |||
| CVE-2022-34791 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins Validating Email Parameter Plugin | |||
| CVE-2022-34793 | unknown | — | — | 4y ago | XML External Entity Reference in Jenkins Recipe Plugin | |||
| CVE-2022-34782 | unknown | — | — | 4y ago | Incorrect Authorization in Jenkins requests-plugin | |||
| CVE-2022-34787 | unknown | — | — | 4y ago | Jenkins Project Inheritance Plugin vulnerable to cross site scripting | |||
| CVE-2022-34790 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins eXtreme Feedback Panel Plugin | |||
| CVE-2022-34789 | unknown | — | — | 4y ago | Jenkins Matrix Reloaded Plugin vulnerable to CSRF | |||
| CVE-2022-34778 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins TestNG Results Plugin | |||
| CVE-2022-34785 | unknown | — | — | 4y ago | Jenkins build-metrics Plugin Missing Authorization vulnerability | |||
| CVE-2022-34798 | unknown | — | — | 4y ago | Missing Authorization in Jenkins Deployment Dashboard Plugin | |||
| CVE-2022-34795 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins Deployment Dashboard Plugin | |||
| CVE-2022-34779 | unknown | — | — | 4y ago | Missing permission checks in Jenkins XebiaLabs XL Release Plugin allow enumerating credentials IDs | |||
| CVE-2022-34796 | unknown | — | — | 4y ago | Jenkins Deployment Dashboard Plugin has Insufficiently Protected Credentials | |||
| CVE-2022-32532 | unknown | — | — | 4y ago | Improper Authorization in Apache Shiro | |||
| CVE-2022-26477 | unknown | — | — | 4y ago | SystemDS CPU exhaustion vulnerability | |||
| CVE-2022-33879 | unknown | — | — | 4y ago | Apache Tika contains incomplete fix for regex DoS | |||
| CVE-2022-34208 | unknown | — | — | 4y ago | Jenkins Beaker builder Plugin Missing Authorization vulnerability | |||
| CVE-2022-34298 | unknown | — | — | 4y ago | NT auth module vulnerability in OpenAM | |||
| CVE-2022-34212 | unknown | — | — | 4y ago | Missing permission check in Jenkins vRealize Orchestrator Plugin | |||
| CVE-2022-34205 | unknown | — | — | 4y ago | Cross-Site Request Forgery in Jenkins Jianliao Notification Plugin | |||
| CVE-2022-34305 | unknown | — | — | 4y ago | In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data with… | |||
| CVE-2022-34207 | unknown | — | — | 4y ago | Cross-Site Request Forgery in Jenkins Beaker builder Plugin | |||
| CVE-2022-34213 | unknown | — | — | 4y ago | Squash TM Publisher (Squash4Jenkins) Plugin stores passwords stored in plain text | |||
| CVE-2022-34209 | unknown | — | — | 4y ago | Cross-Site Request Forgery in Jenkins ThreadFix Plugin | |||
| CVE-2022-34210 | unknown | — | — | 4y ago | Missing permission check in Jenkins ThreadFix Plugin | |||
| CVE-2022-34198 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins Stash Branch Parameter Plugin | |||
| CVE-2022-34211 | unknown | — | — | 4y ago | Cross-Site Request Forgery in Jenkins vRealize Orchestrator Plugin | |||
| CVE-2022-34197 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins Sauce OnDemand Plugin | |||
| CVE-2022-34171 | unknown | — | — | 4y ago | Cross-site Scripting vulnerability in Jenkins | |||
| CVE-2022-34188 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins Hidden Parameter Plugin | |||
| CVE-2022-34186 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins Dynamic Extended Choice Parameter Plugin | |||
| CVE-2022-34201 | unknown | — | — | 4y ago | Missing permission check in Jenkins Convertigo Mobile Platform Plugin | |||
| CVE-2022-34187 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins Filesystem List Parameter Plugin | |||
| CVE-2022-34173 | unknown | — | — | 4y ago | Cross-site Scripting vulnerability in Jenkins | |||
| CVE-2022-34180 | unknown | — | — | 4y ago | Improper authorization in Jenkins Embeddable Build Status Plugin bypasses ViewStatus permission requirement | |||
| CVE-2022-34174 | unknown | — | — | 4y ago | Observable timing discrepancy allows determining username validity in Jenkins | |||
| CVE-2022-34189 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins Image Tag Parameter Plugin | |||
| CVE-2022-34192 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins ontrack Jenkins Plugin | |||
| CVE-2022-34172 | unknown | — | — | 4y ago | Cross-site Scripting vulnerability in Jenkins | |||
| CVE-2022-34183 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins Agent Server Parameter Plugin | |||
| CVE-2022-34178 | unknown | — | — | 4y ago | Reflected Cross site scripting in Jenkins Embeddable Build Status Plugin | |||
| CVE-2022-33113 | unknown | — | — | 4y ago | Cross-site Scripting in Jfinal CMS | |||
| CVE-2022-34206 | unknown | — | — | 4y ago | Jenkins Jianliao Notification Plugin Missing Authorization vulnerability | |||
| CVE-2022-34199 | unknown | — | — | 4y ago | Plaintext Storage of a Password in Jenkins Convertigo Mobile Platform Plugin | |||
| CVE-2022-34184 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins CRX Content Package Deployer Plugin | |||
| CVE-2022-34194 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins Readonly Parameter Plugin | |||
| CVE-2022-34204 | unknown | — | — | 4y ago | Jenkins EasyQA Plugin Missing Authorization vulnerability | |||
| CVE-2022-34196 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins REST List Parameter Plugin | |||
| CVE-2022-34193 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins Package Version Plugin | |||
| CVE-2022-34203 | unknown | — | — | 4y ago | Cross-Site Request Forgery in Jenkins EasyQA Plugin | |||
| CVE-2022-34195 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins Repository Connector Plugin | |||
| CVE-2022-34175 | unknown | — | — | 4y ago | Unauthorized view fragment access in Jenkins | |||
| CVE-2022-34170 | unknown | — | — | 4y ago | Cross-site Scripting vulnerability in Jenkins | |||
| CVE-2022-34202 | unknown | — | — | 4y ago | User passwords stored in plain text by Jenkins EasyQA Plugin | |||
| CVE-2022-34191 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins NS-ND Integration Performance Publisher Plugin | |||
| CVE-2022-34190 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins Maven Metadata Plugin | |||
| CVE-2022-34185 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins Date Parameter Plugin | |||
| CVE-2022-34182 | unknown | — | — | 4y ago | Reflected Cross-site Scripting in Jenkins Nested View Plugin | |||
| CVE-2022-34181 | unknown | — | — | 4y ago | Agent-to-controller security bypass in Jenkins xUnit Plugin | |||
| CVE-2022-34179 | unknown | — | — | 4y ago | Path Traversal vulnerability in Jenkins Embeddable Build Status Plugin | |||
| CVE-2022-34177 | unknown | — | — | 4y ago | Arbitrary file write vulnerability in Jenkins Pipeline: Input Step Plugin | |||
| CVE-2022-34176 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins JUnit Plugin | |||
| CVE-2022-22980 | unknown | — | — | 4y ago | SpEL Injection in Spring Data MongoDB | |||
| CVE-2022-32549 | unknown | — | — | 4y ago | Log Injection in Apache Sling Commons Log and Apache Sling API | |||
| CVE-2022-22979 | unknown | — | — | 4y ago | Denial of Service in Spring Cloud Function | |||
| CVE-2022-31091 | unknown | — | — | 4y ago | Guzzle, an extensible PHP HTTP client. `Authorization` and `Cookie` headers on requests are sensitive information. In affected versions on making a request which responds with a redirect to a URI wit… | |||
| CVE-2022-31090 | unknown | — | — | 4y ago | Guzzle, an extensible PHP HTTP client. `Authorization` headers on requests are sensitive information. In affected versions when using our Curl handler, it is possible to use the `CURLOPT_HTTPAUTH` op… | |||
| CVE-2022-26850 | unknown | — | — | 4y ago | Insufficiently Protected Credentials via Insecure Temporary File in org.apache.nifi:nifi-single-user-utils | |||
| CVE-2022-31044 | unknown | — | — | 4y ago | Rundeck's Key Storage converter plugin mechanism's encryption layer not working in 4.2.0, 4.2.1, 4.3.0 | |||
| CVE-2022-32210 | unknown | — | — | 4y ago | `Undici.ProxyAgent` never verifies the remote server's certificate, and always exposes all request & response data to the proxy. This unexpectedly means that proxies can MitM all HTTPS traffic, and i… | |||
| CVE-2022-31053 | unknown | — | — | 4y ago | Signature forgery in Biscuit | |||
| CVE-2022-33140 | unknown | — | — | 4y ago | Code injection in Apache NiFi and NiFi Registry | |||
| CVE-2022-25167 | unknown | — | — | 4y ago | Remote Code Execution in Apache Flume | |||
| CVE-2022-25845 | unknown | — | — | 4y ago | Unsafe deserialization in com.alibaba:fastjson | |||
| CVE-2022-31043 | unknown | — | — | 4y ago | Guzzle is an open source PHP HTTP client. In affected versions `Authorization` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds w… |