Published on 01 Nov 2023
SingCERT's Security Bulletin summarises the list of vulnerabilities collated from the National Institute of Standards and Technology (NIST)'s National Vulnerability Database (NVD) in the past week.
The vulnerabilities are tabled based on severity, in accordance to their CVSSv3 base scores:
Critical | vulnerabilities with a base score of 9.0 to 10.0 |
High | vulnerabilities with a base score of 7.0 to 8.9 |
Medium | vulnerabilities with a base score of 4.0 to 6.9 |
Low | vulnerabilities with a base score of 0.1 to 3.9 |
None | vulnerabilities with a base score of 0.0 |
For those vulnerabilities without assigned CVSS scores, please visit NVD for the updated CVSS vulnerability entries.
CVE Number | Description | Base Score | Reference |
---|---|---|---|
CVE-2022-30123 | A sequence injection vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack. | 10 | https://nvd.nist.gov/vuln/detail/CVE-2022-30123 |
CVE-2023-2564 | OS Command Injection in GitHub repository sbs20/scanservjs prior to v2.27.0. | 10 | https://nvd.nist.gov/vuln/detail/CVE-2023-2564 |
CVE-2023-20198 | Cisco is aware of active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks. This vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access. The attacker can then use that account to gain control of the affected system. For steps to close the attack vector for this vulnerability, see the Recommendations section of this advisory. Cisco will provide updates on the status of this investigation and when a software patch is available. | 10 | https://nvd.nist.gov/vuln/detail/CVE-2023-20198 |
CVE-2023-45146 | XXL-RPC is a high performance, distributed RPC framework. With it, a TCP server can be set up using the Netty framework and the Hessian serialization mechanism. When such a configuration is used, attackers may be able to connect to the server and provide malicious serialized objects that, once deserialized, force it to execute arbitrary code. This can be abused to take control of the machine the server is running by way of remote code execution. This issue has not been fixed. | 10 | https://nvd.nist.gov/vuln/detail/CVE-2023-45146 |
CVE-2022-42150 | TinyLab linux-lab v1.1-rc1 and cloud-labv0.8-rc2, v1.1-rc1 are vulnerable to insecure permissions. The default configuration could cause Container Escape. | 10 | https://nvd.nist.gov/vuln/detail/CVE-2022-42150 |
CVE-2019-1003029 | A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java, src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM. | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003029 |
CVE-2019-1003030 | A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShell.java that allows attackers able to control pipeline scripts to execute arbitrary code on the Jenkins master JVM. | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003030 |
CVE-2019-1003031 | A sandbox bypass vulnerability exists in Jenkins Matrix Project Plugin 1.13 and earlier in pom.xml, src/main/java/hudson/matrix/FilterScript.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM. | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003031 |
CVE-2019-1003032 | A sandbox bypass vulnerability exists in Jenkins Email Extension Plugin 2.64 and earlier in pom.xml, src/main/java/hudson/plugins/emailext/ExtendedEmailPublisher.java, src/main/java/hudson/plugins/emailext/plugins/content/EmailExtScript.java, src/main/java/hudson/plugins/emailext/plugins/content/ScriptContent.java, src/main/java/hudson/plugins/emailext/plugins/trigger/AbstractScriptTrigger.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM. | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003032 |
CVE-2019-1003034 | A sandbox bypass vulnerability exists in Jenkins Job DSL Plugin 1.71 and earlier in job-dsl-core/src/main/groovy/javaposse/jobdsl/dsl/AbstractDslScriptLoader.groovy, job-dsl-plugin/build.gradle, job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/JobDslWhitelist.groovy, job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/SandboxDslScriptLoader.groovy that allows attackers with control over Job DSL definitions to execute arbitrary code on the Jenkins master JVM. | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003034 |
CVE-2019-10306 | A sandbox bypass vulnerability in Jenkins ontrack Plugin 3.4 and earlier allowed attackers with control over ontrack DSL definitions to execute arbitrary code on the Jenkins master JVM. | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2019-10306 |
CVE-2019-10328 | Jenkins Pipeline Remote Loader Plugin 1.4 and earlier provided a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection. | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2019-10328 |
CVE-2019-10417 | Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection. | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2019-10417 |
CVE-2019-10418 | Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection. | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2019-10418 |
CVE-2019-10431 | A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.64 and earlier related to the handling of default parameter expressions in constructors allowed attackers to execute arbitrary code in sandboxed scripts. | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2019-10431 |
CVE-2019-10458 | Jenkins Puppet Enterprise Pipeline 1.3.1 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code. | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2019-10458 |
CVE-2019-16541 | Jenkins JIRA Plugin 3.0.10 and earlier does not declare the correct (folder) scope for per-folder Jira site definitions, allowing users to select and use credentials with System scope. | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2019-16541 |
CVE-2020-2279 | A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.74 and earlier allows attackers with permission to define sandboxed scripts to provide crafted return values or script binding content that can result in arbitrary code execution on the Jenkins controller JVM. | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2020-2279 |
CVE-2022-43401 | A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2022-43401 |
CVE-2022-43402 | A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Pipeline: Groovy Plugin 2802.v5ea_628154b_c2 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2022-43402 |
CVE-2022-43403 | A sandbox bypass vulnerability involving casting an array-like value to an array type in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2022-43403 |
CVE-2022-43404 | A sandbox bypass vulnerability involving crafted constructor bodies and calls to sandbox-generated synthetic constructors in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2022-43404 |
CVE-2022-43405 | A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Libraries Plugin 612.v84da_9c54906d and earlier allows attackers with permission to define untrusted Pipeline libraries and to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2022-43405 |
CVE-2022-43406 | A sandbox bypass vulnerability in Jenkins Pipeline: Deprecated Groovy Libraries Plugin 583.vf3b_454e43966 and earlier allows attackers with permission to define untrusted Pipeline libraries and to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2022-43406 |
CVE-2022-36786 | DLINK - DSL-224 Post-auth RCE.\nDLINK router version 3.0.8 has an interface where you can configure NTP servers (Network Time Protocol) via jsonrpc API.\nIt is possible to inject a command through this interface that will run with ROOT permissions on the router.\n\n | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2022-36786 |
CVE-2023-25765 | In Jenkins Email Extension Plugin 2.93 and earlier, templates defined inside a folder were not subject to Script Security protection, allowing attackers able to define email templates in folders to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-25765 |
CVE-2019-1003040 | A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003040 |
CVE-2019-1003041 | A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2.64 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003041 |
CVE-2019-13990 | initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-13990 |
CVE-2020-2299 | Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user if a magic constant is used as the password. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2299 |
CVE-2020-2300 | Jenkins Active Directory Plugin 2.19 and earlier does not prohibit the use of an empty password in Windows/ADSI mode, which allows attackers to log in to Jenkins as any user depending on the configuration of the Active Directory server. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2300 |
CVE-2020-2301 | Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user with any password while a successful authentication of that user is still in the optional cache when using Windows/ADSI mode. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2301 |
CVE-2020-2320 | Jenkins Plugin Installation Manager Tool 2.1.3 and earlier does not verify plugin downloads. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2320 |
CVE-2020-29583 | Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin privileges. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-29583 |
CVE-2021-25281 | An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-25281 |
CVE-2021-25283 | An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-25283 |
CVE-2021-3148 | An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-3148 |
CVE-2021-3197 | An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-3197 |
CVE-2021-21669 | Jenkins Generic Webhook Trigger Plugin 1.72 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21669 |
CVE-2021-41116 | Composer is an open source dependency manager for the PHP language. In affected versions windows users running Composer to install untrusted dependencies are subject to command injection and should upgrade their composer version. Other OSs and WSL are not affected. The issue has been resolved in composer versions 1.10.23 and 2.1.9. There are no workarounds for this issue. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-41116 |
CVE-2021-21690 | Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21690 |
CVE-2021-21691 | Creating symbolic links is possible without the 'symlink' agent-to-controller access control permission in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21691 |
CVE-2021-21692 | FilePath#renameTo and FilePath#moveAllChildrenTo in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier only check 'read' agent-to-controller access permission on the source path, instead of 'delete'. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21692 |
CVE-2021-21693 | When creating temporary files, agent-to-controller access to create those files is only checked after they've been created in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21693 |
CVE-2021-21694 | FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21694 |
CVE-2021-21696 | Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not limit agent read/write access to the libs/ directory inside build directories when using the FilePath APIs, allowing attackers in control of agent processes to replace the code of a trusted library with a modified variant. This results in unsandboxed code execution in the Jenkins controller process. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21696 |
CVE-2022-23631 | superjson is a program to allow JavaScript expressions to be serialized to a superset of JSON. In versions prior to 1.8.1 superjson allows input to run arbitrary code on any server using superjson input without prior authentication or knowledge. The only requirement is that the server implements at least one endpoint which uses superjson during request processing. This has been patched in superjson 1.8.1. Users are advised to update. There are no known workarounds for this issue.\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-23631 |
CVE-2022-29528 | An issue was discovered in MISP before 2.4.158. PHAR deserialization can occur. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-29528 |
CVE-2022-28890 | A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved. This issue affects Apache Jena version 4.4.0 and prior versions. Apache Jena 4.2.x and 4.3.x do not allow external entities. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-28890 |
CVE-2022-34132 | Benjamin BALET Jorani v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at application/controllers/Leaves.php. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-34132 |
CVE-2022-32292 | In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in received_data to execute code. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-32292 |
CVE-2022-41226 | Jenkins Compuware Common Configuration Plugin 1.0.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-41226 |
CVE-2022-41237 | Jenkins DotCi Plugin 2.40.00 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-41237 |
CVE-2022-41238 | A missing permission check in Jenkins DotCi Plugin 2.40.00 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository for attacker-specified commits. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-41238 |
CVE-2022-40293 | \nThe application was vulnerable to a session fixation that could be used hijack accounts.\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-40293 |
CVE-2022-40296 | \nThe application was vulnerable to a Server-Side Request Forgery attacks, allowing the backend server to interact with unexpected endpoints, potentially including internal and local services, leading to attacks in other downstream systems.\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-40296 |
CVE-2022-33321 | Cleartext Transmission of Sensitive Information vulnerability due to the use of Basic Authentication for HTTP connections in Mitsubishi Electric consumer electronics products (PHOTOVOLTAIC COLOR MONITOR ECO-GUIDE, HEMS adapter, Wi-Fi Interface, Air Conditioning, Induction hob, Mitsubishi Electric HEMS Energy Measurement Unit, Refrigerator, Remote control with Wi-Fi Interface, BATHROOM THERMO VENTILATOR, Rice cooker, Mitsubishi Electric HEMS control adapter, Energy Recovery Ventilator, Smart Switch, Ventilating Fan, Range hood fan, Energy Measurement Unit and Air Purifier) allows a remote unauthenticated attacker to disclose information in the products or cause a denial of service (DoS) condition as a result by sniffing credential information (username and password).\nThe wide range of models/versions of Mitsubishi Electric consumer electronics products are affected by this vulnerability.\nAs for the affected product models/versions, see the Mitsubishi Electric's advisory which is listed in [References] section.\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-33321 |
CVE-2022-45395 | Jenkins CCCC Plugin 0.6 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-45395 |
CVE-2022-45396 | Jenkins SourceMonitor Plugin 0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-45396 |
CVE-2022-45397 | Jenkins OSF Builder Suite : : XML Linter Plugin 1.0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-45397 |
CVE-2022-45400 | Jenkins JAPEX Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-45400 |
CVE-2022-36784 | \nElsight – Elsight Halo Remote Code Execution (RCE)\nElsight Halo web panel allows us to perform connection validation.\nthrough the POST request :\n/api/v1/nics/wifi/wlan0/ping\nwe can abuse DESTINATION parameter and leverage it to remote code execution.\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-36784 |
CVE-2022-36787 | \nwebvendome - webvendome SQL Injection.\nSQL Injection in the Parameter " DocNumber"\nRequest :\nGet Request :\n/webvendome/showfiles.aspx?jobnumber=nullDoc Number=HERE.\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-36787 |
CVE-2022-39180 | \nCollege Management System v1.0 - SQL Injection (SQLi).\nBy inserting SQL commands to the username and password fields in the login.php page\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-39180 |
CVE-2022-4170 | The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-4170 |
CVE-2022-4860 | A vulnerability was found in KBase Metrics. It has been classified as critical. This affects the function upload_user_data of the file source/daily_cron_jobs/methods_upload_user_stats.py. The manipulation leads to sql injection. The patch is named 959dfb6b05991e30b0fa972a1ecdcaae8e1dae6d. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217059. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-4860 |
CVE-2019-25098 | A vulnerability was found in soerennb eXtplorer up to 2.1.12. It has been classified as critical. This affects an unknown part of the file include/archive.php of the component Archive Handler. The manipulation leads to path traversal. Upgrading to version 2.1.13 is able to address this issue. The identifier of the patch is b8fcb888f4ff5e171c16797a4b075c6c6f50bf46. It is recommended to upgrade the affected component. The identifier VDB-217437 was assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-25098 |
CVE-2018-25066 | A vulnerability was found in PeterMu nodebatis up to 2.1.x. It has been classified as critical. Affected is an unknown function. The manipulation leads to sql injection. Upgrading to version 2.2.0 is able to address this issue. The patch is identified as 6629ff5b7e3d62ad8319007a54589ec1f62c7c35. It is recommended to upgrade the affected component. VDB-217554 is the identifier assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-25066 |
CVE-2018-25068 | A vulnerability has been found in devent globalpom-utils up to 4.5.0 and classified as critical. This vulnerability affects the function createTmpDir of the file globalpomutils-fileresources/src/main/java/com/anrisoftware/globalpom/fileresourcemanager/FileResourceManagerProvider.java. The manipulation leads to insecure temporary file. The attack can be initiated remotely. Upgrading to version 4.5.1 is able to address this issue. The patch is identified as 77a820bac2f68e662ce261ecb050c643bd7ee560. It is recommended to upgrade the affected component. VDB-217570 is the identifier assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-25068 |
CVE-2018-25070 | A vulnerability has been found in polterguy Phosphorus Five up to 8.2 and classified as critical. This vulnerability affects the function csv.Read of the file plugins/extras/p5.mysql/NonQuery.cs of the component CSV Import. The manipulation leads to sql injection. Upgrading to version 8.3 is able to address this issue. The patch is identified as c179a3d0703db55cfe0cb939b89593f2e7a87246. It is recommended to upgrade the affected component. VDB-217606 is the identifier assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-25070 |
CVE-2018-25071 | A vulnerability was found in roxlukas LMeve up to 0.1.58. It has been rated as critical. Affected by this issue is the function insert_log of the file wwwroot/ccpwgl/proxy.php. The manipulation of the argument fetch leads to sql injection. Upgrading to version 0.1.59-beta is able to address this issue. The patch is identified as c25ff7fe83a2cda1fcb365b182365adc3ffae332. It is recommended to upgrade the affected component. VDB-217610 is the identifier assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-25071 |
CVE-2022-4880 | A vulnerability was found in stakira OpenUtau. It has been classified as critical. This affects the function VoicebankInstaller of the file OpenUtau.Core/Classic/VoicebankInstaller.cs of the component ZIP Archive Handler. The manipulation leads to path traversal. Upgrading to version 0.0.991 is able to address this issue. The identifier of the patch is 849a0a6912aac8b1c28cc32aa1132a3140caff4a. It is recommended to upgrade the affected component. The identifier VDB-217617 was assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-4880 |
CVE-2021-4301 | A vulnerability was found in slackero phpwcms up to 1.9.26 and classified as critical. Affected by this issue is some unknown functionality. The manipulation of the argument $phpwcms['db_prepend'] leads to sql injection. The attack may be launched remotely. Upgrading to version 1.9.27 is able to address this issue. The patch is identified as 77dafb6a8cc1015f0777daeb5792f43beef77a9d. It is recommended to upgrade the affected component. VDB-217418 is the identifier assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-4301 |
CVE-2020-36648 | A vulnerability, which was classified as critical, was found in pouetnet pouet 2.0. This affects an unknown part. The manipulation of the argument howmany leads to sql injection. The identifier of the patch is 11d615931352066fb2f6dcb07428277c2cd99baf. It is recommended to apply a patch to fix this issue. The identifier VDB-217641 was assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-36648 |
CVE-2021-4308 | A vulnerability was found in WebPA up to 3.1.1. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection. Upgrading to version 3.1.2 is able to address this issue. The identifier of the patch is 8836c4f549181e885a68e0e7ca561fdbcbd04bf0. It is recommended to upgrade the affected component. The identifier VDB-217637 was assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-4308 |
CVE-2019-25100 | A vulnerability was found in happyman twmap. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file twmap3/data/ajaxCRUD/pointdata2.php. The manipulation of the argument id leads to sql injection. Upgrading to version v2.9_v4.31 is able to address this issue. The identifier of the patch is babbec79b3fa4efb3bd581ea68af0528d11bba0c. It is recommended to upgrade the affected component. The identifier VDB-217645 was assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-25100 |
CVE-2018-25072 | A vulnerability classified as critical has been found in lojban jbovlaste. This affects an unknown part of the file dict/listing.html. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The patch is named 6ff44c2e87b1113eb07d76ea62e1f64193b04d15. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217647. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-25072 |
CVE-2021-4311 | A vulnerability classified as problematic was found in Talend Open Studio for MDM. This vulnerability affects unknown code of the component XML Handler. The manipulation leads to xml external entity reference. The patch is identified as 31d442b9fb1d518128fd18f6e4d54e06c3d67793. It is recommended to apply a patch to fix this issue. VDB-217666 is the identifier assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-4311 |
CVE-2018-25076 | A vulnerability classified as critical was found in Events Extension on BigTree. Affected by this vulnerability is the function getRandomFeaturedEventByDate/getUpcomingFeaturedEventsInCategoriesWithSubcategories/recacheEvent/searchResults of the file classes/events.php. The manipulation leads to sql injection. The patch is named 11169e48ab1249109485fdb1e0c9fca3d25ba01d. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218395. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-25076 |
CVE-2023-24429 | Jenkins Semantic Versioning Plugin 1.14 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24429 |
CVE-2023-24430 | Jenkins Semantic Versioning Plugin 1.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24430 |
CVE-2023-0558 | The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to an unsecure token check that is susceptible to type juggling in versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to execute functions intended for use by users with proper API keys. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0558 |
CVE-2022-47002 | A vulnerability in the Remember Me function of Masa CMS v7.2, 7.3, and 7.4-beta allows attackers to bypass authentication via a crafted web request. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-47002 |
CVE-2019-25101 | A vulnerability classified as critical has been found in OnShift TurboGears 1.0.11.10. This affects an unknown part of the file turbogears/controllers.py of the component HTTP Header Handler. The manipulation leads to http response splitting. It is possible to initiate the attack remotely. Upgrading to version 1.0.11.11 is able to address this issue. The patch is named f68bbaba47f4474e1da553aa51564a73e1d92a84. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220059. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-25101 |
CVE-2022-48328 | app/Controller/Component/IndexFilterComponent.php in MISP before 2.4.167 mishandles ordered_url_params and additional_delimiters. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-48328 |
CVE-2021-4327 | A vulnerability was found in SerenityOS. It has been rated as critical. Affected by this issue is the function initialize_typed_array_from_array_buffer in the library Userland/Libraries/LibJS/Runtime/TypedArray.cpp. The manipulation leads to integer overflow. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as f6c6047e49f1517778f5565681fb64750b14bf60. It is recommended to apply a patch to fix this issue. VDB-222074 is the identifier assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-4327 |
CVE-2021-4329 | A vulnerability, which was classified as critical, has been found in json-logic-js 2.0.0. Affected by this issue is some unknown functionality of the file logic.js. The manipulation leads to command injection. Upgrading to version 2.0.1 is able to address this issue. The patch is identified as c1dd82f5b15d8a553bb7a0cfa841ab8a11a9c227. It is recommended to upgrade the affected component. VDB-222266 is the identifier assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-4329 |
CVE-2023-1283 | Code Injection in GitHub repository builderio/qwik prior to 0.21.0.\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1283 |
CVE-2018-25082 | A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classified as critical. This issue affects the function validate/to_xml. The manipulation leads to xml external entity reference. The attack may be initiated remotely. Upgrading to version 0.5.5 is able to address this issue. The patch is named e54abadc777715b6dcb545c13214d1dea63df6c9. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-223403. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-25082 |
CVE-2023-1177 | Path Traversal: '\\..\\filename' in GitHub repository mlflow/mlflow prior to 2.2.1.\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1177 |
CVE-2023-28883 | In Cerebrate 1.13, a blind SQL injection exists in the searchAll API endpoint. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28883 |
CVE-2023-1826 | A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. This affects an unknown part of the file php-ocls\\admin\\system_info\\index.php. The manipulation of the argument img leads to unrestricted upload. It is possible to initiate the attack remotely. The identifier VDB-224841 was assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1826 |
CVE-2023-3824 | In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE. \n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-3824 |
CVE-2023-40254 | Download of Code Without Integrity Check vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Malicious Software Update.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40254 |
CVE-2023-41361 | An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not check for an overly large length of the rcv software version. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41361 |
CVE-2023-34039 | Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-34039 |
CVE-2023-31069 | An issue was discovered in TSplus Remote Access through 16.0.2.14. Credentials are stored as cleartext within the HTML source code of the login page. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-31069 |
CVE-2023-43654 | TorchServe is a tool for serving and scaling PyTorch models in production. TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the disk. This issue could be taken advantage of to compromise the integrity of the system and sensitive data. This issue is present in versions 0.1.0 to 0.8.1. A user is able to load the model of their choice from any URL that they would like to use. The user of TorchServe is responsible for configuring both the allowed_urls and specifying the model URL to be used. A pull request to warn the user when the default value for allowed_urls is used has been merged in PR #2534. TorchServe release 0.8.2 includes this change. Users are advised to upgrade. There are no known workarounds for this issue. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43654 |
CVE-2023-5399 | \n\n\n\n\nA CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path\nTraversal') vulnerability exists that could cause tampering of files on the personal computer\nrunning C-Bus when using the File Command.\n\n\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5399 |
CVE-2023-39323 | Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-39323 |
CVE-2023-43119 | An Access Control issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, also fixed in 22.7, 31.7.2 allows attackers to gain escalated privileges using crafted telnet commands via Redis server. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43119 |
CVE-2023-27132 | TSplus Remote Work 16.0.0.0 places a cleartext password on the "var pass" line of the HTML source code for the secure single sign-on web portal. NOTE: CVE-2023-31069 is only about the TSplus Remote Access product, not the TSplus Remote Work product. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27132 |
CVE-2023-45952 | An arbitrary file upload vulnerability in the component ajax_link.php of lylme_spage v1.7.0 allows attackers to execute arbitrary code via uploading a crafted file. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45952 |
CVE-2023-35084 | Unsafe Deserialization of User Input could lead to Execution of Unauthorized Operations in Ivanti Endpoint Manager 2022 su3 and all previous versions, which could allow an attacker to execute commands remotely. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-35084 |
CVE-2023-38545 | This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means "let the host resolve the name" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-38545 |
CVE-2023-39332 | Various `node:fs` functions allow specifying paths as either strings or `Uint8Array` objects. In Node.js environments, the `Buffer` class extends the `Uint8Array` class. Node.js prevents path traversal through strings (see CVE-2023-30584) and `Buffer` objects (see CVE-2023-32004), but not through non-`Buffer` `Uint8Array` objects.\n\nThis is distinct from CVE-2023-32004 ([report 2038134](https://hackerone.com/reports/2038134)), which only referred to `Buffer` objects. However, the vulnerability follows the same pattern using `Uint8Array` instead of `Buffer`.\n\nImpacts:\n\nThis vulnerability affects all users using the experimental permission model in Node.js 20.\n\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-39332 |
CVE-2023-46005 | Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_branch.php. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46005 |
CVE-2023-46006 | Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_user.php. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46006 |
CVE-2023-46007 | Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_staff.php. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46007 |
CVE-2023-5642 | Advantech R-SeeNet v2.4.23 allows an unauthenticated remote attacker to read from and write to the snmpmon.ini file, which contains sensitive information. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5642 |
CVE-2023-45911 | An issue in WIPOTEC GmbH ComScale v4.3.29.21344 and v4.4.12.723 allows unauthenticated attackers to login as any user without a password. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45911 |
CVE-2023-4601 | A stack-based buffer overflow vulnerability exists in NI System Configuration that could result in information disclosure and/or arbitrary code execution. Successful exploitation requires that an attacker can provide a specially crafted response. This affects NI System Configuration 2023 Q3 and all previous versions.\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4601 |
CVE-2023-37503 | HCL Compass is vulnerable to insecure password requirements. An attacker could easily guess the password and gain access to user accounts.\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-37503 |
CVE-2023-45379 | In the module "Rotator Img" (posrotatorimg) in versions at least up to 1.1 from PosThemes for PrestaShop, a guest can perform SQL injection. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45379 |
CVE-2023-45384 | KnowBand supercheckout > 5.0.7 and < 6.0.7 is vulnerable to Unrestricted Upload of File with Dangerous Type. In the module "Module One Page Checkout, Social Login & Mailchimp" (supercheckout), a guest can upload files with extensions .php | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45384 |
CVE-2023-35182 | The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability can be abused by unauthenticated users on SolarWinds ARM Server. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-35182 |
CVE-2023-35184 | The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse a SolarWinds service resulting in a remote code execution. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-35184 |
CVE-2023-35187 | The SolarWinds Access Rights Manager was susceptible to a Directory Traversal Remote Code Vulnerability. This vulnerability allows an unauthenticated user to achieve the Remote Code Execution. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-35187 |
CVE-2023-46042 | An issue in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via a crafted payload to the phpinfo(). | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46042 |
CVE-2022-47583 | Terminal character injection in Mintty before 3.6.3 allows code execution via unescaped output to the terminal. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-47583 |
CVE-2023-43986 | DM Concept configurator before v4.9.4 was discovered to contain a SQL injection vulnerability via the component ConfiguratorAttachment::getAttachmentByToken. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43986 |
CVE-2023-45381 | In the module "Creative Popup" (creativepopup) up to version 1.6.9 from WebshopWorks for PrestaShop, a guest can perform SQL injection via `cp_download_popup().` | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45381 |
CVE-2023-38584 | \n\n\n\n\n\n\nIn Weintek's cMT3000 HMI Web CGI device, the cgi-bin command_wb.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication.\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-38584 |
CVE-2023-43492 | \n\n\n\n\n\n\n\n\nIn Weintek's cMT3000 HMI Web CGI device, the cgi-bin codesys.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication.\n\n\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43492 |
CVE-2023-45376 | In the module "Carousels Pack - Instagram, Products, Brands, Supplier" (hicarouselspack) for PrestaShop up to version 1.5.0 from HiPresta for PrestaShop, a guest can perform SQL injection via HiCpProductGetter::getViewedProduct().` | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45376 |
CVE-2023-30131 | An issue discovered in IXP EasyInstall 6.6.14884.0 allows attackers to run arbitrary commands, gain escalated privilege, and cause other unspecified impacts via unauthenticated API calls. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30131 |
CVE-2023-34051 | VMware Aria Operations for Logs contains an authentication bypass vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-34051 |
CVE-2020-36706 | The Simple:Press – WordPress Forum Plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ~/admin/resources/jscript/ajaxupload/sf-uploader.php file in versions up to, and including, 6.6.0. This makes it possible for attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-36706 |
CVE-2023-39680 | Sollace Unicopia version 1.1.1 and before was discovered to deserialize untrusted data, allowing attackers to execute arbitrary code. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-39680 |
CVE-2023-4402 | The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_products function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4402 |
CVE-2023-4488 | The Dropbox Folder Share for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.9.7 via the editor-view.php file. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4488 |
CVE-2023-5533 | The AI ChatBot plugin for WordPress is vulnerable to unauthorized use of AJAX actions due to missing capability checks on the corresponding functions in versions up to, and including, 4.8.9 as well as 4.9.2. This makes it possible for unauthenticated attackers to perform some of those actions that were intended for higher privileged users. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5533 |
CVE-2023-37824 | Sitolog sitologapplicationconnect v7.8.a and before was discovered to contain a SQL injection vulnerability via the component /activate_hook.php. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-37824 |
CVE-2023-5682 | A vulnerability has been found in Tongda OA 2017 and classified as critical. This vulnerability affects unknown code of the file general/hr/training/record/delete.php. The manipulation of the argument RECORD_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-243058 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5682 |
CVE-2023-32785 | In Langchain through 0.0.155, prompt injection allows execution of arbitrary code against the SQL service provided by the chain. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-32785 |
CVE-2023-45666 | stb_image is a single file MIT licensed library for processing images. It may look like `stbi__load_gif_main` doesn’t give guarantees about the content of output value `*delays` upon failure. Although it sets `*delays` to zero at the beginning, it doesn’t do it in case the image is not recognized as GIF and a call to `stbi__load_gif_main_outofmem` only frees possibly allocated memory in `*delays` without resetting it to zero. Thus it would be fair to say the caller of `stbi__load_gif_main` is responsible to free the allocated memory in `*delays` only if `stbi__load_gif_main` returns a non null value. However at the same time the function may return null value, but fail to free the memory in `*delays` if internally `stbi__convert_format` is called and fails. Thus the issue may lead to a memory leak if the caller chooses to free `delays` only when `stbi__load_gif_main` didn’t fail or to a double-free if the `delays` is always freed | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45666 |
CVE-2023-5683 | A vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20231010 and classified as critical. This issue affects some unknown processing of the file /sysmanage/importconf.php. The manipulation of the argument btn_file_renew leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243059. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5683 |
CVE-2023-5684 | A vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20231012. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /importexport.php. The manipulation leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243061 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5684 |
CVE-2023-46300 | iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain escape sequences related to tmux integration. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46300 |
CVE-2023-46301 | iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain escape sequences related to upload. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46301 |
CVE-2023-5693 | A vulnerability was found in CodeAstro Internet Banking System 1.0 and classified as critical. This issue affects some unknown processing of the file pages_reset_pwd.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243131. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5693 |
CVE-2023-5700 | A vulnerability, which was classified as critical, was found in Netentsec NS-ASG Application Security Gateway 6.3. Affected is an unknown function of the file /protocol/iscgwtunnel/uploadiscgwrouteconf.php. The manipulation of the argument GWLinkId leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-243138 is the identifier assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5700 |
CVE-2023-28805 | An Improper Input Validation vulnerability in Zscaler Client Connector on Linux allows Privilege Escalation. This issue affects Client Connector: before 1.4.0.105 | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28805 |
CVE-2022-22466 | IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 225222. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-22466 |
CVE-2023-27152 | DECISO OPNsense 23.1 does not impose rate limits for authentication, allowing attackers to perform a brute-force attack to bypass authentication. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27152 |
CVE-2023-37635 | UVDesk Community Skeleton v1.1.1 allows unauthenticated attackers to perform brute force attacks on the login page to gain access to the application. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-37635 |
CVE-2023-30912 | \nA remote code execution issue exists in HPE OneView.\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30912 |
CVE-2023-31581 | Dromara Sureness before v1.0.8 was discovered to use a hardcoded key. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-31581 |
CVE-2023-34048 | vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-34048 |
CVE-2023-37283 | Under a very specific and highly unrecommended configuration, authentication bypass is possible in the PingFederate Identifier First Adapter\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-37283 |
CVE-2023-39930 | A first-factor authentication bypass vulnerability exists in the PingFederate with PingID Radius PCV when a MSCHAP authentication request is sent via a maliciously crafted RADIUS client request. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-39930 |
CVE-2023-44794 | An issue in Dromara SaToken version 1.36.0 and before allows a remote attacker to escalate privileges via a crafted payload to the URL. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44794 |
CVE-2023-45554 | File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker to execute arbitrary code via modification of the imageext parameter from jpg, jpeg,gif, and png to jpg, jpeg,gif, png, pphphp. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45554 |
CVE-2023-46520 | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function uninstallPluginReqHandle. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46520 |
CVE-2023-46521 | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function RegisterRegister. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46521 |
CVE-2023-46522 | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function deviceInfoRegister. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46522 |
CVE-2023-46523 | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function upgradeInfoRegister. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46523 |
CVE-2023-46525 | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function loginRegister. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46525 |
CVE-2023-46526 | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function resetCloudPwdRegister. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46526 |
CVE-2023-46527 | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function bindRequestHandle. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46527 |
CVE-2023-46534 | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function modifyAccPwdRegister. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46534 |
CVE-2023-46535 | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function getResetVeriRegister. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46535 |
CVE-2023-46536 | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function chkRegVeriRegister. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46536 |
CVE-2023-46537 | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function getRegVeriRegister. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46537 |
CVE-2023-46538 | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function chkResetVeriRegister. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46538 |
CVE-2023-46539 | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function registerRequestHandle. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46539 |
CVE-2023-46554 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMapDel. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46554 |
CVE-2023-46555 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formPortFw. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46555 |
CVE-2023-46556 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formFilter. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46556 |
CVE-2023-46557 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMultiAPVLAN. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46557 |
CVE-2023-46558 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMapDelDevice. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46558 |
CVE-2023-46559 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formIPv6Addr. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46559 |
CVE-2023-46560 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formTcpipSetup. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46560 |
CVE-2023-46562 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formDosCfg. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46562 |
CVE-2023-46563 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formIpQoS. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46563 |
CVE-2023-46564 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formDMZ. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46564 |
CVE-2023-46574 | An issue in TOTOLINK A3700R v.9.1.2u.6165_20211012 allows a remote attacker to execute arbitrary code via the FileName parameter of the UploadFirmwareFile function. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46574 |
CVE-2023-5790 | A vulnerability classified as critical was found in SourceCodester File Manager App 1.0. Affected by this vulnerability is an unknown functionality of the file endpoint/add-file.php. The manipulation of the argument uploadedFileName leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243595. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5790 |
CVE-2023-5792 | A vulnerability has been found in SourceCodester Sticky Notes App 1.0 and classified as critical. This vulnerability affects unknown code of the file endpoint/delete-note.php. The manipulation of the argument note leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-243598 is the identifier assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5792 |
CVE-2023-46435 | Sourcecodester Packers and Movers Management System v1.0 is vulnerable to SQL Injection via mpms/?p=services/view_service&id. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46435 |
CVE-2023-44267 | Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'lnm' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44267 |
CVE-2023-46747 | \n\n\nUndisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46747 |
CVE-2023-43737 | Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'fnm' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43737 |
CVE-2023-44268 | Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'gender' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44268 |
CVE-2023-43738 | Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'email' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43738 |
CVE-2023-44162 | Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'contact' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44162 |
CVE-2023-44375 | Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'add1' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44375 |
CVE-2023-44376 | Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'add2' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44376 |
CVE-2023-44377 | Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'add3' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44377 |
CVE-2023-5807 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TRtek Software Education Portal allows SQL Injection.This issue affects Education Portal: before 3.2023.29.\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5807 |
CVE-2023-44480 | Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setcasualleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database.\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44480 |
CVE-2023-46509 | An issue in Contec SolarView Compact v.6.0 and before allows an attacker to execute arbitrary code via the texteditor.php component. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46509 |
CVE-2023-46569 | An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32_fpu function of libr/arch/p/nds32/nds32-dis.h. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46569 |
CVE-2023-46570 | An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32 function of libr/arch/p/nds32/nds32-dis.h. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46570 |
CVE-2022-37830 | Interway a.s WebJET CMS 8.6.896 is vulnerable to Cross Site Scripting (XSS). | 9.6 | https://nvd.nist.gov/vuln/detail/CVE-2022-37830 |
CVE-2023-45992 | A vulnerability in the web-based interface of the RUCKUS Cloudpath product on version 5.12 build 5538 or before to could allow a remote, unauthenticated attacker to execute persistent XSS and CSRF attacks against a user of the admin management interface. A successful attack, combined with a certain admin activity, could allow the attacker to gain full admin privileges on the exploited system. | 9.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-45992 |
CVE-2023-41895 | Home assistant is an open source home automation. The Home Assistant login page allows users to use their local Home Assistant credentials and log in to another website that specifies the `redirect_uri` and `client_id` parameters. Although the `redirect_uri` validation typically ensures that it matches the `client_id` and the scheme represents either `http` or `https`, Home Assistant will fetch the `client_id` and check for `<link rel="redirect_uri" href="...">` HTML tags on the page. These URLs are not subjected to the same scheme validation and thus allow for arbitrary JavaScript execution on the Home Assistant administration page via usage of `javascript\:` scheme URIs. This Cross-site Scripting (XSS) vulnerability can be executed on the Home Assistant frontend domain, which may be used for a full takeover of the Home Assistant account and installation. This issue has been addressed in version 2023.9.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 9.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-41895 |
CVE-2023-41897 | Home assistant is an open source home automation. Home Assistant server does not set any HTTP security headers, including the X-Frame-Options header, which specifies whether the web page is allowed to be framed. The omission of this and correlating headers facilitates covert clickjacking attacks and alternative exploit opportunities, such as the vector described in this security advisory. This fault incurs major risk, considering the ability to trick users into installing an external and malicious add-on with minimal user interaction, which would enable Remote Code Execution (RCE) within the Home Assistant application. This issue has been addressed in version 2023.9.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 9.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-41897 |
CVE-2023-37908 | XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. The cleaning of attributes during XHTML rendering, introduced in version 14.6-rc-1, allowed the injection of arbitrary HTML code and thus cross-site scripting via invalid attribute names. This can be exploited, e.g., via the link syntax in any content that supports XWiki syntax like comments in XWiki. When a user moves the mouse over a malicious link, the malicious JavaScript code is executed in the context of the user session. When this user is a privileged user who has programming rights, this allows server-side code execution with programming rights, impacting the confidentiality, integrity and availability of the XWiki instance. While this attribute was correctly recognized as not allowed, the attribute was still printed with a prefix `data-xwiki-translated-attribute-` without further cleaning or validation. This problem has been patched in XWiki 14.10.4 and 15.0 RC1 by removing characters not allowed in data attributes and then validating the cleaned attribute again. There are no known workarounds apart from upgrading to a version including the fix. | 9.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-37908 |
CVE-2019-10309 | Jenkins Self-Organizing Swarm Plug-in Modules Plugin clients that use UDP broadcasts to discover Jenkins masters do not prevent XML External Entity processing when processing the responses, allowing unauthorized attackers on the same network to read arbitrary files from Swarm clients. | 9.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-10309 |
CVE-2023-5576 | The Migration, Backup, Staging - WPvivid plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 0.9.91 via Google Drive API secrets stored in plaintext in the publicly visible plugin source. This could allow unauthenticated attackers to impersonate the WPVivid Google Drive account via the API if they can trick a user into reauthenticating via another vulnerability or social engineering. | 9.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-5576 |
CVE-2019-1003015 | An XML external entity processing vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/client/RestApiClient.java that allows attackers with the ability to control the HTTP server (Jenkins) queried in preparation of job import to read arbitrary files, perform a denial of service attack, etc. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003015 |
CVE-2021-25282 | An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-25282 |
CVE-2021-3144 | In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.) | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-3144 |
CVE-2021-21658 | Jenkins Nuget Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-21658 |
CVE-2021-21685 | Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agent-to-controller access to create parent directories in FilePath#mkdirs. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-21685 |
CVE-2021-21687 | Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agent-to-controller access to create symbolic links when unarchiving a symbolic link in FilePath#untar. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-21687 |
CVE-2021-21689 | FilePath#unzip and FilePath#untar were not subject to any agent-to-controller access control in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-21689 |
CVE-2021-21697 | Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allows any agent to read and write the contents of any build directory stored in Jenkins with very few restrictions. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-21697 |
CVE-2022-23096 | An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation lacks a check for the presence of sufficient Header Data, leading to an out-of-bounds read. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-23096 |
CVE-2022-23097 | An issue was discovered in the DNS proxy in Connman through 1.40. forward_dns_reply mishandles a strnlen call, leading to an out-of-bounds read. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-23097 |
CVE-2022-34181 | Jenkins xUnit Plugin 3.0.8 and earlier implements an agent-to-controller message that creates a user-specified directory if it doesn't exist, and parsing files inside it as test results, allowing attackers able to control agent processes to create an arbitrary directory on the Jenkins controller or to obtain test results from existing files in an attacker-specified directory. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-34181 |
CVE-2022-41241 | Jenkins RQM Plugin 2.8 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-41241 |
CVE-2023-41360 | An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c can read the initial byte of the ORF header in an ahead-of-stream situation. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-41360 |
CVE-2023-45278 | Directory Traversal vulnerability in the storage functionality of the API in Yamcs 5.8.6 allows attackers to delete arbitrary files via crafted HTTP DELETE request. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-45278 |
CVE-2023-26568 | Unauthenticated SQL injection in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-26568 |
CVE-2023-26569 | Unauthenticated SQL injection in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-26569 |
CVE-2023-26572 | Unauthenticated SQL injection in the GetExcursionList method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-26572 |
CVE-2023-26573 | Missing authentication in the SetDB method in IDAttend’s IDWeb application 3.1.052 and earlier allows denial of service or theft of database login credentials. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-26573 |
CVE-2023-26581 | Unauthenticated SQL injection in the GetVisitors method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-26581 |
CVE-2023-26582 | Unauthenticated SQL injection in the GetExcursionDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-26582 |
CVE-2023-26583 | Unauthenticated SQL injection in the GetCurrentPeriod method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-26583 |
CVE-2023-26584 | Unauthenticated SQL injection in the GetStudentInconsistencies method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-26584 |
CVE-2023-27254 | Unauthenticated SQL injection in the GetRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-27254 |
CVE-2023-27255 | Unauthenticated SQL injection in the DeleteRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-27255 |
CVE-2023-27260 | Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-27260 |
CVE-2023-27262 | Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-27262 |
CVE-2021-45046 | It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default. | 9 | https://nvd.nist.gov/vuln/detail/CVE-2021-45046 |
CVE-2022-40287 | \nThe application was found to be vulnerable to an authenticated Stored Cross-Site Scripting (XSS) vulnerability in messaging functionality, leading to privilege escalation or a compromise of a targeted account.\n\n | 9 | https://nvd.nist.gov/vuln/detail/CVE-2022-40287 |
CVE-2022-40288 | \nThe application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the user profile data fields, which could be leveraged to escalate privileges within and compromise any account that views their user profile.\n\n | 9 | https://nvd.nist.gov/vuln/detail/CVE-2022-40288 |
CVE-2022-40289 | \nThe application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the upload and download functionality, which could be leveraged to escalate privileges or compromise any accounts they can coerce into observing the targeted files.\n\n | 9 | https://nvd.nist.gov/vuln/detail/CVE-2022-40289 |
CVE-2023-41896 | Home assistant is an open source home automation. Whilst auditing the frontend code to identify hidden parameters, Cure53 detected `auth_callback=1`, which is leveraged by the WebSocket authentication logic in tandem with the `state` parameter. The state parameter contains the `hassUrl`, which is subsequently utilized to establish a WebSocket connection. This behavior permits an attacker to create a malicious Home Assistant link with a modified state parameter that forces the frontend to connect to an alternative WebSocket backend. Henceforth, the attacker can spoof any WebSocket responses and trigger cross site scripting (XSS). Since the XSS is executed on the actual Home Assistant frontend domain, it can connect to the real Home Assistant backend, which essentially represents a comprehensive takeover scenario. Permitting the site to be iframed by other origins, as discussed in GHSA-935v-rmg9-44mw, renders this exploit substantially covert since a malicious website can obfuscate the compromise strategy in the background. However, even without this, the attacker can still send the `auth_callback` link directly to the victim user. To mitigate this issue, Cure53 advises modifying the WebSocket code’s authentication flow. An optimal implementation in this regard would not trust the `hassUrl` passed in by a GET parameter. Cure53 must stipulate the significant time required of the Cure53 consultants to identify an XSS vector, despite holding full control over the WebSocket responses. In many areas, data from the WebSocket was properly sanitized, which hinders post-exploitation. The audit team eventually detected the `js_url` for custom panels, though generally, the frontend exhibited reasonable security hardening. This issue has been addressed in Home Assistant Core version 2023.8.0 and in the npm package home-assistant-js-websocket in version 8.2.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 9 | https://nvd.nist.gov/vuln/detail/CVE-2023-41896 |
CVE Number | Description | Base Score | Reference |
---|---|---|---|
CVE-2017-8625 | Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to bypass Device Guard User Mode Code Integrity (UMCI) policies due to Internet Explorer failing to validate UMCI policies, aka "Internet Explorer Security Feature Bypass Vulnerability". | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-8625 |
CVE-2019-1003000 | A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003000 |
CVE-2019-1003001 | A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins/workflow/cps/CpsFlowDefinition.java, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShellFactory.java that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003001 |
CVE-2019-1003002 | A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/Converter.groovy that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003002 |
CVE-2019-1003005 | A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.50 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003005 |
CVE-2019-1003006 | A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.0 and earlier in src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003006 |
CVE-2019-1003007 | A cross-site request forgery vulnerability exists in Jenkins Warnings Plugin 5.0.0 and earlier in src/main/java/hudson/plugins/warnings/GroovyParser.java that allows attackers to execute arbitrary code via a form validation HTTP endpoint. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003007 |
CVE-2019-1003008 | A cross-site request forgery vulnerability exists in Jenkins Warnings Next Generation Plugin 2.1.1 and earlier in src/main/java/io/jenkins/plugins/analysis/warnings/groovy/GroovyParser.java that allows attackers to execute arbitrary code via a form validation HTTP endpoint. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003008 |
CVE-2019-1003016 | An exposure of sensitive information vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/JobImportAction.java, src/main/java/org/jenkins/ci/plugins/jobimport/JobImportGlobalConfig.java, src/main/java/org/jenkins/ci/plugins/jobimport/model/JenkinsSite.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003016 |
CVE-2019-1003024 | A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.52 and earlier in RejectASTTransformsCustomizer.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003024 |
CVE-2019-1003025 | A exposure of sensitive information vulnerability exists in Jenkins Cloud Foundry Plugin 2.3.1 and earlier in AbstractCloudFoundryPushDescriptor.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003025 |
CVE-2019-9199 | PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-9199 |
CVE-2019-1003033 | A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.1 and earlier in pom.xml, src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003033 |
CVE-2019-1003039 | An insufficiently protected credentials vulnerability exists in JenkinsAppDynamics Dashboard Plugin 1.0.14 and earlier in src/main/java/nl/codecentric/jenkins/appd/AppDynamicsResultsPublisher.java that allows attackers without permission to obtain passwords configured in jobs to obtain them. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003039 |
CVE-2019-1003051 | Jenkins IRC Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003051 |
CVE-2019-1003052 | Jenkins AWS Elastic Beanstalk Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003052 |
CVE-2019-1003053 | Jenkins HockeyApp Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003053 |
CVE-2019-1003054 | Jenkins Jira Issue Updater Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003054 |
CVE-2019-1003055 | Jenkins FTP publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003055 |
CVE-2019-1003056 | Jenkins WebSphere Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003056 |
CVE-2019-1003057 | Jenkins Bitbucket Approve Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003057 |
CVE-2019-1003060 | Jenkins Official OWASP ZAP Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003060 |
CVE-2019-1003061 | Jenkins jenkins-cloudformation-plugin Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003061 |
CVE-2019-1003062 | Jenkins AWS CloudWatch Logs Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003062 |
CVE-2019-1003063 | Jenkins Amazon SNS Build Notifier Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003063 |
CVE-2019-1003064 | Jenkins aws-device-farm Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003064 |
CVE-2019-1003065 | Jenkins CloudShare Docker-Machine Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003065 |
CVE-2019-1003066 | Jenkins Bugzilla Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003066 |
CVE-2019-1003067 | Jenkins Trac Publisher Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003067 |
CVE-2019-1003068 | Jenkins VMware vRealize Automation Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003068 |
CVE-2019-1003069 | Jenkins Aqua Security Scanner Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003069 |
CVE-2019-1003070 | Jenkins veracode-scanner Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003070 |
CVE-2019-1003071 | Jenkins OctopusDeploy Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003071 |
CVE-2019-1003072 | Jenkins WildFly Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003072 |
CVE-2019-1003073 | Jenkins VS Team Services Continuous Deployment Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003073 |
CVE-2019-1003074 | Jenkins Hyper.sh Commons Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003074 |
CVE-2019-1003075 | Jenkins Audit to Database Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003075 |
CVE-2019-10277 | Jenkins StarTeam Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10277 |
CVE-2019-10280 | Jenkins Assembla Auth Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10280 |
CVE-2019-10281 | Jenkins Relution Enterprise Appstore Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10281 |
CVE-2019-10282 | Jenkins Klaros-Testmanagement Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10282 |
CVE-2019-10283 | Jenkins mabl Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10283 |
CVE-2019-10284 | Jenkins Diawi Upload Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10284 |
CVE-2019-10285 | Jenkins Minio Storage Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10285 |
CVE-2019-10286 | Jenkins DeployHub Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10286 |
CVE-2019-10287 | Jenkins youtrack-plugin Plugin 0.7.1 and older stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10287 |
CVE-2019-10288 | Jenkins Jabber Server Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10288 |
CVE-2019-10291 | Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10291 |
CVE-2019-10294 | Jenkins Kmap Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10294 |
CVE-2019-10295 | Jenkins crittercism-dsym Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10295 |
CVE-2019-10296 | Jenkins Serena SRA Deploy Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10296 |
CVE-2019-10297 | Jenkins Sametime Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10297 |
CVE-2019-10298 | Jenkins Koji Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10298 |
CVE-2019-10299 | Jenkins CloudCoreo DeployTime Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10299 |
CVE-2019-10301 | A missing permission check in Jenkins GitLab Plugin 1.5.11 and earlier in the GitLabConnectionConfig#doTestConnection form validation method allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10301 |
CVE-2019-10302 | Jenkins jira-ext Plugin 0.8 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10302 |
CVE-2019-10303 | Jenkins Azure PublisherSettings Credentials Plugin 1.2 and earlier stored credentials unencrypted in the credentials.xml file on the Jenkins master where they could be viewed by users with access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10303 |
CVE-2019-10310 | A cross-site request forgery vulnerability in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method allowed attackers permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10310 |
CVE-2019-10311 | A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10311 |
CVE-2019-10313 | Jenkins Twitter Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10313 |
CVE-2019-10315 | Jenkins GitHub Authentication Plugin 0.31 and earlier did not use the state parameter of OAuth to prevent CSRF. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10315 |
CVE-2019-10316 | Jenkins Aqua MicroScanner Plugin 1.0.5 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10316 |
CVE-2019-10318 | Jenkins Azure AD Plugin 0.3.3 and earlier stored the client secret unencrypted in the global config.xml configuration file on the Jenkins master where it could be viewed by users with access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10318 |
CVE-2019-10329 | Jenkins InfluxDB Plugin 1.21 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10329 |
CVE-2019-10338 | A cross-site request forgery vulnerability in Jenkins JX Resources Plugin 1.0.36 and earlier in GlobalPluginConfiguration#doValidateClient allowed attackers to have Jenkins connect to an attacker-specified Kubernetes server, potentially leaking credentials. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10338 |
CVE-2019-10339 | A missing permission check in Jenkins JX Resources Plugin 1.0.36 and earlier in GlobalPluginConfiguration#doValidateClient allowed users with Overall/Read access to have Jenkins connect to an attacker-specified Kubernetes server, potentially leaking credentials. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10339 |
CVE-2019-10340 | A cross-site request forgery vulnerability in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10340 |
CVE-2019-10347 | Jenkins Mashup Portlets Plugin stored credentials unencrypted on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10347 |
CVE-2019-10348 | Jenkins Gogs Plugin stored credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10348 |
CVE-2019-10350 | Jenkins Port Allocator Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10350 |
CVE-2019-10351 | Jenkins Caliper CI Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10351 |
CVE-2019-10355 | A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of type casts allowed attackers to execute arbitrary code in sandboxed scripts. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10355 |
CVE-2019-10356 | A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of method pointer expressions allowed attackers to execute arbitrary code in sandboxed scripts. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10356 |
CVE-2019-10368 | A cross-site request forgery vulnerability in Jenkins JClouds Plugin 2.14 and earlier in BlobStoreProfile.DescriptorImpl#doTestConnection and JCloudsCloud.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10368 |
CVE-2019-10380 | Jenkins Simple Travis Pipeline Runner Plugin 1.0 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10380 |
CVE-2019-10386 | A cross-site request forgery vulnerability in Jenkins XL TestView Plugin 1.2.0 and earlier in XLTestView.XLTestDescriptor#doTestConnection allows users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10386 |
CVE-2019-10384 | Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed users to obtain CSRF tokens without an associated web session ID, resulting in CSRF tokens that did not expire and could be used to bypass CSRF protection for the anonymous user. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10384 |
CVE-2019-10390 | A sandbox bypass vulnerability in Jenkins Splunk Plugin 1.7.4 and earlier allowed attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10390 |
CVE-2019-10392 | Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10392 |
CVE-2019-10437 | A cross-site request forgery vulnerability in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10437 |
CVE-2019-10440 | Jenkins NeoLoad Plugin 2.2.5 and earlier stored credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10440 |
CVE-2019-10443 | Jenkins iceScrum Plugin 1.1.4 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10443 |
CVE-2019-10448 | Jenkins Extensive Testing Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10448 |
CVE-2019-10449 | Jenkins Fortify on Demand Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10449 |
CVE-2019-10464 | A cross-site request forgery vulnerability in Jenkins Deploy WebLogic Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials, or determine whether a file or directory with an attacker-specified path exists on the Jenkins master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10464 |
CVE-2019-10468 | A cross-site request forgery vulnerability in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10468 |
CVE-2019-10471 | A cross-site request forgery vulnerability in Jenkins Libvirt Slaves Plugin allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10471 |
CVE-2019-16538 | A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.67 and earlier related to the handling of default parameter expressions in closures allowed attackers to execute arbitrary code in sandboxed scripts. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-16538 |
CVE-2019-16544 | Jenkins QMetry for JIRA - Test Management Plugin 1.12 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-16544 |
CVE-2019-16548 | A cross-site request forgery vulnerability in Jenkins Google Compute Engine Plugin 4.1.1 and earlier in ComputeEngineCloud#doProvision could be used to provision new agents. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-16548 |
CVE-2019-16550 | A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-16550 |
CVE-2019-16551 | A cross-site request forgery vulnerability in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-16551 |
CVE-2019-16553 | A cross-site request forgery vulnerability in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers to have Jenkins evaluate a computationally expensive regular expression. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-16553 |
CVE-2019-16560 | A cross-site request forgery vulnerability in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers to perform connection tests and determine whether files with an attacker-specified path exist on the Jenkins master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-16560 |
CVE-2019-16565 | A cross-site request forgery vulnerability in Jenkins Team Concert Plugin 1.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-16565 |
CVE-2019-16570 | A cross-site request forgery vulnerability in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers to connect to an attacker-specified web server. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-16570 |
CVE-2019-16573 | A cross-site request forgery vulnerability in Jenkins Alauda DevOps Pipeline Plugin 2.3.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-16573 |
CVE-2019-16575 | A cross-site request forgery vulnerability in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing the Kubernetes service account token or credentials stored in Jenkins. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-16575 |
CVE-2020-2090 | A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2090 |
CVE-2020-2092 | Jenkins Robot Framework Plugin 2.0.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing users with Job/Configure to have Jenkins parse crafted XML documents. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2092 |
CVE-2020-2093 | A cross-site request forgery vulnerability in Jenkins Health Advisor by CloudBees Plugin 3.0 and earlier allows attackers to send an email with fixed content to an attacker-specified recipient. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2093 |
CVE-2020-2097 | Jenkins Sounds Plugin 0.5 and earlier does not perform permission checks in URLs performing form validation, allowing attackers with Overall/Read access to execute arbitrary OS commands as the OS user account running Jenkins. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2097 |
CVE-2020-2098 | A cross-site request forgery vulnerability in Jenkins Sounds Plugin 0.5 and earlier allows attacker to execute arbitrary OS commands as the OS user account running Jenkins. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2098 |
CVE-2020-2109 | Sandbox protection in Jenkins Pipeline: Groovy Plugin 2.78 and earlier can be circumvented through default parameter expressions in CPS-transformed methods. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2109 |
CVE-2020-2110 | Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2110 |
CVE-2020-2115 | Jenkins NUnit Plugin 0.25 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2115 |
CVE-2020-2116 | A cross-site request forgery vulnerability in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2116 |
CVE-2020-2120 | Jenkins FitNesse Plugin 1.30 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2120 |
CVE-2020-2121 | Jenkins Google Kubernetes Engine Plugin 0.8.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2121 |
CVE-2020-2123 | Jenkins RadarGun Plugin 1.7 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2123 |
CVE-2020-2134 | Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted constructor calls and crafted constructor bodies. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2134 |
CVE-2020-2135 | Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted method calls on objects that implement GroovyInterceptable. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2135 |
CVE-2020-2158 | Jenkins Literate Plugin 1.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2158 |
CVE-2020-2159 | Jenkins CryptoMove Plugin 0.1.33 and earlier allows attackers with Job/Configure access to execute arbitrary OS commands on the Jenkins master as the OS user account running Jenkins. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2159 |
CVE-2020-2160 | Jenkins 2.227 and earlier, LTS 2.204.5 and earlier uses different representations of request URL paths, which allows attackers to craft URLs that allow bypassing CSRF protection of any target URL. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2160 |
CVE-2020-2166 | Jenkins Pipeline: AWS Steps Plugin 1.40 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2166 |
CVE-2020-2167 | Jenkins OpenShift Pipeline Plugin 1.0.56 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2167 |
CVE-2020-2168 | Jenkins Azure Container Service Plugin 1.0.1 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2168 |
CVE-2020-2171 | Jenkins RapidDeploy Plugin 4.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2171 |
CVE-2020-2179 | Jenkins Yaml Axis Plugin 0.2.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2179 |
CVE-2020-2180 | Jenkins AWS SAM Plugin 1.2.2 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2180 |
CVE-2020-2189 | Jenkins SCM Filter Jervis Plugin 0.2.1 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2189 |
CVE-2020-2200 | Jenkins Play Framework Plugin 1.0.2 and earlier lets users specify the path to the `play` command on the Jenkins master for a form validation endpoint, resulting in an OS command injection vulnerability exploitable by users able to store such a file on the Jenkins master. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2200 |
CVE-2020-2211 | Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin 1.3 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2211 |
CVE-2020-2228 | Jenkins Gitlab Authentication Plugin 1.5 and earlier does not perform group authorization checks properly, resulting in a privilege escalation vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2228 |
CVE-2020-2240 | A cross-site request forgery (CSRF) vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to execute arbitrary SQL scripts. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2240 |
CVE-2020-2241 | A cross-site request forgery (CSRF) vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to connect to an attacker-specified database server using attacker-specified credentials. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2241 |
CVE-2020-2261 | Jenkins Perfecto Plugin 1.17 and earlier executes a command on the Jenkins controller, allowing attackers with Job/Configure permission to run arbitrary commands on the Jenkins controller | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2261 |
CVE-2020-2268 | A cross-site request forgery (CSRF) vulnerability in Jenkins MongoDB Plugin 1.3 and earlier allows attackers to gain access to some metadata of any arbitrary files on the Jenkins controller. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2268 |
CVE-2020-2276 | Jenkins Selection tasks Plugin 1.0 and earlier executes a user-specified program on the Jenkins controller, allowing attackers with Job/Configure permission to execute an arbitrary system command on the Jenkins controller as the OS user that the Jenkins process is running as. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2276 |
CVE-2020-2280 | A cross-site request forgery (CSRF) vulnerability in Jenkins Warnings Plugin 5.0.1 and earlier allows attackers to execute arbitrary code. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2280 |
CVE-2020-2286 | Jenkins Role-based Authorization Strategy Plugin 3.0 and earlier does not properly invalidate a permission cache when the configuration is changed, resulting in permissions being granted based on an outdated configuration. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2286 |
CVE-2021-21617 | A cross-site request forgery (CSRF) vulnerability in Jenkins Configuration Slicing Plugin 1.51 and earlier allows attackers to apply different slice configurations. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21617 |
CVE-2021-21627 | A cross-site request forgery (CSRF) vulnerability in Jenkins Libvirt Agents Plugin 1.9.0 and earlier allows attackers to stop hypervisor domains. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21627 |
CVE-2021-21629 | A cross-site request forgery (CSRF) vulnerability in Jenkins Build With Parameters Plugin 1.5 and earlier allows attackers to build a project with attacker-specified parameters. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21629 |
CVE-2021-21633 | A cross-site request forgery (CSRF) vulnerability in Jenkins OWASP Dependency-Track Plugin 3.1.0 and earlier allows attackers to connect to an attacker-specified URL, capturing credentials stored in Jenkins. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21633 |
CVE-2021-21638 | A cross-site request forgery (CSRF) vulnerability in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21638 |
CVE-2021-21646 | Jenkins Templating Engine Plugin 2.1 and earlier does not protect its pipeline configurations using Script Security Plugin, allowing attackers with Job/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21646 |
CVE-2021-21657 | Jenkins Filesystem Trigger Plugin 0.40 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21657 |
CVE-2021-30560 | Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-30560 |
CVE-2021-21677 | Jenkins Code Coverage API Plugin 1.4.0 and earlier does not apply Jenkins JEP-200 deserialization protection to Java objects it deserializes from disk, resulting in a remote code execution vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21677 |
CVE-2021-21678 | Jenkins SAML Plugin 2.0.7 and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21678 |
CVE-2021-21679 | Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21679 |
CVE-2021-21695 | FilePath#listFiles lists files outside directories that agents are allowed to access when following symbolic links in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21695 |
CVE-2022-20617 | Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure permission or able to control the contents of a previously configured job's SCM repository. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-20617 |
CVE-2022-23118 | Jenkins Debian Package Builder Plugin 1.6.11 and earlier implements functionality that allows agents to invoke command-line `git` at an attacker-specified path on the controller, allowing attackers able to control agent processes to invoke arbitrary OS commands on the controller. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-23118 |
CVE-2022-25173 | Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier uses the same checkout directories for distinct SCMs when reading the script file (typically Jenkinsfile) for Pipelines, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25173 |
CVE-2022-25174 | Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier uses the same checkout directories for distinct SCMs for Pipeline libraries, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25174 |
CVE-2022-25175 | Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier uses the same checkout directories for distinct SCMs for the readTrusted step, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25175 |
CVE-2022-25181 | A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier allows attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM through crafted SCM contents, if a global Pipeline library already exists. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25181 |
CVE-2022-25182 | A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier allows attackers with Item/Configure permission to execute arbitrary code on the Jenkins controller JVM using specially crafted library names if a global Pipeline library is already configured. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25182 |
CVE-2022-25183 | Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier uses the names of Pipeline libraries to create cache directories without any sanitization, allowing attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM using specially crafted library names if a global Pipeline library configured to use caching already exists. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25183 |
CVE-2022-25192 | A cross-site request forgery (CSRF) vulnerability in Jenkins Snow Commander Plugin 1.10 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25192 |
CVE-2022-25194 | A cross-site request forgery (CSRF) vulnerability in Jenkins autonomiq Plugin 1.15 and earlier allows attackers to connect to an attacker-specified URL server using attacker-specified credentials. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25194 |
CVE-2022-25198 | A cross-site request forgery (CSRF) vulnerability in Jenkins SCP publisher Plugin 1.8 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25198 |
CVE-2022-25199 | A missing permission check in Jenkins SCP publisher Plugin 1.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25199 |
CVE-2022-25200 | A cross-site request forgery (CSRF) vulnerability in Jenkins Checkmarx Plugin 2022.1.2 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25200 |
CVE-2022-25205 | A cross-site request forgery (CSRF) vulnerability in Jenkins dbCharts Plugin 0.5.2 and earlier allows attackers to connect to an attacker-specified database via JDBC using attacker-specified credentials and to determine if a class is available in the Jenkins instance. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25205 |
CVE-2022-25206 | A missing check in Jenkins dbCharts Plugin 0.5.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified database via JDBC using attacker-specified credentials. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25206 |
CVE-2022-25207 | A cross-site request forgery (CSRF) vulnerability in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25207 |
CVE-2022-25208 | A missing permission check in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers with Overall/Read permission to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25208 |
CVE-2022-25209 | Jenkins Chef Sinatra Plugin 1.20 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25209 |
CVE-2022-25211 | A missing permission check in Jenkins SWAMP Plugin 1.2.6 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server using attacker-specified credentials. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25211 |
CVE-2022-25212 | A cross-site request forgery (CSRF) vulnerability in Jenkins SWAMP Plugin 1.2.6 and earlier allows attackers to connect to an attacker-specified web server using attacker-specified credentials. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25212 |
CVE-2022-27204 | A cross-site request forgery vulnerability in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers to connect to an attacker-specified URL. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-27204 |
CVE-2022-26183 | PNPM v6.15.1 and below was discovered to contain an untrusted search path which causes the application to behave in unexpected ways when users execute PNPM commands in a directory containing malicious content. This vulnerability occurs when the application is ran on Windows OS. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26183 |
CVE-2022-28136 | A cross-site request forgery (CSRF) vulnerability in Jenkins JiraTestResultReporter Plugin 165.v817928553942 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-28136 |
CVE-2022-28150 | A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to change the owners and item-specific permissions of a job. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-28150 |
CVE-2022-22934 | An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the minion’s public key, which can result in attackers substituting arbitrary pillar data. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-22934 |
CVE-2022-22936 | An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Job publishes and file server replies are susceptible to replay attacks, which can result in an attacker replaying job publishes causing minions to run old jobs. File server replies can also be re-played. A sufficient craft attacker could gain root access on minion under certain scenarios. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-22936 |
CVE-2022-22941 | An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. When configured as a Master-of-Masters, with a publisher_acl, if a user configured in the publisher_acl targets any minion connected to the Syndic, the Salt Master incorrectly interpreted no valid targets as valid, allowing configured users to target any of the minions connected to the syndic with their configured commands. This requires a syndic master combined with publisher_acl configured on the Master-of-Masters, allowing users specified in the publisher_acl to bypass permissions, publishing authorized commands to any configured minion. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-22941 |
CVE-2022-29050 | A cross-site request forgery (CSRF) vulnerability in Jenkins Publish Over FTP Plugin 1.16 and earlier allows attackers to connect to an FTP server using attacker-specified credentials. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-29050 |
CVE-2022-30950 | Jenkins WMI Windows Agents Plugin 1.8 and earlier includes the Windows Remote Command library which has a buffer overflow vulnerability that may allow users able to connect to a named pipe to execute commands on the Windows agent machine. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30950 |
CVE-2022-30951 | Jenkins WMI Windows Agents Plugin 1.8 and earlier includes the Windows Remote Command library does not implement access control, potentially allowing users to start processes even if they're not allowed to log in. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30951 |
CVE-2022-30958 | A cross-site request forgery (CSRF) vulnerability in Jenkins SSH Plugin 2.6.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30958 |
CVE-2022-30969 | A cross-site request forgery (CSRF) vulnerability in Jenkins Autocomplete Parameter Plugin 1.1 and earlier allows attackers to execute arbitrary code without sandbox protection if the victim is an administrator. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30969 |
CVE-2022-30971 | Jenkins Storable Configs Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30971 |
CVE-2022-30972 | A cross-site request forgery (CSRF) vulnerability in Jenkins Storable Configs Plugin 1.0 and earlier allows attackers to have Jenkins parse a local XML file (e.g., archived artifacts) that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30972 |
CVE-2022-29450 | Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Admin Management Xtended plugin <= 2.4.4 at WordPress.\n\n | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-29450 |
CVE-2022-22967 | An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allows a previously authorized user whose account is locked still run Salt commands when their account is locked. This affects both local shell accounts with an active session and salt-api users that authenticate via PAM eauth. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-22967 |
CVE-2022-34200 | A cross-site request forgery (CSRF) vulnerability in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers to connect to an attacker-specified URL. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-34200 |
CVE-2022-34203 | A cross-site request forgery (CSRF) vulnerability in Jenkins EasyQA Plugin 1.0 and earlier allows attackers to connect to an attacker-specified HTTP server. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-34203 |
CVE-2022-34134 | Benjamin BALET Jorani v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /application/controllers/Users.php. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-34134 |
CVE-2022-34793 | Jenkins Recipe Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-34793 |
CVE-2022-30550 | An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the same driver and args settings, incorrect username_filter and mechanism settings can be applied to passdb definitions. These incorrectly applied settings can lead to an unintended security configuration and can permit privilege escalation in certain configurations. The documentation does not advise against the use of passdb definitions that have the same driver and args settings. One such configuration would be where an administrator wishes to use the same PAM configuration or passwd file for both normal and master users but use the username_filter setting to restrict which of the users is able to be a master user. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30550 |
CVE-2022-36882 | A cross-site request forgery (CSRF) vulnerability in Jenkins Git Plugin 4.11.3 and earlier allows attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-36882 |
CVE-2022-36889 | Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the application path of the applications when configuring a deployment, allowing attackers with Item/Configure permission to upload arbitrary files from the Jenkins controller file system to the selected service. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-36889 |
CVE-2022-36920 | A cross-site request forgery (CSRF) vulnerability in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-36920 |
CVE-2022-41227 | A cross-site request forgery (CSRF) vulnerability in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-41227 |
CVE-2022-41228 | A missing permission check in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers with Overall/Read permissions to connect to an attacker-specified webserver using attacker-specified credentials. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-41228 |
CVE-2022-41234 | Jenkins Rundeck Plugin 3.6.11 and earlier does not protect access to the /plugin/rundeck/webhook/ endpoint, allowing users with Overall/Read permission to trigger jobs that are configured to be triggerable via Rundeck. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-41234 |
CVE-2022-41236 | A cross-site request forgery (CSRF) vulnerability in Jenkins Security Inspector Plugin 117.v6eecc36919c2 and earlier allows attackers to replace the generated report stored in a per-session cache and displayed to authorized users at the .../report URL with a report based on attacker-specified report generation options. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-41236 |
CVE-2022-41245 | A cross-site request forgery (CSRF) vulnerability in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-41245 |
CVE-2022-41249 | A cross-site request forgery (CSRF) vulnerability in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-41249 |
CVE-2022-41253 | A cross-site request forgery (CSRF) vulnerability in Jenkins CONS3RT Plugin 1.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-41253 |
CVE-2022-43407 | Jenkins Pipeline: Input Step Plugin 451.vf1a_a_4f405289 and earlier does not restrict or sanitize the optionally specified ID of the 'input' step, which is used for the URLs that process user interactions for the given 'input' step (proceed or abort) and is not correctly encoded, allowing attackers able to configure Pipelines to have Jenkins build URLs from 'input' step IDs that would bypass the CSRF protection of any target URL in Jenkins when the 'input' step is interacted with. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-43407 |
CVE-2022-43416 | Jenkins Katalon Plugin 1.0.32 and earlier implements an agent/controller message that does not limit where it can be executed and allows invoking Katalon with configurable arguments, allowing attackers able to control agent processes to invoke Katalon on the Jenkins controller with attacker-controlled version, install location, and arguments, and attackers additionally able to create files on the Jenkins controller (e.g., attackers with Item/Configure permission could archive artifacts) to invoke arbitrary OS commands. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-43416 |
CVE-2022-42344 | Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Incorrect Authorization vulnerability. An authenticated attacker can exploit this vulnerability to achieve information exposure and privilege escalation. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-42344 |
CVE-2022-39016 | \nJavascript injection in PDFtron in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to perform an account takeover via a crafted PDF upload. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-39016 |
CVE-2022-40291 | \nThe application was vulnerable to Cross-Site Request Forgery (CSRF) attacks, allowing an attacker to coerce users into sending malicious requests to the site to delete their account, or in rare circumstances, hijack their account and create other admin accounts.\n\n | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-40291 |
CVE-2022-40294 | \nThe application was identified to have an CSV injection in data export functionality, allowing for malicious code to be embedded within export data and then triggered in exported data viewers.\n\n | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-40294 |
CVE-2022-41775 | SQL Injection in \n\n\n\n\n\n\n\nHandler_CFG.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-41775 |
CVE-2022-43447 | SQL Injection in \n\n\n\n\n\n\n\n\n\nAM_EBillAnalysis.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-43447 |
CVE-2022-43452 | SQL Injection in \n\n\n\n\n\n\n\n\n\n\n\n\n\nFtyInfoSetting.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-43452 |
CVE-2022-43457 | SQL Injection in \n\n\n\n\n\n\n\n\n\n\n\nHandlerPage_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-43457 |
CVE-2022-43506 | SQL Injection in \n\n\n\nHandlerTag_KID.ashx\n\n\n\nin Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-43506 |
CVE-2023-0052 | SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior allows the execution of commands without credentials. As Telnet and file transfer protocol (FTP) are the only protocols available for device management, an unauthorized user could access the system and modify the device configuration, which could result in the unauthorized user executing unrestricted malicious commands.\n\n | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0052 |
CVE-2023-24432 | A cross-site request forgery (CSRF) vulnerability in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24432 |
CVE-2023-24434 | A cross-site request forgery (CSRF) vulnerability in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24434 |
CVE-2023-0493 | Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.7.5.\n\n | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0493 |
CVE-2023-0696 | Type confusion in V8 in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0696 |
CVE-2023-0698 | Out of bounds read in WebRTC in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0698 |
CVE-2023-0699 | Use after free in GPU in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page and browser shutdown. (Chromium security severity: Medium) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0699 |
CVE-2023-0701 | Heap buffer overflow in WebUI in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interaction . (Chromium security severity: Medium) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0701 |
CVE-2023-0702 | Type confusion in Data Transfer in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0702 |
CVE-2023-0703 | Type confusion in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interactions. (Chromium security severity: Medium) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0703 |
CVE-2023-22935 | In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘display.page.search.patterns.sensitivity’ search parameter lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user to initiate a request within their browser and only affects instances with Splunk Web enabled. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22935 |
CVE-2023-22939 | In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘map’ search processing language (SPL) command lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user to initiate a request within their browser and only affects instances with Splunk Web enabled. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22939 |
CVE-2023-25767 | A cross-site request forgery (CSRF) vulnerability in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers to connect to an attacker-specified web server. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25767 |
CVE-2023-0903 | A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file edit-task.php. The manipulation of the argument task_id leads to sql injection. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221452. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0903 |
CVE-2022-46836 | PHP code injection in watolib auth.php and hosttags.php in Tribe29's Checkmk <= 2.1.0p10, Checkmk <= 2.0.0p27, and Checkmk <= 1.6.0p29 allows an attacker to inject and execute PHP code which will be executed upon request of the vulnerable component. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-46836 |
CVE-2023-0927 | Use after free in Web Payments API in Google Chrome on Android prior to 110.0.5481.177 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0927 |
CVE-2023-0928 | Use after free in SwiftShader in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0928 |
CVE-2023-1647 | Improper Access Control in GitHub repository calcom/cal.com prior to 2.7.\n\n | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1647 |
CVE-2023-29842 | ChurchCRM 4.5.4 endpoint /EditEventTypes.php is vulnerable to Blind SQL Injection (Time-based) via the EN_tyid POST parameter. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29842 |
CVE-2023-32707 | In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below version 9.0.2303.100, a low-privileged user who holds a role that has the ‘edit_user’ capability assigned to it can escalate their privileges to that of the admin user by providing specially crafted web requests. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-32707 |
CVE-2023-24018 | A stack-based buffer overflow vulnerability exists in the libzebra.so.0.0.0 security_decrypt_password functionality of Milesight UR32L v32.3.0.5. A specially crafted HTTP request can lead to a buffer overflow. An authenticated attacker can send an HTTP request to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24018 |
CVE-2023-4352 | Type confusion in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4352 |
CVE-2023-4429 | Use after free in Loader in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4429 |
CVE-2023-4430 | Use after free in Vulkan in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4430 |
CVE-2023-4572 | Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4572 |
CVE-2023-4746 | A vulnerability classified as critical has been found in TOTOLINK N200RE V5 9.3.5u.6437_B20230519. This affects the function Validity_check. The manipulation leads to format string. It is possible to initiate the attack remotely. The root-cause of the vulnerability is a format string issue. But the impact is to bypass the validation which leads to to OS command injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-238635. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4746 |
CVE-2023-4762 | Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4762 |
CVE-2023-4585 | Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4585 |
CVE-2023-4863 | Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4863 |
CVE-2023-5002 | A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API, allowing an authenticated user to run arbitrary commands on the server. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5002 |
CVE-2023-35074 | The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-35074 |
CVE-2023-43192 | SQL injection can exist in a newly created part of the SpringbootCMS 1.0 background, and the parameters submitted by users are not filtered. As a result, special characters in parameters destroy the original logic of SQL statements. Attackers can use this vulnerability to execute any SQL statement. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43192 |
CVE-2023-2681 | An SQL Injection vulnerability has been found on Jorani version 1.0.0. This vulnerability allows an authenticated remote user, with low privileges, to send queries with malicious SQL code on the "/leaves/validate" path and the “id” parameter, managing to extract arbritary information from the database. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2681 |
CVE-2023-45160 | \nIn the affected version of the 1E Client, an ordinary user could subvert downloaded instruction resource files, e.g., to substitute a harmful script. by replacing a resource script file created by an instruction at run time with a malicious script. The 1E Client's temporary directory is now locked down in the released patch.\n\n\n\nResolution: This has been fixed in patch Q23094 \n\nThis issue has also been fixed in the Mac Client in updated versions of Non-Windows release v8.1.2.62 - please re-download from the 1E Support site. v9.0 Mac client release is still pending. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45160 |
CVE-2023-43641 | libcue provides an API for parsing and extracting data from CUE sheets. Versions 2.2.1 and prior are vulnerable to out-of-bounds array access. A user of the GNOME desktop environment can be exploited by downloading a cue sheet from a malicious webpage. Because the file is saved to `~/Downloads`, it is then automatically scanned by tracker-miners. And because it has a .cue filename extension, tracker-miners use libcue to parse the file. The file exploits the vulnerability in libcue to gain code execution. This issue is patched in version 2.3.0. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43641 |
CVE-2023-38218 | Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Incorrect Authorization . An authenticated attacker can exploit this to achieve information exposure and privilege escalation. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-38218 |
CVE-2023-43118 | Cross Site Request Forgery (CSRF) vulnerability in Chalet application in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, fixed in 31.7.2 and 32.5.1.5 allows attackers to run arbitrary code and cause other unspecified impacts via /jsonrpc API. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43118 |
CVE-2023-5626 | Cross-Site Request Forgery (CSRF) in GitHub repository pkp/ojs prior to 3.3.0-16. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5626 |
CVE-2023-37502 | HCL Compass is vulnerable to lack of file upload security. An attacker could upload files containing active code that can be executed by the server or by a user's web browser.\n | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-37502 |
CVE-2023-46229 | LangChain before 0.0.317 allows SSRF via document_loaders/recursive_url_loader.py because crawling can proceed from an external server to an internal server. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46229 |
CVE-2022-25333 | The Texas Instruments OMAP L138 (secure variants) trusted execution environment (TEE) performs an RSA check implemented in mask ROM when loading a module through the SK_LOAD routine. However, only the module header authenticity is validated. An adversary can re-use any correctly signed header and append a forged payload, to be encrypted using the CEK (obtainable through CVE-2022-25332) in order to obtain arbitrary code execution in secure context. This constitutes a full break of the TEE security architecture. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25333 |
CVE-2022-25334 | The Texas Instruments OMAP L138 (secure variants) trusted execution environment (TEE) lacks a bounds check on the signature size field in the SK_LOAD module loading routine, present in mask ROM. A module with a sufficiently large signature field causes a stack overflow, affecting secure kernel data pages. This can be leveraged to obtain arbitrary code execution in secure supervisor context by overwriting a SHA256 function pointer in the secure kernel data area when loading a forged, unsigned SK_LOAD module encrypted with the CEK (obtainable through CVE-2022-25332). This constitutes a full break of the TEE security architecture. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25334 |
CVE-2022-26941 | A format string vulnerability exists in Motorola MTM5000 series firmware AT command handler for the AT+CTGL command. An attacker-controllable string is improperly handled, allowing for a write-anything-anywhere scenario. This can be leveraged to obtain arbitrary code execution inside the teds_app binary, which runs with root privileges. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26941 |
CVE-2022-26943 | The Motorola MTM5000 series firmwares generate TETRA authentication challenges using a PRNG using a tick count register as its sole entropy source. Low boottime entropy and limited re-seeding of the pool renders the authentication challenge vulnerable to two attacks. First, due to the limited boottime pool entropy, an adversary can derive the contents of the entropy pool by an exhaustive search of possible values, based on an observed authentication challenge. Second, an adversary can use knowledge of the entropy pool to predict authentication challenges. As such, the unit is vulnerable to CVE-2022-24400. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26943 |
CVE-2023-35180 | The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows authenticated users to abuse SolarWinds ARM API. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-35180 |
CVE-2023-35186 | The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an authenticated user to abuse SolarWinds service resulting in remote code execution. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-35186 |
CVE-2023-41089 | \n\n\n\n\n\n\n\n\nThe affected product is vulnerable to an improper authentication vulnerability, which may allow an attacker to impersonate a legitimate user as long as the device keeps the session active, since the attack takes advantage of the cookie header to generate "legitimate" requests.\n\n\n\n\n\n\n\n\n\n | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41089 |
CVE-2023-42435 | \n\n\n\n\nThe affected product is vulnerable to a cross-site request forgery vulnerability, which may allow an attacker to perform actions with the permissions of a victim user.\n\n\n\n\n\n | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-42435 |
CVE-2023-40145 | \n\n\n\n\n\n\n\n\nIn Weintek's cMT3000 HMI Web CGI device, an anonymous attacker can execute arbitrary commands after login to the device.\n\n\n\n | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40145 |
CVE-2023-44385 | The Home Assistant Companion for iOS and macOS app up to version 2023.4 are vulnerable to Client-Side Request Forgery. Attackers may send malicious links/QRs to victims that, when visited, will make the victim to call arbitrary services in their Home Assistant installation. Combined with this security advisory, may result in full compromise and remote code execution (RCE). Version 2023.7 addresses this issue and all users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as GitHub Security Lab (GHSL) Vulnerability Report: GHSL-2023-161. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44385 |
CVE-2020-36698 | The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized user interaction in versions up to, and including, 2.50. This is due to missing capability checks on several AJAX actions and nonce disclosure in the source page of the administrative dashboard. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to call functions and delete and/or upload files. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-36698 |
CVE-2023-4920 | The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_save_options function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Additionally, input sanitization and escaping is insufficient resulting in the possibility of malicious script injection. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4920 |
CVE-2021-4334 | The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized modification of site options due to a missing capability check on the fpd_update_options function in versions up to, and including, 4.6.9. This makes it possible for authenticated attackers with subscriber-level permissions to modify site options, including setting the default role to administrator which can allow privilege escalation. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-4334 |
CVE-2022-2441 | The ImageMagick Engine plugin for WordPress is vulnerable to remote code execution via the 'cli_path' parameter in versions up to, and including 1.7.5. This makes it possible for unauthenticated users to run arbitrary commands leading to remote command execution, granted they can trick a site administrator into performing an action such as clicking on a link. This makes it possible for an attacker to create and or modify files hosted on the server which can easily grant attackers backdoor access to the affected server. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-2441 |
CVE-2022-3342 | The Jetpack CRM plugin for WordPress is vulnerable to PHAR deserialization via the ‘zbscrmcsvimpf’ parameter in the 'zeroBSCRM_CSVImporterLitehtml_app' function in versions up to, and including, 5.3.1. While the function performs a nonce check, steps 2 and 3 of the check do not take any action upon a failed check. These steps then perform a 'file_exists' check on the value of 'zbscrmcsvimpf'. If a phar:// archive is supplied, its contents will be deserialized and an object injected in the execution stream. This allows an unauthenticated attacker to obtain object injection if they are able to upload a phar archive (for instance if the site supports image uploads) and then trick an administrator into performing an action, such as clicking a link. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-3342 |
CVE-2022-4290 | The Cyr to Lat plugin for WordPress is vulnerable to authenticated SQL Injection via the 'ctl_sanitize_title' function in versions up to, and including, 3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This potentially allows authenticated users with the ability to add or modify terms or tags to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. A partial patch became available in version 3.6 and the issue was fully patched in version 3.7. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-4290 |
CVE-2023-4999 | The Horizontal scrolling announcement plugin for WordPress is vulnerable to SQL Injection via the plugin's [horizontal-scrolling] shortcode in versions up to, and including, 9.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4999 |
CVE-2023-5602 | The Social Media Share Buttons & Social Sharing Icons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.5. This is due to missing or incorrect nonce validation on several functions corresponding to AJAX actions. This makes it possible for unauthenticated attackers to invoke those actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5602 |
CVE-2023-23373 | An OS command injection vulnerability has been reported to affect QUSBCam2. If exploited, the vulnerability could allow users to execute commands via a network.\n\nWe have already fixed the vulnerability in the following version:\nQUSBCam2 2.0.3 ( 2023/06/15 ) and later\n | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23373 |
CVE-2023-5686 | Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5686 |
CVE-2023-5687 | Cross-Site Request Forgery (CSRF) in GitHub repository mosparo/mosparo prior to 1.0.3. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5687 |
CVE-2023-5690 | Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.2.2. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5690 |
CVE-2023-46117 | reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities. A vulnerability has been identified in reconftw where inadequate validation of retrieved subdomains may lead to a Remote Code Execution (RCE) attack. An attacker can exploit this vulnerability by crafting a malicious CSP entry on it's own domain. Successful exploitation can lead to the execution of arbitrary code within the context of the application, potentially compromising the system. This issue has been addressed in version 2.7.1.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46117 |
CVE-2023-45664 | stb_image is a single file MIT licensed library for processing images. A crafted image file can trigger `stbi__load_gif_main_outofmem` attempt to double-free the out variable. This happens in `stbi__load_gif_main` because when the `layers * stride` value is zero the behavior is implementation defined, but common that realloc frees the old memory and returns null pointer. Since it attempts to double-free the memory a few lines below the first “free”, the issue can be potentially exploited only in a multi-threaded environment. In the worst case this may lead to code execution. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45664 |
CVE-2023-38190 | An issue was discovered in SuperWebMailer 9.00.0.01710. It allows Export SQL Injection via the size parameter. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-38190 |
CVE-2023-38193 | An issue was discovered in SuperWebMailer 9.00.0.01710. It allows Remote Code Execution via a crafted sendmail command line. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-38193 |
CVE-2023-46055 | An issue in ThingNario Photon v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the ping function to the "thingnario Logger Maintenance Webpage" endpoint. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46055 |
CVE-2023-46067 | Cross-Site Request Forgery (CSRF) vulnerability in Qwerty23 Rocket Font plugin <= 1.2.3 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46067 |
CVE-2023-46078 | Cross-Site Request Forgery (CSRF) vulnerability in PluginEver WC Serial Numbers plugin <= 1.6.3 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46078 |
CVE-2023-46085 | Cross-Site Request Forgery (CSRF) vulnerability in Wpmet Wp Ultimate Review plugin <= 2.2.4 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46085 |
CVE-2023-46089 | Cross-Site Request Forgery (CSRF) vulnerability in Lee Le @ Userback Userback plugin <= 1.0.13 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46089 |
CVE-2023-46095 | Cross-Site Request Forgery (CSRF) vulnerability in Chetan Gole Smooth Scroll Links [SSL] plugin <= 1.1.0 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46095 |
CVE-2023-5246 | Authentication Bypass by Capture-replay in SICK Flexi Soft Gateways with Partnumbers 1044073, 1127717, 1130282, 1044074, 1121597, 1099832, 1051432, 1127487, 1069070, 1112296, 1044072, 1121596, 1099830 allows an unauthenticated remote attacker to potentially impact the availability, integrity and confidentiality of the gateways via an authentication bypass by capture-replay. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5246 |
CVE-2023-42295 | An issue in OpenImageIO oiio v.2.4.12.0 allows a remote attacker to execute arbitrary code and cause a denial of service via the read_rle_image function of file bifs/unquantize.c | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-42295 |
CVE-2023-33839 | IBM Security Verify Governance 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 256036. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-33839 |
CVE-2023-46602 | In International Color Consortium DemoIccMAX 79ecb74, there is a stack-based buffer overflow in the icFixXml function in IccXML/IccLibXML/IccUtilXml.cpp in libIccXML.a. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46602 |
CVE-2022-38484 | An arbitrary file upload and directory traversal vulnerability exist in the file upload functionality of the System Setup menu in AgeVolt Portal prior to version 0.1. A remote authenticated attacker could leverage this vulnerability to upload files to any location on the target operating system with web server privileges. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-38484 |
CVE-2023-26578 | Arbitrary file upload to web root in the IDAttend’s IDWeb application 3.1.013 allows authenticated attackers to upload dangerous files to web root such as ASP or ASPX, gaining command execution on the affected server. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26578 |
CVE-2023-37909 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 5.1-rc-1 and prior to versions 14.10.8 and 15.3-rc-1, any user who can edit their own user profile can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. This has been patched in XWiki 14.10.8 and 15.3-rc-1 by adding proper escaping. As a workaround, the patch can be manually applied to the document `Menu.UIExtensionSheet`; only three lines need to be changed. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-37909 |
CVE-2023-37912 | XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. Prior to version 14.10.6 of `org.xwiki.platform:xwiki-core-rendering-macro-footnotes` and `org.xwiki.platform:xwiki-rendering-macro-footnotes` and prior to version 15.1-rc-1 of `org.xwiki.platform:xwiki-rendering-macro-footnotes`, the footnote macro executed its content in a potentially different context than the one in which it was defined. In particular in combination with the include macro, this allows privilege escalation from a simple user account in XWiki to programming rights and thus remote code execution, impacting the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.6 and 15.1-rc-1. There is no workaround apart from upgrading to a fixed version of the footnote macro. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-37912 |
CVE-2023-5802 | Cross-Site Request Forgery (CSRF) vulnerability in Mihai Iova WordPress Knowledge base & Documentation Plugin – WP Knowledgebase plugin <= 1.3.4 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5802 |
CVE-2023-46449 | Sourcecodester Free and Open Source inventory management system v1.0 is vulnerable to Incorrect Access Control. An arbitrary user can change the password of another user and takeover the account via IDOR in the password change function. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46449 |
CVE-2023-46748 | An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which \n\nmay allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execute arbitrary system commands.\n\n Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46748 |
CVE-2023-40129 | In build_read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40129 |
CVE-2020-2099 | Jenkins 2.213 and earlier, LTS 2.204.1 and earlier improperly reuses encryption key parameters in the Inbound TCP Agent Protocol/3, allowing unauthorized attackers with knowledge of agent names to obtain the connection secrets for those agents, which can be used to connect to Jenkins, impersonating those agents. | 8.6 | https://nvd.nist.gov/vuln/detail/CVE-2020-2099 |
CVE-2023-4571 | In Splunk IT Service Intelligence (ITSI) versions below below 4.13.3, 4.15.3, or 4.17.1, a malicious actor can inject American National Standards Institute (ANSI) escape codes into Splunk ITSI log files that, when a vulnerable terminal application reads them, can run malicious code in the vulnerable application. This attack requires a user to use a terminal application that translates ANSI escape codes to read the malicious log file locally in the vulnerable terminal. The vulnerability also requires additional user interaction to succeed. \n\nThe vulnerability does not directly affect Splunk ITSI. The indirect impact on Splunk ITSI can vary significantly depending on the permissions in the vulnerable terminal application, as well as where and how the user reads the malicious log file. For example, users can copy the malicious file from Splunk ITSI and read it on their local machine. | 8.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-4571 |
CVE-2023-43345 | Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Content - Name parameter in the Pages Menu component. | 8.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-43345 |
CVE-2022-30945 | Jenkins Pipeline: Groovy Plugin 2689.v434009a_31b_f1 and earlier allows loading any Groovy source files on the classpath of Jenkins and Jenkins plugins in sandboxed pipelines. | 8.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30945 |
CVE-2023-22102 | Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.1.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Connectors, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). | 8.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-22102 |
CVE-2019-10446 | Jenkins Cadence vManager Plugin 2.7.0 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2019-10446 |
CVE-2019-16558 | Jenkins Spira Importer Plugin 3.2.3 and earlier disables SSL/TLS certificate validation for the Jenkins master JVM. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2019-16558 |
CVE-2022-36899 | Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-36899 |
CVE-2022-36900 | Jenkins Compuware zAdviser API Plugin 1.0.3 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-36900 |
CVE-2023-34441 | \n\n\nBaker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05\n\n contains a cleartext transmission vulnerability which could allow an attacker to \n\nsteal the authentication secret from communication traffic to the device and reuse it for arbitrary requests.\n\n | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-34441 |
CVE-2022-26942 | The Motorola MTM5000 series firmwares lack pointer validation on arguments passed to trusted execution environment (TEE) modules. Two modules are used, one responsible for KVL key management and the other for TETRA cryptographic functionality. In both modules, an adversary with non-secure supervisor level code execution can exploit the issue in order to gain secure supervisor code execution within the TEE. This constitutes a full break of the TEE module, exposing the device key as well as any TETRA cryptographic keys and the confidential TETRA cryptographic primitives. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-26942 |
CVE-2022-27813 | Motorola MTM5000 series firmwares lack properly configured memory protection of pages shared between the OMAP-L138 ARM and DSP cores. The SoC provides two memory protection units, MPU1 and MPU2, to enforce the trust boundary between the two cores. Since both units are left unconfigured by the firmwares, an adversary with control over either core can trivially gain code execution on the other, by overwriting code located in shared RAM or DDR2 memory regions. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-27813 |
CVE-2023-39732 | The leakage of the client secret in Tokueimaru_waiting Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-39732 |
CVE-2023-39733 | The leakage of the client secret in TonTon-Tei Line v13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-39733 |
CVE-2023-39734 | The leakage of the client secret in VISION MEAT WORKS TrackDiner10/10_mc Line v13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-39734 |
CVE-2023-39735 | The leakage of the client secret in Uomasa_Saiji_news Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-39735 |
CVE-2023-39736 | The leakage of the client secret in Fukunaga_memberscard Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-39736 |
CVE-2023-39737 | The leakage of the client secret in Matsuya Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-39737 |
CVE-2023-39739 | The leakage of the client secret in REGINA SWEETS&BAKERY Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-39739 |
CVE-2023-39740 | The leakage of the client secret in Onigiriya-musubee Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-39740 |
CVE-2019-1003011 | An information exposure and denial of service vulnerability exists in Jenkins Token Macro Plugin 2.5 and earlier in src/main/java/org/jenkinsci/plugins/tokenmacro/Parser.java, src/main/java/org/jenkinsci/plugins/tokenmacro/TokenMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/AbstractChangesSinceMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/ChangesSinceLastBuildMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/ProjectUrlMacro.java that allows attackers with the ability to control token macro input (such as SCM changelogs) to define recursive input that results in unexpected macro evaluation. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003011 |
CVE-2019-1003049 | Users who cached their CLI authentication before Jenkins was updated to 2.150.2 and newer, or 2.160 and newer, would remain authenticated in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, because the fix for CVE-2019-1003004 in these releases did not reject existing remoting-based CLI authentication caches. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003049 |
CVE-2019-10327 | An XML external entities (XXE) vulnerability in Jenkins Pipeline Maven Integration Plugin 1.7.0 and earlier allowed attackers able to control a temporary directory's content on the agent running the Maven build to have Jenkins parse a maliciously crafted XML file that uses external entities for extraction of secrets from the Jenkins master, server-side request forgery, or denial-of-service attacks. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-10327 |
CVE-2019-10462 | A cross-site request forgery vulnerability in Jenkins Dynatrace Application Monitoring Plugin 2.1.3 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-10462 |
CVE-2019-10466 | An XML external entities (XXE) vulnerability in Jenkins 360 FireLine Plugin allows attackers with Overall/Read access to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side request forgery, or denial-of-service attacks. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-10466 |
CVE-2019-16549 | Jenkins Maven Release Plugin 0.16.1 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks, allowing man-in-the-middle attackers to have Jenkins parse crafted XML documents. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-16549 |
CVE-2020-2091 | A missing permission check in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-2091 |
CVE-2020-2321 | A cross-site request forgery (CSRF) vulnerability in Jenkins Shelve Project Plugin 3.0 and earlier allows attackers to shelve, unshelve, or delete a project. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-2321 |
CVE-2021-21642 | Jenkins Config File Provider Plugin 3.7.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-21642 |
CVE-2021-21659 | Jenkins URLTrigger Plugin 0.48 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-21659 |
CVE-2021-21686 | File path filters in the agent-to-controller security subsystem of Jenkins 2.318 and earlier, LTS 2.303.2 and earlier do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-21686 |
CVE-2021-43578 | Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier implements an agent-to-controller message that does not implement any validation of its input, allowing attackers able to control agent processes to replace arbitrary files on the Jenkins controller file system with an attacker-controlled JSON string. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-43578 |
CVE-2022-23107 | Jenkins Warnings Next Generation Plugin 9.10.2 and earlier does not restrict the name of a file when configuring custom ID, allowing attackers with Item/Configure permission to write and read specific files with a hard-coded suffix on the Jenkins controller file system. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-23107 |
CVE-2022-28140 | Jenkins Flaky Test Handler Plugin 1.2.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-28140 |
CVE-2022-28154 | Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-28154 |
CVE-2022-28155 | Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-28155 |
CVE-2022-36881 | Jenkins Git client Plugin 3.11.0 and earlier does not perform SSH host key verification when connecting to Git repositories via SSH, enabling man-in-the-middle attacks. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-36881 |
CVE-2022-36921 | A missing permission check in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-36921 |
CVE-2022-32293 | In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HTTP query could be used to trigger a use-after-free in WISPR handling, leading to crashes or code execution. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-32293 |
CVE-2022-41243 | Jenkins SmallTest Plugin 1.0.4 and earlier does not perform hostname validation when connecting to the configured View26 server that could be abused using a man-in-the-middle attack to intercept these connections. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-41243 |
CVE-2022-41244 | Jenkins View26 Test-Reporting Plugin 1.0.7 and earlier does not perform hostname validation when connecting to the configured View26 server that could be abused using a man-in-the-middle attack to intercept these connections. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-41244 |
CVE-2022-3708 | The Web Stories plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including 1.24.0 due to insufficient validation of URLs supplied via the 'url' parameter found via the /v1/hotlink/proxy REST API Endpoint. This makes it possible for authenticated users to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-3708 |
CVE-2022-3979 | A vulnerability was found in NagVis up to 1.9.33 and classified as problematic. This issue affects the function checkAuthCookie of the file share/server/core/classes/CoreLogonMultisite.php. The manipulation of the argument hash leads to incorrect type conversion. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 1.9.34 is able to address this issue. The identifier of the patch is 7574fd8a2903282c2e0d1feef5c4876763db21d5. It is recommended to upgrade the affected component. The identifier VDB-213557 was assigned to this vulnerability. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-3979 |
CVE-2022-45381 | Jenkins Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of Apache Commons Configuration library that enable the 'file:' prefix interpolator by default, allowing attackers able to configure Pipelines to read arbitrary files from the Jenkins controller file system. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-45381 |
CVE-2023-4428 | Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-4428 |
CVE-2023-4761 | Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5845.179 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-4761 |
CVE-2023-41915 | OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-41915 |
CVE-2023-4853 | A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting in unauthorized endpoint access and possibly a denial of service. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-4853 |
CVE-2023-44154 | Sensitive information disclosure and manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-44154 |
CVE-2023-5212 | The AI ChatBot plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 4.8.9 as well as version 4.9.2. This makes it possible for authenticated attackers with subscriber privileges to delete arbitrary files on the server, which makes it possible to take over affected sites as well as others sharing the same hosting account. Version 4.9.1 originally addressed the issue, but it was reintroduced in 4.9.2 and fixed again in 4.9.3. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-5212 |
CVE-2023-5241 | The AI ChatBot for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.8.9 as well as 4.9.2 via the qcld_openai_upload_pagetraining_file function. This allows subscriber-level attackers to append "<?php" to any existing file on the server resulting in potential DoS when appended to critical files such as wp-config.php. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-5241 |
CVE-2022-24401 | Adversary-induced keystream re-use on TETRA air-interface encrypted traffic using any TEA keystream generator. IV generation is based upon several TDMA frame counters, which are frequently broadcast by the infrastructure in an unauthenticated manner. An active adversary can manipulate the view of these counters in a mobile station, provoking keystream re-use. By sending crafted messages to the MS and analyzing MS responses, keystream for arbitrary frames can be recovered. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-24401 |
CVE-2023-27791 | An issue found in IXP Data Easy Install 6.6.148840 allows a remote attacker to escalate privileges via insecure PRNG. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-27791 |
CVE-2020-36714 | The Brizy plugin for WordPress is vulnerable to authorization bypass due to a incorrect capability check on the is_administrator() function in versions up to, and including, 1.0.125. This makes it possible for authenticated attackers to access and interact with available AJAX functions. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-36714 |
CVE-2023-4386 | The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_posts function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-4386 |
CVE-2023-45662 | stb_image is a single file MIT licensed library for processing images. When `stbi_set_flip_vertically_on_load` is set to `TRUE` and `req_comp` is set to a number that doesn’t match the real number of components per pixel, the library attempts to flip the image vertically. A crafted image file can trigger `memcpy` out-of-bounds read because `bytes_per_pixel` used to calculate `bytes_per_row` doesn’t match the real image array dimensions. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-45662 |
CVE-2023-37910 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting with the introduction of attachment move support in version 14.0-rc-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, an attacker with edit access on any document (can be the user profile which is editable by default) can move any attachment of any other document to this attacker-controlled document. This allows the attacker to access and possibly publish any attachment of which the name is known, regardless if the attacker has view or edit rights on the source document of this attachment. Further, the attachment is deleted from the source document. This vulnerability has been patched in XWiki 14.4.8, 14.10.4, and 15.0 RC1. There is no workaround apart from upgrading to a fixed version. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-37910 |
CVE-2019-10300 | A cross-site request forgery vulnerability in Jenkins GitLab Plugin 1.5.11 and earlier in the GitLabConnectionConfig#doTestConnection form validation method allowed attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10300 |
CVE-2020-2196 | Jenkins Selenium Plugin 3.141.59 and earlier has no CSRF protection for its HTTP endpoints, allowing attackers to perform all administrative actions provided by the plugin. | 8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2196 |
CVE-2021-21604 | Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows attackers with permission to create or configure various objects to inject crafted content into Old Data Monitor that results in the instantiation of potentially unsafe objects once discarded by an administrator. | 8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21604 |
CVE-2021-21605 | Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows users with Agent/Configure permission to choose agent names that cause Jenkins to override the global `config.xml` file. | 8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21605 |
CVE-2021-21665 | A cross-site request forgery (CSRF) vulnerability in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins. | 8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21665 |
CVE-2022-27198 | A cross-site request forgery (CSRF) vulnerability in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token. | 8 | https://nvd.nist.gov/vuln/detail/CVE-2022-27198 |
CVE-2022-34792 | A cross-site request forgery (CSRF) vulnerability in Jenkins Recipe Plugin 1.2 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML. | 8 | https://nvd.nist.gov/vuln/detail/CVE-2022-34792 |
CVE-2022-36916 | A cross-site request forgery (CSRF) vulnerability in Jenkins Google Cloud Backup Plugin 0.6 and earlier allows attackers to request a manual backup. | 8 | https://nvd.nist.gov/vuln/detail/CVE-2022-36916 |
CVE-2022-41232 | A cross-site request forgery (CSRF) vulnerability in Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers to replace any config.xml file on the Jenkins controller file system with an empty file by providing a crafted file name to an API endpoint. | 8 | https://nvd.nist.gov/vuln/detail/CVE-2022-41232 |
CVE-2020-36650 | A vulnerability, which was classified as critical, was found in IonicaBizau node-gry up to 5.x. This affects an unknown part. The manipulation leads to command injection. Upgrading to version 6.0.0 is able to address this issue. The patch is named 5108446c1e23960d65e8b973f1d9486f9f9dbd6c. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-218019. | 8 | https://nvd.nist.gov/vuln/detail/CVE-2020-36650 |
CVE-2023-22934 | In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘pivot’ search processing language (SPL) command lets a search bypass SPL safeguards for risky commands using a saved search job. The vulnerability requires an authenticated user to craft the saved job and a higher privileged user to initiate a request within their browser. | 8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22934 |
CVE-2019-1003038 | An insufficiently protected credentials vulnerability exists in Jenkins Repository Connector Plugin 1.2.4 and earlier in src/main/java/org/jvnet/hudson/plugins/repositoryconnector/ArtifactDeployer.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/Repository.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/UserPwd.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the password stored in the plugin configuration. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003038 |
CVE-2019-1003048 | A vulnerability in Jenkins PRQA Plugin 3.1.0 and earlier allows attackers with local file system access to the Jenkins home directory to obtain the unencrypted password from the plugin configuration. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003048 |
CVE-2019-10453 | Jenkins Delphix Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10453 |
CVE-2019-10460 | Jenkins Bitbucket OAuth Plugin 0.9 and earlier stored credentials unencrypted in the global config.xml configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10460 |
CVE-2019-10461 | Jenkins Dynatrace Application Monitoring Plugin 2.1.3 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10461 |
CVE-2019-10476 | Jenkins Zulip Plugin 1.1.0 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10476 |
CVE-2020-15862 | Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-15862 |
CVE-2020-28243 | An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on the minion in a non-blacklisted directory. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-28243 |
CVE-2021-31607 | In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff function (which executes popen unsafely). | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-31607 |
CVE-2022-23220 | USBView 2.1 before 2.2 allows some local users (e.g., ones logged in via SSH) to execute arbitrary code as root because certain Polkit settings (e.g., allow_any=yes) for pkexec disable the authentication requirement. Code execution can, for example, use the --gtk-module option. This affects Ubuntu, Debian, and Gentoo. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-23220 |
CVE-2022-1215 | A format string vulnerability was found in libinput | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-1215 |
CVE-2021-44862 | Netskope client is impacted by a vulnerability where an authenticated, local attacker can view sensitive information stored in NSClient logs which should be restricted. The vulnerability exists because the sensitive information is not masked/scrubbed before writing in the logs. A malicious user can use the sensitive information to download data and impersonate another user.\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-44862 |
CVE-2022-47909 | Livestatus Query Language (LQL) injection in the AuthUser HTTP query header of Tribe29's Checkmk <= 2.1.0p11, Checkmk <= 2.0.0p28, and all versions of Checkmk 1.6.0 (EOL) allows an attacker to perform direct queries to the application's core from localhost. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-47909 |
CVE-2022-48321 | Limited Server-Side Request Forgery (SSRF) in agent-receiver in Tribe29's Checkmk <= 2.1.0p11 allows an attacker to communicate with local network restricted endpoints by use of the host registration API. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-48321 |
CVE-2023-1646 | A vulnerability was found in IObit Malware Fighter 9.4.0.776. It has been declared as critical. This vulnerability affects the function 0x8018E000/0x8018E004 in the library IMFCameraProtect.sys of the component IOCTL Handler. The manipulation leads to stack-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. VDB-224026 is the identifier assigned to this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1646 |
CVE-2023-2241 | A vulnerability, which was classified as critical, was found in PoDoFo 0.10.0. Affected is the function readXRefStreamEntry of the file PdfXRefStreamParserObject.cpp. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as 535a786f124b739e3c857529cecc29e4eeb79778. It is recommended to apply a patch to fix this issue. VDB-227226 is the identifier assigned to this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2241 |
CVE-2023-3111 | A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag(). | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-3111 |
CVE-2023-32434 | An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.5.2, macOS Big Sur 11.7.8, iOS 15.7.7 and iPadOS 15.7.7, macOS Monterey 12.6.7, watchOS 8.8.1, iOS 16.5.1 and iPadOS 16.5.1, macOS Ventura 13.4.1. An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-32434 |
CVE-2023-3090 | A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation.\n\nThe out-of-bounds write is caused by missing skb->cb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled.\n\n\nWe recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.\n\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-3090 |
CVE-2023-3389 | A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.\n\nRacing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.\n\nWe recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).\n\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-3389 |
CVE-2023-3609 | A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation.\n\nIf tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.\n\nWe recommend upgrading past commit 04c55383fa5689357bcdd2c8036725a55ed632bc.\n\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-3609 |
CVE-2023-3611 | An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation.\n\nThe qfq_change_agg() function in net/sched/sch_qfq.c allows an out-of-bounds write because lmax is updated according to packet sizes without bounds checks.\n\nWe recommend upgrading past commit 3e337087c3b5805fe0b8a46ba622a962880b5d64.\n\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-3611 |
CVE-2023-3776 | A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation.\n\nIf tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.\n\nWe recommend upgrading past commit 0323bce598eea038714f941ce2b22541c46d488f.\n\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-3776 |
CVE-2023-3997 | Splunk SOAR versions lower than 6.1.0 are indirectly affected by a potential vulnerability accessed through the user’s terminal. A third party can send Splunk SOAR a maliciously crafted web request containing special ANSI characters to cause log file poisoning. When a terminal user attempts to view the poisoned logs, this can tamper with the terminal and cause possible malicious code execution from the terminal user’s action. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-3997 |
CVE-2023-4004 | A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4004 |
CVE-2023-4128 | A use-after-free flaw was found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel. This flaw allows a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4128 |
CVE-2023-4734 | Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4734 |
CVE-2023-4735 | Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4735 |
CVE-2023-4736 | Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4736 |
CVE-2023-4738 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4738 |
CVE-2023-4751 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4751 |
CVE-2023-4733 | Use After Free in GitHub repository vim/vim prior to 9.0.1840. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4733 |
CVE-2023-4750 | Use After Free in GitHub repository vim/vim prior to 9.0.1857. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4750 |
CVE-2023-4752 | Use After Free in GitHub repository vim/vim prior to 9.0.1858. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4752 |
CVE-2023-4781 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4781 |
CVE-2023-4623 | A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation.\n\nIf a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curve, then init_vf() will call vttree_insert() on the parent, but vttree_remove() will be skipped in update_vf(). This leaves a dangling pointer that can cause a use-after-free.\n\nWe recommend upgrading past commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f.\n\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4623 |
CVE-2023-4921 | A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation.\n\nWhen the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfq_dequeue() due to the incorrect .peek handler of sch_plug and lack of error checking in agg_dequeue().\n\nWe recommend upgrading past commit 8fc134fee27f2263988ae38920bc03da416b03d8.\n\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4921 |
CVE-2023-34319 | The fix for XSA-423 added logic to Linux'es netback driver to deal with\na frontend splitting a packet in a way such that not all of the headers\nwould come in one piece. Unfortunately the logic introduced there\ndidn't account for the extreme case of the entire packet being split\ninto as many pieces as permitted by the protocol, yet still being\nsmaller than the area that's specially dealt with to keep all (possible)\nheaders together. Such an unusual packet would therefore trigger a\nbuffer overrun in the driver.\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-34319 |
CVE-2023-42753 | An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-42753 |
CVE-2023-37605 | Weak Exception Handling vulnerability in baramundi software GmbH EMM Agent 23.1.50 and before allows an attacker to cause a denial of service via a crafted request to the password parameter. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-37605 |
CVE-2023-42824 | The issue was addressed with improved checks. This issue is fixed in iOS 16.7.1 and iPadOS 16.7.1. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-42824 |
CVE-2023-43896 | A buffer overflow in Macrium Reflect 8.1.7544 and below allows attackers to escalate privileges or execute arbitrary code. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43896 |
CVE-2023-44824 | An issue in Expense Management System v.1.0 allows a local attacker to execute arbitrary code via a crafted file uploaded to the sign-up.php component. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44824 |
CVE-2023-20598 | \n\n\nAn improper privilege management in the AMD Radeon™ Graphics driver may allow an authenticated attacker to craft an IOCTL request to gain I/O control over arbitrary hardware ports or physical addresses resulting in a potential arbitrary code execution.\n\n\n\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-20598 |
CVE-2023-45811 | Synchrony deobfuscator is a javascript cleaner & deobfuscator. A `__proto__` pollution vulnerability exists in versions before v2.4.4. Successful exploitation could lead to arbitrary code execution. A `__proto__` pollution vulnerability exists in the `LiteralMap` transformer allowing crafted input to modify properties in the Object prototype. A fix has been released in `deobfuscator@2.4.4`. Users are advised to upgrade. Users unable to upgrade should launch node with the [--disable-proto=delete][disable-proto] or [--disable-proto=throw][disable-proto] flags\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45811 |
CVE-2023-43250 | XNSoft Nconvert 7.136 is vulnerable to Buffer Overflow. There is a User Mode Write AV via a crafted image file. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43250 |
CVE-2023-46009 | gifsicle-1.94 was found to have a floating point exception (FPE) vulnerability via resize_stream at src/xform.c. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46009 |
CVE-2023-26300 | A potential security vulnerability has been identified in the system BIOS for certain HP PC products which might allow escalation of privilege. HP is releasing firmware updates to mitigate the potential vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26300 |
CVE-2023-43802 | Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint `/upload` which handles request with the `filename` parameter. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can escalate their privileges to those of the user running the Arduino Create Agent service via a crafted HTTP POST request. This issue has been addressed in version `1.3.3`. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43802 |
CVE-2023-43800 | Arduino Create Agent is a package to help manage Arduino development. The vulnerability affects the endpoint `/v2/pkgs/tools/installed`. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can escalate his privileges to those of the user running the Arduino Create Agent service via a crafted HTTP POST request. This issue has been addressed in version `1.3.3`. Users are advised to upgrade. There are no known workarounds for this issue. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43800 |
CVE-2023-46228 | zchunk before 1.3.2 has multiple integer overflows via malformed zchunk files to lib/comp/comp.c, lib/comp/zstd/zstd.c, lib/dl/multipart.c, or lib/header.c. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46228 |
CVE-2023-43252 | XNSoft Nconvert 7.136 is vulnerable to Buffer Overflow via a crafted image file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43252 |
CVE-2023-45883 | A privilege escalation vulnerability exists within the Qumu Multicast Extension v2 before 2.0.63 for Windows. When a standard user triggers a repair of the software, a pop-up window opens with SYSTEM privileges. Standard users may use this to gain arbitrary code execution as SYSTEM. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45883 |
CVE-2023-35181 | The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. This vulnerability allows users to abuse incorrect folder permission resulting in Privilege Escalation. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-35181 |
CVE-2023-35183 | The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. This vulnerability allows authenticated users to abuse local resources to Privilege Escalation. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-35183 |
CVE-2023-43251 | XNSoft Nconvert 7.136 has an Exception Handler Chain Corrupted via a crafted image file. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43251 |
CVE-2023-35126 | An out-of-bounds write vulnerability exists within the parsers for both the "DocumentViewStyles" and "DocumentEditStyles" streams of Ichitaro 2023 1.0.1.59372 when processing types 0x0000-0x0009 of a style record with the type 0x2008. A specially crafted document can cause memory corruption, which can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-35126 |
CVE-2023-34366 | A use-after-free vulnerability exists in the Figure stream parsing functionality of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause memory corruption, resulting in arbitrary code execution. Victim would need to open a malicious file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-34366 |
CVE-2023-35986 | \nSante DICOM Viewer Pro lacks proper validation of user-supplied data when parsing DICOM files. This could lead to a stack-based buffer overflow. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.\n\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-35986 |
CVE-2023-38127 | An integer overflow exists in the "HyperLinkFrame" stream parser of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause the parser to make an under-sized allocation, which can later allow for memory corruption, potentially resulting in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-38127 |
CVE-2023-38128 | An out-of-bounds write vulnerability exists in the "HyperLinkFrame" stream parser of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause a type confusion, which can lead to memory corruption and eventually arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-38128 |
CVE-2023-39431 | \n\n\nSante DICOM Viewer Pro lacks proper validation of user-supplied data when parsing DICOM files. This could lead to an out-of-bounds write. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.\n\n\n\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-39431 |
CVE-2023-5059 | \n\n\n\n\nSantesoft Sante FFT Imaging lacks proper validation of user-supplied data when parsing DICOM files. This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5059 |
CVE-2023-27792 | An issue found in IXP Data Easy Install v.6.6.14884.0 allows an attacker to escalate privileges via lack of permissions applied to sub directories. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27792 |
CVE-2023-27793 | An issue discovered in IXP Data Easy Install v.6.6.14884.0 allows local attackers to gain escalated privileges via weak encoding of sensitive information. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27793 |
CVE-2023-27795 | An issue found in IXP Data Easy Install v.6.6.14884.0 allows a local attacker to gain privileges via a static XOR key. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27795 |
CVE-2023-30132 | An issue discovered in IXP Data EasyInstall 6.6.14907.0 allows attackers to gain escalated privileges via static Cryptographic Key. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30132 |
CVE-2023-41898 | Home assistant is an open source home automation. The Home Assistant Companion for Android app up to version 2023.8.2 is vulnerable to arbitrary URL loading in a WebView. This enables all sorts of attacks, including arbitrary JavaScript execution, limited native code execution, and credential theft. This issue has been patched in version 2023.9.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as GitHub Security Lab (GHSL) Vulnerability Report: `GHSL-2023-142`. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41898 |
CVE-2023-34052 | VMware Aria Operations for Logs contains a deserialization vulnerability. A malicious actor with non-administrative access to the local system can trigger the deserialization of data which could result in authentication bypass.\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-34052 |
CVE-2023-46277 | please (aka pleaser) through 0.5.4 allows privilege escalation through the TIOCSTI and/or TIOCLINUX ioctl. (If both TIOCSTI and TIOCLINUX are disabled, this cannot be exploited.) | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46277 |
CVE-2023-40361 | SECUDOS Qiata (DOMOS OS) 4.13 has Insecure Permissions for the previewRm.sh daily cronjob. To exploit this, an attacker needs access as a low-privileged user to the underlying DOMOS system. Every user on the system has write permission for previewRm.sh, which is executed by the root user. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40361 |
CVE-2023-5523 | Execution of downloaded content flaw in M-Files Web Companion before release version 23.10 and LTS Service Release Versions before 23.8 LTS SR1 allows \n\nRemote Code Execution \n\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5523 |
CVE-2023-34045 | VMware Fusion(13.x prior to 13.5) contains a local privilege escalation vulnerability that occurs during \ninstallation for the first time (the user needs to drag or copy the \napplication to a folder from the '.dmg' volume) or when installing an \nupgrade. A malicious actor with local non-administrative user privileges may \nexploit this vulnerability to escalate privileges to root on the system \nwhere Fusion is installed or being installed for the first time. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-34045 |
CVE-2023-3487 | \nAn integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and earlier allows unbounded memory access when reading from or writing to storage slots.\n\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-3487 |
CVE-2023-45805 | pdm is a Python package and dependency manager supporting the latest PEP standards. It's possible to craft a malicious `pdm.lock` file that could allow e.g. an insider or a malicious open source project to appear to depend on a trusted PyPI project, but actually install another project. A project `foo` can be targeted by creating the project `foo-2` and uploading the file `foo-2-2.tar.gz` to pypi.org. PyPI will see this as project `foo-2` version `2`, while PDM will see this as project `foo` version `2-2`. The version must only be `parseable as a version` and the filename must be a prefix of the project name, but it's not verified to match the version being installed. Version `2-2` is also not a valid normalized version per PEP 440. Matching the project name exactly (not just prefix) would fix the issue. When installing dependencies with PDM, what's actually installed could differ from what's listed in `pyproject.toml` (including arbitrary code execution on install). It could also be used for downgrade attacks by only changing the version. This issue has been addressed in commit `6853e2642df` which is included in release version `2.9.4`. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45805 |
CVE-2023-45675 | stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[len] = (char)'\\0';`. The root cause is that if the len read in `start_decoder` is `-1` and `len + 1` becomes 0 when passed to `setup_malloc`. The `setup_malloc` behaves differently when `f->alloc.alloc_buffer` is pre-allocated. Instead of returning `NULL` as in `malloc` case it shifts the pre-allocated buffer by zero and returns the currently available memory block. This issue may lead to code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45675 |
CVE-2023-45676 | stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[i] = get8_packet(f);`. The root cause is an integer overflow in `setup_malloc`. A sufficiently large value in the variable `sz` overflows with `sz+7` in and the negative value passes the maximum available memory buffer check. This issue may lead to code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45676 |
CVE-2023-45677 | stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[len] = (char)'\\0';`. The root cause is that if `len` read in `start_decoder` is a negative number and `setup_malloc` successfully allocates memory in that case, but memory write is done with a negative index `len`. Similarly if len is INT_MAX the integer overflow len+1 happens in `f->vendor = (char*)setup_malloc(f, sizeof(char) * (len+1));` and `f->comment_list[i] = (char*)setup_malloc(f, sizeof(char) * (len+1));`. This issue may lead to code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45677 |
CVE-2023-45678 | stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of buffer write in `start_decoder` because at maximum `m->submaps` can be 16 but `submap_floor` and `submap_residue` are declared as arrays of 15 elements. This issue may lead to code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45678 |
CVE-2023-45679 | stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, but some of the pointers in `f->comment_list` are left initialized and later `setup_free` is called on these pointers in `vorbis_deinit`. This issue may lead to code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45679 |
CVE-2023-45681 | stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory write past an allocated heap buffer in `start_decoder`. The root cause is a potential integer overflow in `sizeof(char*) * (f->comment_list_length)` which may make `setup_malloc` allocate less memory than required. Since there is another integer overflow an attacker may overflow it too to force `setup_malloc` to return 0 and make the exploit more reliable. This issue may lead to code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45681 |
CVE-2021-26735 | The Zscaler Client Connector Installer and Unsintallers for Windows prior to 3.6 had an unquoted search path vulnerability. A local adversary may be able to execute code with SYSTEM privileges.\n\n\n\n\n\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-26735 |
CVE-2021-26736 | Multiple vulnerabilities in the Zscaler Client Connector Installer and Uninstaller for Windows prior to 3.6 allowed execution of binaries from a low privileged path. A local adversary may be able to execute code with SYSTEM privileges.\n\n\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-26736 |
CVE-2021-26738 | Zscaler Client Connector for macOS prior to 3.7 had an unquoted search path vulnerability via the PATH variable. A local adversary may be able to execute code with root privileges.\n\n\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-26738 |
CVE-2023-28793 | Buffer overflow vulnerability in the signelf library used by Zscaler Client Connector on Linux allows Code Injection. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6.\n\n\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28793 |
CVE-2023-28795 | Origin Validation Error vulnerability in Zscaler Client Connector on Linux allows Inclusion of Code in Existing Process. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6.\n\n\n\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28795 |
CVE-2023-28796 | \nImproper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows Code Injection. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6.\n\n\n\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28796 |
CVE-2023-43066 | \nDell Unity prior to 5.3 contains a Restricted Shell Bypass vulnerability. This could allow an authenticated, local attacker to exploit this vulnerability by authenticating to the device CLI and issuing certain commands.\n\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43066 |
CVE-2023-46603 | In International Color Consortium DemoIccMAX 79ecb74, there is an out-of-bounds read in the CIccPRMG::GetChroma function in IccProfLib/IccPrmg.cpp in libSampleICC.a. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46603 |
CVE-2022-3699 | \nA privilege escalation vulnerability was reported in the Lenovo HardwareScanPlugin prior to version 1.3.1.2 and Lenovo Diagnostics prior to version 4.45\n\n\n\n that could allow a local user to execute code with elevated privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-3699 |
CVE-2023-3112 | A vulnerability was reported in Elliptic Labs Virtual Lock Sensor for ThinkPad T14 Gen 3 that could allow an attacker with local access to execute code with elevated privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-3112 |
CVE-2023-45555 | File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker to execute arbitrary code via a crafted file to the down_url function in zzz.php file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45555 |
CVE-2023-40116 | In onTaskAppeared of PipTaskOrganizer.java, there is a possible way to bypass background activity launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40116 |
CVE-2023-40117 | In resetSettingsLocked of SettingsProvider.java, there is a possible lockscreen bypass due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40117 |
CVE-2023-40120 | In multiple locations, there is a possible way to bypass user notification of foreground services due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40120 |
CVE-2023-40125 | In onCreate of ApnEditor.java, there is a possible way for a Guest user to change the APN due to a permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40125 |
CVE-2023-40128 | In several functions of xmlregexp.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40128 |
CVE-2023-40130 | In onBindingDied of CallRedirectionProcessor.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege and background activity launch with no additional execution privileges needed. User interaction is not needed for exploitation. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40130 |
CVE-2023-46468 | An issue in juzawebCMS v.3.4 and before allows a remote attacker to execute arbitrary code via a crafted file to the custom plugin function. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46468 |
CVE-2020-2108 | Jenkins WebSphere Deployer Plugin 1.6.1 and earlier does not configure the XML parser to prevent XXE attacks which can be exploited by a user with Job/Configure permissions. | 7.6 | https://nvd.nist.gov/vuln/detail/CVE-2020-2108 |
CVE-2019-1003043 | A missing permission check in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003043 |
CVE-2019-10330 | Jenkins Gitea Plugin 1.1.1 and earlier did not implement trusted revisions, allowing attackers without commit access to the Git repo to change Jenkinsfiles even if Jenkins is configured to consider them to be untrusted. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10330 |
CVE-2019-10337 | An XML external entities (XXE) vulnerability in Jenkins Token Macro Plugin 2.7 and earlier allowed attackers able to control a the content of the input file for the "XML" macro to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side request forgery, or denial-of-service attacks. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10337 |
CVE-2019-10353 | CSRF tokens in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier did not expire, thereby allowing attackers able to obtain them to bypass CSRF protection. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10353 |
CVE-2019-10371 | A session fixation vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows unauthorized attackers to impersonate another user if they can control the pre-authentication session. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10371 |
CVE-2019-10381 | Jenkins Codefresh Integration Plugin 1.8 and earlier disables SSL/TLS and hostname verification globally for the Jenkins master JVM. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10381 |
CVE-2019-10411 | Jenkins Inedo BuildMaster Plugin 2.4.0 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10411 |
CVE-2019-10412 | Jenkins Inedo ProGet Plugin 1.2 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10412 |
CVE-2019-10428 | Jenkins Aqua Security Scanner Plugin 3.0.17 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10428 |
CVE-2019-10434 | Jenkins LDAP Email Plugin transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10434 |
CVE-2019-10435 | Jenkins SourceGear Vault Plugin transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10435 |
CVE-2020-2114 | Jenkins S3 publisher Plugin 0.11.4 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2114 |
CVE-2020-2165 | Jenkins Artifactory Plugin 3.6.0 and earlier transmits configured passwords in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2165 |
CVE-2020-2232 | Jenkins Email Extension Plugin 2.72 and 2.73 transmits and displays the SMTP password in plain text as part of the global Jenkins configuration form, potentially resulting in its exposure. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2232 |
CVE-2020-25648 | A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-25648 |
CVE-2020-2322 | Jenkins Chaos Monkey Plugin 0.3 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to generate load and to generate memory leaks. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2322 |
CVE-2020-2324 | Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2324 |
CVE-2021-21671 | Jenkins 2.299 and earlier, LTS 2.289.1 and earlier does not invalidate the previous session on login. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-21671 |
CVE-2021-21996 | An issue was discovered in SaltStack Salt before 3003.3. A user who has control of the source, and source_hash URLs can gain full file system access as root on a salt minion. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-21996 |
CVE-2021-21688 | The agent-to-controller security check FilePath#reading(FileVisitor) in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not reject any operations, allowing users to have unrestricted read access using certain operations (creating archives, FilePath#copyRecursiveTo). | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-21688 |
CVE-2021-21698 | Jenkins Subversion Plugin 2.15.0 and earlier does not restrict the name of a file when looking up a subversion key file on the controller from an agent. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-21698 |
CVE-2021-4104 | JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-4104 |
CVE-2022-23116 | Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to decrypt secrets stored in Jenkins obtained through another method. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-23116 |
CVE-2022-23117 | Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to retrieve all username/password credentials stored on the Jenkins controller. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-23117 |
CVE-2022-23098 | An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation has an infinite loop if no data is received. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-23098 |
CVE-2022-0538 | Jenkins 2.333 and earlier, LTS 2.319.2 and earlier defines custom XStream converters that have not been updated to apply the protections for the vulnerability CVE-2021-43859 and allow unconstrained resource usage. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-0538 |
CVE-2022-28142 | Jenkins Proxmox Plugin 0.6.0 and earlier disables SSL/TLS certificate validation globally for the Jenkins controller JVM when configured to ignore SSL/TLS issues. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-28142 |
CVE-2022-29534 | An issue was discovered in MISP before 2.4.158. In UsersController.php, password confirmation can be bypassed via vectors involving an "Accept: application/json" header. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-29534 |
CVE-2022-30947 | Jenkins Git Plugin 4.11.1 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30947 |
CVE-2022-30948 | Jenkins Mercurial Plugin 2.16 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30948 |
CVE-2022-34174 | In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts with a valid username and wrong password, when using the Jenkins user database security realm. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34174 |
CVE-2022-34175 | Jenkins 2.335 through 2.355 (both inclusive) allows attackers in some cases to bypass a protection mechanism, thereby directly accessing some view fragments containing sensitive information, bypassing any permission checks in the corresponding view. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34175 |
CVE-2022-34177 | Jenkins Pipeline: Input Step Plugin 448.v37cea_9a_10a_70 and earlier archives files uploaded for `file` parameters for Pipeline `input` steps on the controller as part of build metadata, using the parameter name without sanitization as a relative path inside a build-related directory, allowing attackers able to configure Pipelines to create or replace arbitrary files on the Jenkins controller file system with attacker-specified content. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34177 |
CVE-2022-34179 | Jenkins Embeddable Build Status Plugin 2.0.3 and earlier allows specifying a `style` query parameter that is used to choose a different SVG image style without restricting possible values, resulting in a relative path traversal vulnerability that allows attackers without Overall/Read permission to specify paths to other SVG images on the Jenkins controller file system. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34179 |
CVE-2022-34180 | Jenkins Embeddable Build Status Plugin 2.0.3 and earlier does not correctly perform the ViewStatus permission check in the HTTP endpoint it provides for "unprotected" status badge access, allowing attackers without any permissions to obtain the build status badge icon for any attacker-specified job and/or build. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34180 |
CVE-2022-36883 | A missing permission check in Jenkins Git Plugin 4.11.3 and earlier allows unauthenticated attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-36883 |
CVE-2022-40146 | Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-40146 |
CVE-2022-43415 | Jenkins REPO Plugin 1.15.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-43415 |
CVE-2022-43429 | Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to read arbitrary files on the Jenkins controller file system. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-43429 |
CVE-2022-43430 | Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-43430 |
CVE-2022-39018 | \nBroken access controls on PDFtron data in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to access restricted PDF files via a known URL.\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-39018 |
CVE-2022-39019 | \nBroken access controls on PDFtron WebviewerUI in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to upload malicious files to the application server.\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-39019 |
CVE-2022-3059 | \nThe application was vulnerable to multiple instances of SQL injection (authenticated and unauthenticated) through a vulnerable parameter. Due to the stacked query support, complex SQL commands could be crafted and injected into the vulnerable parameter and using a sleep based inferential SQL injection it was possible to extract data from the database.\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-3059 |
CVE-2022-38666 | Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.146 and earlier unconditionally disables SSL/TLS certificate and hostname validation for several features. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-38666 |
CVE-2022-45379 | Jenkins Script Security Plugin 1189.vb_a_b_7c8fd5fde and earlier stores whole-script approvals as the SHA-1 hash of the script, making it vulnerable to collision attacks. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-45379 |
CVE-2022-45385 | A missing permission check in Jenkins CloudBees Docker Hub/Registry Notification Plugin 2.6.2 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-45385 |
CVE-2022-45388 | Jenkins Config Rotator Plugin 2.0.1 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing unauthenticated attackers to read arbitrary files with '.xml' extension on the Jenkins controller file system. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-45388 |
CVE-2022-45391 | Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier globally and unconditionally disables SSL/TLS certificate and hostname validation for the entire Jenkins controller JVM. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-45391 |
CVE-2022-36785 | \nD-Link – G integrated Access Device4 Information Disclosure & Authorization Bypass.\n*Information Disclosure – \nfile contains a URL with private IP at line 15 "login.asp" A. The\nwindow.location.href = http://192.168.1.1/setupWizard.asp" http://192.168.1.1/setupWizard.asp" ;\n"admin" – contains default username value "login.asp" B. While accessing the web interface, the login form at \n\n*Authorization Bypass – \nURL by "setupWizard.asp' while it blocks direct access to – the web interface does not properly validate user identity variables values located at the client side, it is available to access it without a "login_glag" and "login_status" checking browser and to read the admin user credentials for the web interface.\n\n\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-36785 |
CVE-2022-30122 | A possible denial of service vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 in the multipart parsing component of Rack. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30122 |
CVE-2022-4869 | A vulnerability was found in Evolution Events Artaxerxes. It has been declared as problematic. This vulnerability affects unknown code of the file arta/common/middleware.py of the component POST Parameter Handler. The manipulation of the argument password leads to information disclosure. The attack can be initiated remotely. The patch is identified as 022111407d34815c16c6eada2de69ca34084dc0d. It is recommended to apply a patch to fix this issue. VDB-217438 is the identifier assigned to this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-4869 |
CVE-2022-4879 | A vulnerability was found in Forged Alliance Forever up to 3746. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Vote Handler. The manipulation leads to improper authorization. Upgrading to version 3747 is able to address this issue. The patch is named 6880971bd3d73d942384aff62d53058c206ce644. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217555. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-4879 |
CVE-2018-25074 | A vulnerability was found in Prestaul skeemas and classified as problematic. This issue affects some unknown processing of the file validators/base.js. The manipulation of the argument uri leads to inefficient regular expression complexity. The patch is named 65e94eda62dc8dc148ab3e59aa2ccc086ac448fd. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218003. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-25074 |
CVE-2018-25079 | A vulnerability was found in Segmentio is-url up to 1.2.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely. Upgrading to version 1.2.3 is able to address this issue. The patch is identified as 149550935c63a98c11f27f694a7c4a9479e53794. It is recommended to upgrade the affected component. VDB-220058 is the identifier assigned to this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-25079 |
CVE-2023-0705 | Integer overflow in Core in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who had one a race condition to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0705 |
CVE-2019-25102 | A vulnerability, which was classified as problematic, was found in simple-markdown 0.6.0. Affected is an unknown function of the file simple-markdown.js. The manipulation with the input <<<<<<<<<<:/:/:/:/:/:/:/:/:/:/ leads to inefficient regular expression complexity. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.6.1 is able to address this issue. The patch is identified as 015a719bf5cdc561feea05500ecb3274ef609cd2. It is recommended to upgrade the affected component. VDB-220638 is the identifier assigned to this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-25102 |
CVE-2019-25103 | A vulnerability has been found in simple-markdown 0.5.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file simple-markdown.js. The manipulation leads to inefficient regular expression complexity. The attack can be launched remotely. Upgrading to version 0.5.2 is able to address this issue. The patch is named 89797fef9abb4cab2fb76a335968266a92588816. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220639. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-25103 |
CVE-2023-22941 | In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, an improperly-formatted ‘INGEST_EVAL’ parameter in a Field Transformation crashes the Splunk daemon (splunkd). | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-22941 |
CVE-2019-25104 | A vulnerability has been found in rtcwcoop 1.0.2 and classified as problematic. Affected by this vulnerability is the function AICast_ScriptLoad of the file code/game/ai_cast_script.c of the component Team Command Handler. The manipulation leads to denial of service. The identifier of the patch is f2cd18bc2e1cbca8c4b78bee9c392272bd5f42ac. It is recommended to apply a patch to fix this issue. The identifier VDB-221485 was assigned to this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-25104 |
CVE-2023-0053 | SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and \nprior and BACnetstac version 4.2.1 and prior have only FTP and Telnet \navailable for device management. Any sensitive information communicated \nthrough these protocols, such as credentials, is sent in cleartext. An \nattacker could obtain sensitive information such as user credentials to \ngain access to the system. \n\n\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0053 |
CVE-2023-27857 | \n In affected versions, a heap-based buffer over-read condition occurs when the message field indicates more data than is present in the message field\n\n\n\n in Rockwell Automation's ThinManager ThinServer. An unauthenticated remote attacker can exploit this vulnerability to crash ThinServer.exe due to a read access violation.\n\n\n\n \n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-27857 |
CVE-2023-31490 | An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_attr_psid_sub() function. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-31490 |
CVE-2023-32067 | c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-32067 |
CVE-2023-37307 | In MISP before 2.4.172, title_for_layout is not properly sanitized in Correlations, CorrelationExclusions, and Layouts. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-37307 |
CVE-2023-3635 | GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client when handling a crafted GZIP archive, by using the GzipSource class.\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-3635 |
CVE-2023-38403 | iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-38403 |
CVE-2023-39533 | go-libp2p is the Go implementation of the libp2p Networking Stack. Prior to versions 0.27.8, 0.28.2, and 0.29.1 malicious peer can use large RSA keys to run a resource exhaustion attack & force a node to spend time doing signature verification of the large key. This vulnerability is present in the core/crypto module of go-libp2p and can occur during the Noise handshake and the libp2p x509 extension verification step. To prevent this attack, go-libp2p versions 0.27.8, 0.28.2, and 0.29.1 restrict RSA keys to <= 8192 bits. To protect one's application, it is necessary to update to these patch releases and to use the updated Go compiler in 1.20.7 or 1.19.12. There are no known workarounds for this issue. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-39533 |
CVE-2023-3823 | In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling appropriate function. However, since the state is process-global, other modules - such as ImageMagick - may also use this library within the same process, and change that global state for their internal purposes, and leave it in a state where external entities loading is enabled. This can lead to the situation where external XML is parsed with external entities loaded, which can lead to disclosure of any local files accessible to PHP. This vulnerable state may persist in the same process across many requests, until the process is shut down. \n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-3823 |
CVE-2023-41358 | An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attribute length is zero. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-41358 |
CVE-2023-38802 | FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation). | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-38802 |
CVE-2023-20900 | A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html . | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-20900 |
CVE-2023-41909 | An issue was discovered in FRRouting FRR through 9.0. bgp_nlri_parse_flowspec in bgpd/bgp_flowspec.c processes malformed requests with no attributes, leading to a NULL pointer dereference. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-41909 |
CVE-2023-20191 | A vulnerability in the access control list (ACL) processing on MPLS interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incomplete support for this feature. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an ACL on the affected device.There are workarounds that address this vulnerability.\r\n\r \r\n\r \r This advisory is part of the September 2023 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2023 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication . | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-20191 |
CVE-2023-43783 | Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/cadence-wineasio.reg Temporary File. The filename is used even if it has been created by a local adversary before Cadence started. The adversary can leverage this to create or overwrite files via a symlink attack. In some kernel configurations, code injection into the Wine registry is possible. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43783 |
CVE-2023-3223 | A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-3223 |
CVE-2023-43615 | Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43615 |
CVE-2023-44487 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-44487 |
CVE-2023-4966 | Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server. \n\n\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-4966 |
CVE-2020-27213 | An issue was discovered in Ethernut Nut/OS 5.1. The code that generates Initial Sequence Numbers (ISNs) for TCP connections derives the ISN from an insufficiently random source. As a result, an attacker may be able to determine the ISN of current and future TCP connections and either hijack existing ones or spoof future ones. While the ISN generator seems to adhere to RFC 793 (where a global 32-bit counter is incremented roughly every 4 microseconds), proper ISN generation should aim to follow at least the specifications outlined in RFC 6528. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-27213 |
CVE-2023-36478 | Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to\nexceed their size limit. `MetaDataBuilder.java` determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded. However, when length is very large and huffman is true, the multiplication by 4 in line 295\nwill overflow, and length will become negative. `(_size+length)` will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. Users of HTTP/2 can be impacted by a remote denial of service attack. The issue has been fixed in versions 11.0.16, 10.0.16, and 9.4.53. There are no known workarounds. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-36478 |
CVE-2023-39325 | A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-39325 |
CVE-2023-43121 | A Directory Traversal vulnerability discovered in Chalet application in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, before 22.7, and before 31.7.2 allows attackers to read arbitrary files. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43121 |
CVE-2023-45810 | OpenFGA is a flexible authorization/permission engine built for developers and inspired by Google Zanzibar. Affected versions of OpenFGA are vulnerable to a denial of service attack. When a number of `ListObjects` calls are executed, in some scenarios, those calls are not releasing resources even after a response has been sent, and given a sufficient call volume the service as a whole becomes unresponsive. This issue has been addressed in version 1.3.4 and the upgrade is considered backwards compatible. There are no known workarounds for this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-45810 |
CVE-2023-5552 | A password disclosure vulnerability in the Secure PDF eXchange (SPX) feature allows attackers with full email access to decrypt PDFs in Sophos Firewall version 19.5 MR3 (19.5.3) and older, if the password type is set to “Specified by sender”. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5552 |
CVE-2023-38552 | When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node's policy implementation, thus effectively disabling the integrity check.\nImpacts:\nThis vulnerability affects all users using the experimental policy mechanism in all active release lines: 18.x and, 20.x.\nPlease note that at the time this CVE was issued, the policy mechanism is an experimental feature of Node.js. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-38552 |
CVE-2023-39331 | A previously disclosed vulnerability (CVE-2023-30584) was patched insufficiently in commit 205f1e6. The new path traversal vulnerability arises because the implementation does not protect itself against the application overwriting built-in utility functions with user-defined implementations.\n\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-39331 |
CVE-2023-42319 | Geth (aka go-ethereum) through 1.13.4, when --http --graphql is used, allows remote attackers to cause a denial of service (memory consumption and daemon hang) via a crafted GraphQL query. NOTE: the vendor's position is that the "graphql endpoint [is not] designed to withstand attacks by hostile clients, nor handle huge amounts of clients/traffic. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-42319 |
CVE-2023-5632 | In Eclipse Mosquito before and including 2.0.5, establishing a connection to the mosquitto server without sending data causes the EPOLLOUT event to be added, which results excessive CPU consumption. This could be used by a malicious actor to perform denial of service type attack. This issue is fixed in 2.0.6\n\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5632 |
CVE-2023-45727 | Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and earlier allow a remote unauthenticated attacker to conduct XML External Entity (XXE) attacks. By processing a specially crafted request containing malformed XML data, arbitrary files on the server containing account information may be read by the attacker. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-45727 |
CVE-2023-45383 | In the module "SoNice etiquetage" (sonice_etiquetage) up to version 2.5.9 from Common-Services for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack. Due to a lack of permissions control and a lack of control in the path name construction, a guest can perform a path traversal to view all files on the information system. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-45383 |
CVE-2023-30911 | HPE Integrated Lights-Out 5, and Integrated Lights-Out 6 using iLOrest may cause denial of service. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-30911 |
CVE-2023-45912 | WIPOTEC GmbH ComScale v4.3.29.21344 and v4.4.12.723 fails to validate user sessions, allowing unauthenticated attackers to read files from the underlying operating system and obtain directory listings. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-45912 |
CVE-2023-35656 | In multiple functions of protocolembmsadapter.cpp, there is a possible out\n of bounds read due to a missing bounds check. This could lead to remote\n information disclosure with no additional execution privileges needed. User\n interaction is not needed for exploitation. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-35656 |
CVE-2023-35663 | In Init of protocolnetadapter.cpp, there is a possible out of bounds read\n due to a missing bounds check. This could lead to remote information\n disclosure with no additional execution privileges needed. User interaction\n is not needed for exploitation. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-35663 |
CVE-2023-45813 | Torbot is an open source tor network intelligence tool. In affected versions the `torbot.modules.validators.validate_link function` uses the python-validators URL validation regex. This particular regular expression has an exponential complexity which allows an attacker to cause an application crash using a well-crafted argument. An attacker can use a well-crafted URL argument to exploit the vulnerability in the regular expression and cause a Denial of Service on the system. The validators file has been removed in version 4.0.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-45813 |
CVE-2023-45812 | The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation. Affected versions are subject to a Denial-of-Service (DoS) type vulnerability which causes the Router to panic and terminate when a multi-part response is sent. When users send queries to the router that uses the `@defer` or Subscriptions, the Router will panic. To be vulnerable, users of Router must have a coprocessor with `coprocessor.supergraph.response` configured in their `router.yaml` and also to support either `@defer` or Subscriptions. Apollo Router version 1.33.0 has a fix for this vulnerability which was introduced in PR #4014. Users are advised to upgrade. Users unable to upgrade should avoid using the coprocessor supergraph response or disable defer and subscriptions support and continue to use the coprocessor supergraph response. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-45812 |
CVE-2023-34437 | \n\n\nBaker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05\n\n contains a vulnerability in their password retrieval functionality which could allow an attacker to access passwords stored on the device. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-34437 |
CVE-2023-5204 | The ChatBot plugin for WordPress is vulnerable to SQL Injection via the $strid parameter in versions up to, and including, 4.8.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5204 |
CVE-2022-24402 | The TETRA TEA1 keystream generator implements a key register initialization function that compresses the 80-bit key to only 32 bits for usage during the keystream generation phase, which is insufficient to safeguard against exhaustive search attacks. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-24402 |
CVE-2022-24404 | Lack of cryptographic integrity check on TETRA air-interface encrypted traffic. Since a stream cipher is employed, this allows an active adversary to manipulate cleartext data in a bit-by-bit fashion. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-24404 |
CVE-2023-46227 | \nDeserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.\n\nThis issue affects Apache InLong: from 1.4.0 through 1.8.0, the attacker can use \\t to bypass. Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick [1] to solve it.\n\n[1] https://github.com/apache/inlong/pull/8814 \n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-46227 |
CVE-2023-45277 | Yamcs 5.8.6 is vulnerable to directory traversal (issue 1 of 2). The vulnerability is in the storage functionality of the API and allows one to escape the base directory of the buckets, freely navigate system directories, and read arbitrary files. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-45277 |
CVE-2023-45823 | Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which by using symbolic links in certain kinds of repositories loaded into Artifact Hub, it was possible to read internal files. Artifact Hub indexes content from a variety of sources, including git repositories. When processing git based repositories, Artifact Hub clones the repository and, depending on the artifact kind, reads some files from it. During this process, in some cases, no validation was done to check if the file was a symbolic link. This made possible to read arbitrary files in the system, potentially leaking sensitive information. This issue has been resolved in version `1.16.0`. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-45823 |
CVE-2023-44690 | Inadequate encryption strength in mycli 1.27.0 allows attackers to view sensitive information via /mycli/config.py | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-44690 |
CVE-2023-4668 | The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the ai-debug-processing-fe URL parameter. This can allow unauthenticated attackers to extract sensitive data including installed plugins (present and active), active theme, various plugin settings, WordPress version, as well as some server settings such as memory limit, installation paths. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-4668 |
CVE-2023-32786 | In Langchain through 0.0.155, prompt injection allows an attacker to force the service to retrieve data from an arbitrary URL, essentially providing SSRF and potentially injecting content into downstream tasks. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-32786 |
CVE-2023-45667 | stb_image is a single file MIT licensed library for processing images.\n\nIf `stbi__load_gif_main` in `stbi_load_gif_from_memory` fails it returns a null pointer and may keep the `z` variable uninitialized. In case the caller also sets the flip vertically flag, it continues and calls `stbi__vertical_flip_slices` with the null pointer result value and the uninitialized `z` value. This may result in a program crash. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-45667 |
CVE-2023-5132 | The Soisy Pagamento Rateale plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the parseRemoteRequest function in versions up to, and including, 6.0.1. This makes it possible for unauthenticated attackers with knowledge of an existing WooCommerce Order ID to expose sensitive WooCommerce order information (e.g., Name, Address, Email Address, and other order metadata). | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5132 |
CVE-2023-38275 | IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in container images which could lead to further attacks against the system. IBM X-Force ID: 260730. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-38275 |
CVE-2023-38276 | IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in environment variables which could aid in further attacks against the system. IBM X-Force ID: 260736. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-38276 |
CVE-2023-46298 | Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via that CDN. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-46298 |
CVE-2023-46303 | link_to_local_path in ebooks/conversion/plugins/html_input.py in calibre before 6.19.0 can, by default, add resources outside of the document root. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-46303 |
CVE-2023-46315 | The zanllp sd-webui-infinite-image-browsing (aka Infinite Image Browsing) extension before 977815a for stable-diffusion-webui (aka Stable Diffusion web UI), if Gradio authentication is enabled without secret key configuration, allows remote attackers to read any local file via /file?path= in the URL, as demonstrated by reading /proc/self/environ to discover credentials. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-46315 |
CVE-2023-46319 | WALLIX Bastion 9.x before 9.0.9 and 10.x before 10.0.5 allows unauthenticated access to sensitive information by bypassing access control on a network access administration web interface. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-46319 |
CVE-2023-46324 | pkg/suci/suci.go in free5GC udm before 1.2.0, when Go before 1.19 is used, allows an Invalid Curve Attack because it may compute a shared secret via an uncompressed public key that has not been validated. An attacker can send arbitrary SUCIs to the UDM, which tries to decrypt them via both its private key and the attacker's public key. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-46324 |
CVE-2023-31122 | Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57.\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-31122 |
CVE-2023-43074 | \nDell Unity 5.3 contain(s) an Arbitrary File Creation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by crafting arbitrary files through a request to the server.\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43074 |
CVE-2023-43045 | IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 could allow a remote user to perform unauthorized actions due to improper authentication. IBM X-Force ID: 266896. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43045 |
CVE-2023-33837 | IBM Security Verify Governance 10.0 does not encrypt sensitive or critical information before storage or transmission. IBM X-Force ID: 256020. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-33837 |
CVE-2023-45966 | umputun remark42 version 1.12.1 and before has a Blind Server-Side Request Forgery (SSRF) vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-45966 |
CVE-2023-33517 | carRental 1.0 is vulnerable to Incorrect Access Control (Arbitrary File Read on the Back-end System). | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-33517 |
CVE-2023-26570 | Missing authentication in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-26570 |
CVE-2023-26571 | Missing authentication in the SetStudentNotes method in IDAttend’s IDWeb application 3.1.052 and earlier allows modification of student data by unauthenticated attackers. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-26571 |
CVE-2023-26574 | Missing authentication in the SearchStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-26574 |
CVE-2023-26575 | Missing authentication in the SearchStudentsStaff method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student and teacher data by unauthenticated attackers. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-26575 |
CVE-2023-26576 | Missing authentication in the SearchStudentsRFID method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-26576 |
CVE-2023-26580 | Unauthenticated arbitrary file read in the IDAttend’s IDWeb application 3.1.013 allows the retrieval of any file present on the web server by unauthenticated attackers. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-26580 |
CVE-2023-27257 | Missing authentication in the GetActiveToiletPasses method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student information by unauthenticated attackers. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-27257 |
CVE-2023-27258 | Missing authentication in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student and teacher data by unauthenticated attackers. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-27258 |
CVE-2023-27259 | Missing authentication in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student and teacher data by unauthenticated attackers. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-27259 |
CVE-2023-27375 | Missing authentication in the StudentPopupDetails_ContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-27375 |
CVE-2023-27376 | Missing authentication in the StudentPopupDetails_StudentDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-27376 |
CVE-2023-27377 | Missing authentication in the StudentPopupDetails_EmergencyContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-27377 |
CVE-2023-31582 | jose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-31582 |
CVE-2023-39219 | PingFederate Administrative Console dependency contains a weakness where console becomes unresponsive with crafted Java class loading enumeration requests\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-39219 |
CVE-2023-39619 | ReDos in NPMJS Node Email Check v.1.0.4 allows an attacker to cause a denial of service via a crafted string to the scpSyntax component. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-39619 |
CVE-2023-5570 | Improper Protection for Outbound Error Messages and Alert Signals vulnerability in Inohom Home Manager Gateway allows Account Footprinting.This issue affects Home Manager Gateway: before v.1.27.12.\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5570 |
CVE-2023-5443 | Improper Protection for Outbound Error Messages and Alert Signals vulnerability in EDM Informatics E-invoice allows Account Footprinting.This issue affects E-invoice: before 2.1.\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5443 |
CVE-2019-1003009 | An improper certificate validation vulnerability exists in Jenkins Active Directory Plugin 2.10 and earlier in src/main/java/hudson/plugins/active_directory/ActiveDirectoryDomain.java, src/main/java/hudson/plugins/active_directory/ActiveDirectorySecurityRealm.java, src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java that allows attackers to impersonate the Active Directory server Jenkins connects to for authentication if Jenkins is configured to use StartTLS. | 7.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003009 |
CVE-2020-2146 | Jenkins Mac Plugin 1.1.0 and earlier does not validate SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks. | 7.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2146 |
CVE-2020-35662 | In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated. | 7.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-35662 |
CVE-2021-43809 | `Bundler` is a package for managing application dependencies in Ruby. In `bundler` versions before 2.2.33, when working with untrusted and apparently harmless `Gemfile`'s, it is not expected that they lead to execution of external code, unless that's explicit in the ruby code inside the `Gemfile` itself. However, if the `Gemfile` includes `gem` entries that use the `git` option with invalid, but seemingly harmless, values with a leading dash, this can be false. To handle dependencies that come from a Git repository instead of a registry, Bundler uses various commands, such as `git clone`. These commands are being constructed using user input (e.g. the repository URL). When building the commands, Bundler versions before 2.2.33 correctly avoid Command Injection vulnerabilities by passing an array of arguments instead of a command string. However, there is the possibility that a user input starts with a dash (`-`) and is therefore treated as an optional argument instead of a positional one. This can lead to Code Execution because some of the commands have options that can be leveraged to run arbitrary executables. Since this value comes from the `Gemfile` file, it can contain any character, including a leading dash.\n\nTo exploit this vulnerability, an attacker has to craft a directory containing a `Gemfile` file that declares a dependency that is located in a Git repository. This dependency has to have a Git URL in the form of `-u./payload`. This URL will be used to construct a Git clone command but will be interpreted as the upload-pack argument. Then this directory needs to be shared with the victim, who then needs to run a command that evaluates the Gemfile, such as `bundle lock`, inside.\n\nThis vulnerability can lead to Arbitrary Code Execution, which could potentially lead to the takeover of the system. However, the exploitability is very low, because it requires a lot of user interaction. Bundler 2.2.33 has patched this problem by inserting `--` as an argument before any positional arguments to those Git commands that were affected by this issue. Regardless of whether users can upgrade or not, they should review any untrustred `Gemfile`'s before running any `bundler` commands that may read them, since they can contain arbitrary ruby code. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-43809 |
CVE-2022-36069 | Poetry is a dependency manager for Python. When handling dependencies that come from a Git repository instead of a registry, Poetry uses various commands, such as `git clone`. These commands are constructed using user input (e.g. the repository URL). When building the commands, Poetry correctly avoids Command Injection vulnerabilities by passing an array of arguments instead of a command string. However, there is the possibility that a user input starts with a dash (`-`) and is therefore treated as an optional argument instead of a positional one. This can lead to Code Execution because some of the commands have options that can be leveraged to run arbitrary executables. If a developer is exploited, the attacker could steal credentials or persist their access. If the exploit happens on a server, the attackers could use their access to attack other internal systems. Since this vulnerability requires a fair amount of user interaction, it is not as dangerous as a remotely exploitable one. However, it still puts developers at risk when dealing with untrusted files in a way they think is safe, because the exploit still works when the victim tries to make sure nothing can happen, e.g. by vetting any Git or Poetry config files that might be present in the directory. Versions 1.1.9 and 1.2.0b1 contain patches for this issue. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-36069 |
CVE-2023-36673 | An issue was discovered in Avira Phantom VPN through 2.23.1 for macOS. The VPN client insecurely configures the operating system such that all IP traffic to the VPN server's IP address is sent in plaintext outside the VPN tunnel, even if this traffic is not generated by the VPN client, while simultaneously using plaintext DNS to look up the VPN server's IP address. This allows an adversary to trick the victim into sending traffic to arbitrary IP addresses in plaintext outside the VPN tunnel. NOTE: the tunnelcrack.mathyvanhoef.com website uses this CVE ID to refer more generally to "ServerIP attack, combined with DNS spoofing, that can leak traffic to an arbitrary IP address" rather than to only Avira Phantom VPN. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-36673 |
CVE-2023-5524 | Insufficient blacklisting in M-Files Web Companion before release version 23.10 and LTS Service Release Versions before 23.8 LTS SR1 allows \n\nRemote Code Execution\n\n via specific file types\n\n | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-5524 |
CVE-2023-28797 | Zscaler Client Connector for Windows before 4.1 writes/deletes a configuration file inside specific folders on the disk. A malicious user can replace the folder and execute code as a privileged user.\n\n\n\n | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-28797 |
CVE-2019-1003003 | An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java that allows attackers with Overall/RunScripts permission to craft Remember Me cookies that would never expire, allowing e.g. to persist access to temporarily compromised user accounts. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003003 |
CVE-2019-1003004 | An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java that allows attackers to extend the duration of active HTTP sessions indefinitely even though the user account may have been deleted in the mean time. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003004 |
CVE-2022-39179 | \nCollege Management System v1.0 - Authenticated remote code execution.\nAn admin user (the authentication can be bypassed using SQL Injection that mentioned in my other report) can upload\n.php file that contains malicious code via student.php file.\n\n | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-39179 |
CVE-2022-4871 | A vulnerability classified as problematic was found in ummmmm nflpick-em.com up to 2.2.x. This vulnerability affects the function _Load_Users of the file html/includes/runtime/admin/JSON/LoadUsers.php. The manipulation of the argument sort leads to sql injection. The attack can be initiated remotely. The patch is identified as dd77a35942f527ea0beef5e0ec62b92e8b93211e. It is recommended to apply a patch to fix this issue. VDB-217270 is the identifier assigned to this vulnerability. NOTE: JSON entrypoint is only accessible via an admin account | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-4871 |
CVE-2018-25067 | A vulnerability, which was classified as critical, was found in JoomGallery up to 3.3.3. This affects an unknown part of the file administrator/components/com_joomgallery/views/config/tmpl/default.php of the component Image Sort Handler. The manipulation leads to sql injection. Upgrading to version 3.3.4 is able to address this issue. The identifier of the patch is dc414ee954e849082260f8613e15a1c1e1d354a1. It is recommended to upgrade the affected component. The identifier VDB-217569 was assigned to this vulnerability. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2018-25067 |
CVE-2023-2744 | The ERP WordPress plugin before 1.12.4 does not properly sanitise and escape the `type` parameter in the `erp/v1/accounting/v1/people` REST API endpoint before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-2744 |
CVE-2023-25097 | Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the attach_class variable. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-25097 |
CVE-2023-23842 | The SolarWinds Network Configuration Manager was susceptible to the Directory Traversal Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-23842 |
CVE-2023-46004 | Sourcecodester Best Courier Management System 1.0 is vulnerable to Arbitrary file upload in the update_user function. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-46004 |
CVE-2023-35185 | The SolarWinds Access Rights Manager was susceptible to a Directory Traversal Remote Code Vulnerability using SYSTEM privileges. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-35185 |
CVE-2023-41899 | Home assistant is an open source home automation. In affected versions the `hassio.addon_stdin` is vulnerable to a partial Server-Side Request Forgery where an attacker capable of calling this service (e.g.: through GHSA-h2jp-7grc-9xpp) may be able to invoke any Supervisor REST API endpoints with a POST request. An attacker able to exploit will be able to control the data dictionary, including its addon and input key/values. This issue has been addressed in version 2023.9.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as GitHub Security Lab (GHSL) Vulnerability Report: `GHSL-2023-162`. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-41899 |
CVE-2023-5414 | The Icegram Express plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.6.23 via the show_es_logs function. This allows administrator-level attackers to read the contents of arbitrary files on the server, which can contain sensitive information including those belonging to other sites, for example in shared hosting environments. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-5414 |
CVE-2023-5681 | A vulnerability, which was classified as critical, was found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /admin/list_addr_fwresource_ip.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243057 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-5681 |
CVE-2023-20273 | A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root.\r\n\r This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-20273 |
CVE-2019-1003044 | A cross-site request forgery vulnerability in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003044 |
CVE-2019-16561 | Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows users with Overall/Read access to disable SSL/TLS certificate and hostname validation for the entire Jenkins master JVM. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-16561 |
CVE-2020-2138 | Jenkins Cobertura Plugin 1.15 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-2138 |
CVE-2020-2144 | Jenkins Rundeck Plugin 3.6.6 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-2144 |
CVE-2020-2178 | Jenkins Parasoft Findings Plugin 10.4.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-2178 |
CVE-2020-2245 | Jenkins Valgrind Plugin 0.28 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-2245 |
CVE-2020-2284 | Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-2284 |
CVE-2021-21652 | A cross-site request forgery (CSRF) vulnerability in Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-21652 |
CVE-2021-21655 | A cross-site request forgery (CSRF) vulnerability in Jenkins P4 Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified Perforce server using attacker-specified username and password. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-21655 |
CVE-2021-21656 | Jenkins Xcode integration Plugin 2.0.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-21656 |
CVE-2021-21680 | Jenkins Nested View Plugin 1.20 and earlier does not configure its XML transformer to prevent XML external entity (XXE) attacks. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-21680 |
CVE-2021-43577 | Jenkins OWASP Dependency-Check Plugin 5.1.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-43577 |
CVE-2022-20619 | A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-20619 |
CVE-2023-29030 | \nA cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability.\n\n | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-29030 |
CVE-2023-29031 | \nA cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability.\n\n | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-29031 |
CVE-2023-3141 | A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-3141 |
CVE-2023-3268 | An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-3268 |
CVE-2023-3567 | A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-3567 |
CVE-2022-44729 | Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16.\n\nOn version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even information disclosure. Users are recommended to upgrade to version 1.17 or later.\n\n | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-44729 |
CVE-2023-43803 | Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint `/v2/pkgs/tools/installed` and the way it handles plugin names supplied as user input. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can delete arbitrary files or folders belonging to the user that runs the Arduino Create Agent via a crafted HTTP POST request. This issue has been addressed in version `1.3.3`. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-43803 |
CVE-2023-43801 | Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint `/v2/pkgs/tools/installed` and the way it handles plugin names supplied as user input. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can delete arbitrary files or folders belonging to the user that runs the Arduino Create Agent via a crafted HTTP DELETE request. This issue has been addressed in version `1.3.3`. Users are advised to upgrade. There are no known workarounds for this issue.\n | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-43801 |
CVE-2023-45661 | stb_image is a single file MIT licensed library for processing images. A crafted image file may trigger out of bounds memcpy read in `stbi__gif_load_next`. This happens because two_back points to a memory address lower than the start of the buffer out. This issue may be used to leak internal memory allocation information. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-45661 |
CVE-2023-45682 | stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds read in `DECODE` macro when `var` is negative. As it can be seen in the definition of `DECODE_RAW` a negative `var` is a valid value. This issue may be used to leak internal memory allocation information. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-45682 |
CVE-2023-46122 | sbt is a build tool for Scala, Java, and others. Given a specially crafted zip or JAR file, `IO.unzip` allows writing of arbitrary file. This would have potential to overwrite `/root/.ssh/authorized_keys`. Within sbt's main code, `IO.unzip` is used in `pullRemoteCache` task and `Resolvers.remote`; however many projects use `IO.unzip(...)` directly to implement custom tasks. This vulnerability has been patched in version 1.9.7. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-46122 |
CVE-2023-35823 | An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2023-35823 |
CVE-2023-35824 | An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2023-35824 |
CVE-2023-4244 | A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.\n\nDue to a race condition between nf_tables netlink control plane transaction and nft_set element garbage collection, it is possible to underflow the reference counter causing a use-after-free vulnerability.\n\nWe recommend upgrading past commit 3e91b0ebd994635df2346353322ac51ce84ce6d8.\n\n | 7 | https://nvd.nist.gov/vuln/detail/CVE-2023-4244 |
CVE-2023-4622 | A use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve local privilege escalation.\n\nThe unix_stream_sendpage() function tries to add data to the last skb in the peer's recv queue without locking the queue. Thus there is a race where unix_stream_sendpage() could access an skb locklessly that is being released by garbage collection, resulting in use-after-free.\n\nWe recommend upgrading past commit 790c2f9d15b594350ae9bca7b236f2b1859de02c.\n\n | 7 | https://nvd.nist.gov/vuln/detail/CVE-2023-4622 |
CVE-2023-20135 | A vulnerability in Cisco IOS XR Software image verification checks could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system.\r\n\r This vulnerability is due to a time-of-check, time-of-use (TOCTOU) race condition when an install query regarding an ISO image is performed during an install operation that uses an ISO image. An attacker could exploit this vulnerability by modifying an ISO image and then carrying out install requests in parallel. A successful exploit could allow the attacker to execute arbitrary code on an affected device. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2023-20135 |
CVE-2023-34046 | VMware Fusion(13.x prior to 13.5) contains a TOCTOU (Time-of-check Time-of-use) \nvulnerability that occurs during installation for the first time (the \nuser needs to drag or copy the application to a folder from the '.dmg' \nvolume) or when installing an upgrade. A malicious actor with local non-administrative user privileges may \nexploit this vulnerability to escalate privileges to root on the system \nwhere Fusion is installed or being installed for the first time. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2023-34046 |
CVE-2023-38041 | A logged in user may elevate its permissions by abusing a Time-of-Check to Time-of-Use (TOCTOU) race condition. When a particular process flow is initiated, an attacker can exploit this condition to gain unauthorized elevated privileges on the affected system. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2023-38041 |
CVE-2023-40131 | In GpuService of GpuService.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2023-40131 |
CVE-2023-21400 | In multiple functions of io_uring.c, there is a possible kernel memory corruption due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.\n\n | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-21400 |
CVE-2023-30562 | A GRE dataset file within Systems Manager can be tampered with and distributed to PCUs. \n\n\n\n | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-30562 |
CVE-2023-4273 | A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long file name. Since the file name characters are copied into a stack variable, a local privileged attacker could use this flaw to overflow the kernel stack. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-4273 |
CVE-2023-43776 | Eaton easyE4 PLC offers a device password protection functionality to facilitate a secure connection and prevent unauthorized access. It was observed that the device password was stored with a weak encoding algorithm in the easyE4 program file when exported to SD card (*.PRG file ending). | 6.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-43776 |
CVE-2019-1003012 | A data modification vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-core-js/src/js/bundleStartup.js, blueocean-core-js/src/js/fetch.ts, blueocean-core-js/src/js/i18n/i18n.js, blueocean-core-js/src/js/urlconfig.js, blueocean-rest/src/main/java/io/jenkins/blueocean/rest/APICrumbExclusion.java, blueocean-web/src/main/java/io/jenkins/blueocean/BlueOceanUI.java, blueocean-web/src/main/resources/io/jenkins/blueocean/BlueOceanUI/index.jelly that allows attackers to bypass all cross-site request forgery protection in Blue Ocean API. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003012 |
CVE-2019-1003022 | A denial of service vulnerability exists in Jenkins Monitoring Plugin 1.74.0 and earlier in PluginImpl.java that allows attackers to kill threads running on the Jenkins master. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003022 |
CVE-2019-1003037 | An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMCloud.java that allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003037 |
CVE-2019-1003045 | A vulnerability in Jenkins ECS Publisher Plugin 1.0.0 and earlier allows attackers with Item/Extended Read permission, or local file system access to the Jenkins home directory to obtain the API token configured in this plugin's configuration. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003045 |
CVE-2019-1003046 | A cross-site request forgery vulnerability in Jenkins Fortify on Demand Uploader Plugin 3.0.10 and earlier allows attackers to initiate a connection to an attacker-specified server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003046 |
CVE-2019-1003047 | A missing permission check in Jenkins Fortify on Demand Uploader Plugin 3.0.10 and earlier allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003047 |
CVE-2019-1003058 | A cross-site request forgery vulnerability in Jenkins FTP publisher Plugin in the FTPPublisher.DescriptorImpl#doLoginCheck method allows attackers to initiate a connection to an attacker-specified server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003058 |
CVE-2019-1003059 | A missing permission check in Jenkins FTP publisher Plugin in the FTPPublisher.DescriptorImpl#doLoginCheck method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003059 |
CVE-2019-1003076 | A cross-site request forgery vulnerability in Jenkins Audit to Database Plugin in the DbAuditPublisherDescriptorImpl#doTestJdbcConnection form validation method allows attackers to initiate a connection to an attacker-specified server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003076 |
CVE-2019-1003077 | A missing permission check in Jenkins Audit to Database Plugin in the DbAuditPublisherDescriptorImpl#doTestJdbcConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003077 |
CVE-2019-1003078 | A cross-site request forgery vulnerability in Jenkins VMware Lab Manager Slaves Plugin in the LabManager.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003078 |
CVE-2019-1003079 | A missing permission check in Jenkins VMware Lab Manager Slaves Plugin in the LabManager.DescriptorImpl#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003079 |
CVE-2019-1003080 | A cross-site request forgery vulnerability in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptor#doCheckLogin form validation method allows attackers to initiate a connection to an attacker-specified server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003080 |
CVE-2019-1003081 | A missing permission check in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptor#doCheckLogin form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003081 |
CVE-2019-1003082 | A cross-site request forgery vulnerability in Jenkins Gearman Plugin in the GearmanPluginConfig#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003082 |
CVE-2019-1003083 | A missing permission check in Jenkins Gearman Plugin in the GearmanPluginConfig#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003083 |
CVE-2019-1003084 | A cross-site request forgery vulnerability in Jenkins Zephyr Enterprise Test Management Plugin in the ZeeDescriptor#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003084 |
CVE-2019-1003085 | A missing permission check in Jenkins Zephyr Enterprise Test Management Plugin in the ZeeDescriptor#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003085 |
CVE-2019-1003086 | A cross-site request forgery vulnerability in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003086 |
CVE-2019-1003087 | A missing permission check in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpl#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003087 |
CVE-2019-1003088 | Jenkins Fabric Beta Publisher Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003088 |
CVE-2019-1003089 | Jenkins Upload to pgyer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003089 |
CVE-2019-1003090 | A cross-site request forgery vulnerability in Jenkins SOASTA CloudTest Plugin in the CloudTestServer.DescriptorImpl#doValidate form validation method allows attackers to initiate a connection to an attacker-specified server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003090 |
CVE-2019-1003091 | A missing permission check in Jenkins SOASTA CloudTest Plugin in the CloudTestServer.DescriptorImpl#doValidate form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003091 |
CVE-2019-1003092 | A cross-site request forgery vulnerability in Jenkins Nomad Plugin in the NomadCloud.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003092 |
CVE-2019-1003093 | A missing permission check in Jenkins Nomad Plugin in the NomadCloud.DescriptorImpl#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003093 |
CVE-2019-1003094 | Jenkins Open STF Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003094 |
CVE-2019-1003095 | Jenkins Perfecto Mobile Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003095 |
CVE-2019-1003096 | Jenkins TestFairy Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003096 |
CVE-2019-1003097 | Jenkins Crowd Integration Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003097 |
CVE-2019-1003098 | A cross-site request forgery vulnerability in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpl#doValidate form validation method allows attackers to initiate a connection to an attacker-specified server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003098 |
CVE-2019-1003099 | A missing permission check in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpl#doValidate form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003099 |
CVE-2019-10278 | A cross-site request forgery vulnerability in Jenkins jenkins-reviewbot Plugin in the ReviewboardDescriptor#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10278 |
CVE-2019-10279 | A missing permission check in Jenkins jenkins-reviewbot Plugin in the ReviewboardDescriptor#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10279 |
CVE-2019-10289 | A cross-site request forgery vulnerability in Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older in the NCScanBuilder.DescriptorImpl#doValidateAPI form validation method allowed attackers to initiate a connection to an attacker-specified server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10289 |
CVE-2019-10290 | A missing permission check in Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older in the NCScanBuilder.DescriptorImpl#doValidateAPI form validation method allowed attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10290 |
CVE-2019-10292 | A cross-site request forgery vulnerability in Jenkins Kmap Plugin in KmapJenkinsBuilder.DescriptorImpl form validation methods allows attackers to initiate a connection to an attacker-specified server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10292 |
CVE-2019-10293 | A missing permission check in Jenkins Kmap Plugin in KmapJenkinsBuilder.DescriptorImpl form validation methods allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10293 |
CVE-2019-10304 | A cross-site request forgery vulnerability in Jenkins XebiaLabs XL Deploy Plugin in the Credential#doValidateUserNamePassword form validation method allows attackers to initiate a connection to an attacker-specified server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10304 |
CVE-2019-10305 | A missing permission check in Jenkins XebiaLabs XL Deploy Plugin in the Credential#doValidateUserNamePassword form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10305 |
CVE-2019-10307 | A cross-site request forgery vulnerability in Jenkins Static Analysis Utilities Plugin 1.95 and earlier in the DefaultGraphConfigurationView#doSave form handler method allowed attackers to change the per-job default graph configuration for all users. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10307 |
CVE-2019-10308 | A missing permission check in Jenkins Static Analysis Utilities Plugin 1.95 and earlier in the DefaultGraphConfigurationView#doSave form handler method allowed attackers with Overall/Read permission to change the per-job default graph configuration for all users. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10308 |
CVE-2019-10324 | A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and earlier in ReleaseAction#doSubmit, GradleReleaseApiAction#doStaging, MavenReleaseApiAction#doStaging, and UnifiedPromoteBuildAction#doSubmit allowed attackers to schedule a release build, perform release staging for Gradle and Maven projects, and promote previously staged builds, respectively. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10324 |
CVE-2019-10334 | Jenkins ElectricFlow Plugin 1.1.5 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM when MultipartUtility.java is used to upload files. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10334 |
CVE-2019-10341 | A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10341 |
CVE-2019-10352 | A path traversal vulnerability in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java allowed attackers with Job/Configure permission to define a file parameter with a file name outside the intended directory, resulting in an arbitrary file write on the Jenkins master when scheduling a build. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10352 |
CVE-2019-10358 | Jenkins Maven Integration Plugin 3.3 and earlier did not apply build log decorators to module builds, potentially revealing sensitive build variables in the build log. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10358 |
CVE-2019-10366 | Jenkins Skytap Cloud CI Plugin 2.06 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10366 |
CVE-2019-10369 | A missing permission check in Jenkins JClouds Plugin 2.14 and earlier in BlobStoreProfile.DescriptorImpl#doTestConnection and JCloudsCloud.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10369 |
CVE-2019-10370 | Jenkins Mask Passwords Plugin 2.12.0 and earlier transmits globally configured passwords in plain text as part of the configuration form, potentially resulting in their exposure. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10370 |
CVE-2019-10375 | An arbitrary file read vulnerability in Jenkins File System SCM Plugin 2.1 and earlier allows attackers able to configure jobs in Jenkins to obtain the contents of any file on the Jenkins master. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10375 |
CVE-2019-10379 | Jenkins Google Cloud Messaging Notification Plugin 1.0 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10379 |
CVE-2019-10382 | Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier disables SSL/TLS and hostname verification globally for the Jenkins master JVM. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10382 |
CVE-2019-10385 | Jenkins eggPlant Plugin 2.2 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10385 |
CVE-2019-10387 | A missing permission check in Jenkins XL TestView Plugin 1.2.0 and earlier in XLTestView.XLTestDescriptor#doTestConnection allows users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10387 |
CVE-2019-10391 | Jenkins IBM Application Security on Cloud Plugin 1.2.4 and earlier transmitted configured passwords in plain text as part of job configuration forms, potentially resulting in their exposure. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10391 |
CVE-2019-10407 | Jenkins Project Inheritance Plugin 2.0.0 and earlier displayed a list of environment variables passed to a build without masking sensitive variables contributed by the Mask Passwords Plugin. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10407 |
CVE-2019-10413 | Jenkins Data Theorem: CI/CD Plugin 1.3 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10413 |
CVE-2019-10414 | Jenkins Git Changelog Plugin 2.17 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10414 |
CVE-2019-10415 | Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10415 |
CVE-2019-10416 | Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10416 |
CVE-2019-10422 | Jenkins Call Remote Job Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10422 |
CVE-2019-10425 | Jenkins Google Calendar Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10425 |
CVE-2019-10436 | An arbitrary file read vulnerability in Jenkins Google OAuth Credentials Plugin 0.9 and earlier allowed attackers able to configure jobs and credentials in Jenkins to obtain the contents of any file on the Jenkins master. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10436 |
CVE-2019-10438 | A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10438 |
CVE-2019-10444 | Jenkins Bumblebee HP ALM Plugin 4.1.3 and earlier unconditionally disabled SSL/TLS and hostname verification for connections to HP ALM. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10444 |
CVE-2019-10459 | Jenkins Mattermost Notification Plugin 2.7.0 and earlier stored webhook URLs containing a secret token unencrypted in its global configuration file and job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10459 |
CVE-2019-10463 | A missing permission check in Jenkins Dynatrace Application Monitoring Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10463 |
CVE-2019-10467 | Jenkins Sonar Gerrit Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10467 |
CVE-2019-10469 | A missing permission check in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10469 |
CVE-2019-10470 | A missing permission check in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10470 |
CVE-2019-10472 | A missing permission check in Jenkins Libvirt Slaves Plugin allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10472 |
CVE-2019-16539 | A missing permission check in Jenkins Support Core Plugin 2.63 and earlier allows attackers with Overall/Read permission to delete support bundles. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-16539 |
CVE-2019-16540 | A path traversal vulnerability in Jenkins Support Core Plugin 2.63 and earlier allows attackers with Overall/Read permission to delete arbitrary files on the Jenkins master. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-16540 |
CVE-2019-16542 | Jenkins Anchore Container Image Scanner Plugin 1.0.19 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-16542 |
CVE-2019-16545 | Jenkins QMetry for JIRA - Test Management Plugin transmits credentials in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-16545 |
CVE-2019-16555 | A user-supplied regular expression in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier was processed in a way that wasn't interruptible, allowing attackers to have Jenkins evaluate a regular expression without the ability to interrupt this process. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-16555 |
CVE-2019-16556 | Jenkins Rundeck Plugin 3.6.5 and earlier stores credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-16556 |
CVE-2019-16557 | Jenkins Redgate SQL Change Automation Plugin 2.0.3 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-16557 |
CVE-2019-16566 | A missing permission check in Jenkins Team Concert Plugin 1.3.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-16566 |
CVE-2019-16574 | A missing permission check in Jenkins Alauda DevOps Pipeline Plugin 2.3.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-16574 |
CVE-2019-16576 | A missing permission check in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing the Kubernetes service account token or credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-16576 |
CVE-2020-2129 | Jenkins Eagle Tester Plugin 1.0.9 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2129 |
CVE-2020-2130 | Jenkins Harvest SCM Plugin 0.5.1 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2130 |
CVE-2020-2131 | Jenkins Harvest SCM Plugin 0.5.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2131 |
CVE-2020-2132 | Jenkins Parasoft Environment Manager Plugin 2.14 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2132 |
CVE-2020-2133 | Jenkins Applatix Plugin 1.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2133 |
CVE-2020-2139 | An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 and earlier allows attackers able to control the coverage report file contents to overwrite any file on the Jenkins master file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2139 |
CVE-2020-2164 | Jenkins Artifactory Plugin 3.5.0 and earlier stores its Artifactory server password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2164 |
CVE-2020-2172 | Jenkins Code Coverage API Plugin 1.1.4 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2172 |
CVE-2020-2181 | Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets in the build log when the build contains no build steps. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2181 |
CVE-2020-2183 | Jenkins Copy Artifact Plugin 1.43.1 and earlier performs improper permission checks, allowing attackers to copy artifacts from jobs they have no permission to access. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2183 |
CVE-2020-2192 | A cross-site request forgery vulnerability in Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier allows attackers to add or remove agent labels. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2192 |
CVE-2020-2198 | Jenkins Project Inheritance Plugin 19.08.02 and earlier does not redact encrypted secrets in the 'getConfigAsXML' API URL when transmitting job config.xml data to users without Job/Configure. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2198 |
CVE-2020-2233 | A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2233 |
CVE-2020-2234 | A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2234 |
CVE-2020-2235 | A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows attackers to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2235 |
CVE-2020-2242 | A missing permission check in Jenkins database Plugin 1.6 and earlier allows attackers with Overall/Read access to Jenkins to connect to an attacker-specified database server using attacker-specified credentials. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2242 |
CVE-2020-2247 | Jenkins Klocwork Analysis Plugin 2020.2.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2247 |
CVE-2020-2250 | Jenkins SoapUI Pro Functional Testing Plugin 1.3 and earlier stores project passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2250 |
CVE-2020-2254 | Jenkins Blue Ocean Plugin 1.23.2 and earlier provides an undocumented feature flag that, when enabled, allows an attacker with Job/Configure or Job/Create permission to read arbitrary files on the Jenkins controller file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2254 |
CVE-2020-2275 | Jenkins Copy data to workspace Plugin 1.0 and earlier does not limit which directories can be copied from the Jenkins controller to job workspaces, allowing attackers with Job/Configure permission to read arbitrary files on the Jenkins controller. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2275 |
CVE-2020-2277 | Jenkins Storable Configs Plugin 1.0 and earlier allows users with Job/Read permission to read arbitrary files on the Jenkins controller. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2277 |
CVE-2020-2278 | Jenkins Storable Configs Plugin 1.0 and earlier does not restrict the user-specified file name, allowing attackers with Job/Configure permission to replace any other '.xml' file on the Jenkins controller with a job config.xml file's content. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2278 |
CVE-2020-2293 | Jenkins Persona Plugin 2.4 and earlier allows users with Overall/Read permission to read arbitrary files on the Jenkins controller. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2293 |
CVE-2020-2294 | Jenkins Maven Cascade Release Plugin 1.3.2 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to start cascade builds and layout builds, and reconfigure the plugin. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2294 |
CVE-2020-2295 | A cross-site request forgery (CSRF) vulnerability in Jenkins Maven Cascade Release Plugin 1.3.2 and earlier allows attackers to start cascade builds and layout builds, and reconfigure the plugin. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2295 |
CVE-2020-2298 | Jenkins Nerrvana Plugin 1.02.06 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2298 |
CVE-2020-2304 | Jenkins Subversion Plugin 2.13.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2304 |
CVE-2020-2305 | Jenkins Mercurial Plugin 2.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2305 |
CVE-2020-2312 | Jenkins SQLPlus Script Runner Plugin 2.0.12 and earlier does not mask a password provided as command line argument in build logs. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2312 |
CVE-2020-2315 | Jenkins Visualworks Store Plugin 1.1.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2315 |
CVE-2020-2318 | Jenkins Mail Commander Plugin for Jenkins-ci Plugin 1.0.0 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2318 |
CVE-2020-2319 | Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier stores a password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2319 |
CVE-2021-21602 | Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows reading arbitrary files using the file browser for workspaces and archived artifacts by following symlinks. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-21602 |
CVE-2021-21607 | Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not limit sizes provided as query parameters to graph-rendering URLs, allowing attackers to request crafted URLs that use all available memory in Jenkins, potentially leading to out of memory errors. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-21607 |
CVE-2021-21623 | An incorrect permission check in Jenkins Matrix Authorization Strategy Plugin 2.6.5 and earlier allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read permission for parent folders. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-21623 |
CVE-2021-21632 | A missing permission check in Jenkins OWASP Dependency-Track Plugin 3.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-21632 |
CVE-2021-21634 | Jenkins Jabber (XMPP) notifier and control Plugin 1.41 and earlier stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-21634 |
CVE-2021-21637 | A missing permission check in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-21637 |
CVE-2021-21643 | Jenkins Config File Provider Plugin 3.7.0 and earlier does not correctly perform permission checks in several HTTP endpoints, allowing attackers with global Job/Configure permission to enumerate system-scoped credentials IDs of credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-21643 |
CVE-2021-21664 | An incorrect permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Generic Create permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-21664 |
CVE-2021-21675 | A cross-site request forgery (CSRF) vulnerability in Jenkins requests-plugin Plugin 2.2.12 and earlier allows attackers to create requests and/or have administrators apply pending requests. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-21675 |
CVE-2021-21683 | The file browser in Jenkins 2.314 and earlier, LTS 2.303.1 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Overall/Read permission (Windows controller) or Job/Workspace permission (Windows agents) to obtain the contents of arbitrary files. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-21683 |
CVE-2021-21701 | Jenkins Performance Plugin 3.20 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-21701 |
CVE-2021-43576 | Jenkins pom2config Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing attackers with Overall/Read and Item/Read permissions to have Jenkins parse a crafted XML file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-43576 |
CVE-2022-23105 | Jenkins Active Directory Plugin 2.25 and earlier does not encrypt the transmission of data between the Jenkins controller and Active Directory servers in most configurations. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-23105 |
CVE-2022-23109 | Jenkins HashiCorp Vault Plugin 3.7.0 and earlier does not mask Vault credentials in Pipeline build logs or in Pipeline step descriptions when Pipeline: Groovy Plugin 2.85 or later is installed. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-23109 |
CVE-2022-23112 | A missing permission check in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers with Overall/Read access to connect to an attacker-specified SSH server using attacker-specified credentials. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-23112 |
CVE-2022-25176 | Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier follows symbolic links to locations outside of the checkout directory for the configured SCM when reading the script file (typically Jenkinsfile) for Pipelines, allowing attackers able to configure Pipelines to read arbitrary files on the Jenkins controller file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-25176 |
CVE-2022-25177 | Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier follows symbolic links to locations outside of the expected Pipeline library when reading files using the libraryResource step, allowing attackers able to configure Pipelines to read arbitrary files on the Jenkins controller file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-25177 |
CVE-2022-25178 | Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier does not restrict the names of resources passed to the libraryResource step, allowing attackers able to configure Pipelines permission to read arbitrary files on the Jenkins controller file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-25178 |
CVE-2022-25179 | Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier follows symbolic links to locations outside of the checkout directory for the configured SCM when reading files using the readTrusted step, allowing attackers able to configure Pipelines permission to read arbitrary files on the Jenkins controller file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-25179 |
CVE-2022-25184 | Jenkins Pipeline: Build Step Plugin 2.15 and earlier reveals password parameter default values when generating a pipeline script using the Pipeline Snippet Generator, allowing attackers with Item/Read permission to retrieve the default password parameter value from jobs. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-25184 |
CVE-2022-25186 | Jenkins HashiCorp Vault Plugin 3.8.0 and earlier implements functionality that allows agent processes to retrieve any Vault secrets for use on the agent, allowing attackers able to control agent processes to obtain Vault secrets for an attacker-specified path and key. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-25186 |
CVE-2022-25187 | Jenkins Support Core Plugin 2.79 and earlier does not redact some sensitive information in the support bundle. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-25187 |
CVE-2022-25193 | Missing permission checks in Jenkins Snow Commander Plugin 1.10 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-25193 |
CVE-2022-25197 | Jenkins HashiCorp Vault Plugin 336.v182c0fbaaeb7 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-25197 |
CVE-2022-25201 | Missing permission checks in Jenkins Checkmarx Plugin 2022.1.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-25201 |
CVE-2022-25210 | Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier uses static fields to store job configuration information, allowing attackers with Item/Configure permission to capture passwords of the jobs that will be configured. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-25210 |
CVE-2022-27201 | Jenkins Semantic Versioning Plugin 1.13 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-27201 |
CVE-2022-27203 | Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers with Item/Configure permission to read values from arbitrary JSON and Java properties files on the Jenkins controller. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-27203 |
CVE-2022-27206 | Jenkins GitLab Authentication Plugin 1.13 and earlier stores the GitLab client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-27206 |
CVE-2022-27208 | Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows users with Credentials/Create permission to read arbitrary files on the Jenkins controller. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-27208 |
CVE-2022-27209 | A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-27209 |
CVE-2022-27210 | A cross-site request forgery (CSRF) vulnerability in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-27210 |
CVE-2022-27211 | A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-27211 |
CVE-2022-27216 | Jenkins dbCharts Plugin 0.5.2 and earlier stores JDBC connection passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-27216 |
CVE-2022-27217 | Jenkins Vmware vRealize CodeStream Plugin 1.2 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-27217 |
CVE-2022-28135 | Jenkins instant-messaging Plugin 1.41 and earlier stores passwords for group chats unencrypted in the global configuration file of plugins based on Jenkins instant-messaging Plugin on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-28135 |
CVE-2022-28141 | Jenkins Proxmox Plugin 0.5.0 and earlier stores the Proxmox Datacenter password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-28141 |
CVE-2022-28143 | A cross-site request forgery (CSRF) vulnerability in Jenkins Proxmox Plugin 0.7.0 and earlier allows attackers to connect to an attacker-specified host using attacker-specified username and password (perform a connection test), disable SSL/TLS validation for the entire Jenkins controller JVM as part of the connection test (see CVE-2022-28142), and test a rollback with attacker-specified parameters. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-28143 |
CVE-2022-28144 | Jenkins Proxmox Plugin 0.7.0 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified host using attacker-specified username and password (perform a connection test), disable SSL/TLS validation for the entire Jenkins controller JVM as part of the connection test (see CVE-2022-28142), and test a rollback with attacker-specified parameters. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-28144 |
CVE-2022-28146 | Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier allows attackers with Item/Configure permission to read arbitrary files on the Jenkins controller by specifying an input folder on the Jenkins controller as a parameter to its build steps. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-28146 |
CVE-2022-28148 | The file browser in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Item/Read permission to obtain the contents of arbitrary files on Windows controllers. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-28148 |
CVE-2022-28156 | Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Item/Configure permission to copy arbitrary files and directories from the Jenkins controller to the agent workspace. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-28156 |
CVE-2022-28157 | Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Item/Configure permission to upload arbitrary files from the Jenkins controller via FTP to an attacker-specified FTP server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-28157 |
CVE-2022-28158 | A missing permission check in Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-28158 |
CVE-2022-28160 | Jenkins Tests Selector Plugin 1.3.3 and earlier allows users with Item/Configure permission to read arbitrary files on the Jenkins controller. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-28160 |
CVE-2022-30952 | Jenkins Pipeline SCM API for Blue Ocean Plugin 1.25.3 and earlier allows attackers with Job/Configure permission to access credentials with attacker-specified IDs stored in the private per-user credentials stores of any attacker-specified user in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30952 |
CVE-2022-30953 | A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30953 |
CVE-2022-30954 | Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30954 |
CVE-2022-30955 | Jenkins GitLab Plugin 1.5.31 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30955 |
CVE-2022-30959 | A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30959 |
CVE-2022-34199 | Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34199 |
CVE-2022-34201 | A missing permission check in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34201 |
CVE-2022-34202 | Jenkins EasyQA Plugin 1.0 and earlier stores user passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34202 |
CVE-2022-34205 | A cross-site request forgery (CSRF) vulnerability in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers to send HTTP POST requests to an attacker-specified URL. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34205 |
CVE-2022-34207 | A cross-site request forgery (CSRF) vulnerability in Jenkins Beaker builder Plugin 1.10 and earlier allows attackers to connect to an attacker-specified URL. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34207 |
CVE-2022-34209 | A cross-site request forgery (CSRF) vulnerability in Jenkins ThreadFix Plugin 1.5.4 and earlier allows attackers to connect to an attacker-specified URL. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34209 |
CVE-2022-34210 | A missing permission check in Jenkins ThreadFix Plugin 1.5.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34210 |
CVE-2022-34211 | A cross-site request forgery (CSRF) vulnerability in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers to send an HTTP POST request to an attacker-specified URL. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34211 |
CVE-2022-34213 | Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34213 |
CVE-2022-34779 | A missing permission check in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34779 |
CVE-2022-34780 | A cross-site request forgery (CSRF) vulnerability in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34780 |
CVE-2022-34781 | Missing permission checks in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34781 |
CVE-2022-34789 | A cross-site request forgery (CSRF) vulnerability in Jenkins Matrix Reloaded Plugin 1.1.3 and earlier allows attackers to rebuild previous matrix builds. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34789 |
CVE-2022-34794 | Missing permission checks in Jenkins Recipe Plugin 1.2 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34794 |
CVE-2022-34805 | Jenkins Skype notifier Plugin 1.1.0 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34805 |
CVE-2022-34806 | Jenkins Jigomerge Plugin 0.9 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34806 |
CVE-2022-34807 | Jenkins Elasticsearch Query Plugin 1.2 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34807 |
CVE-2022-34809 | Jenkins RQM Plugin 2.8 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34809 |
CVE-2022-34810 | A missing check in Jenkins RQM Plugin 2.8 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34810 |
CVE-2022-34816 | Jenkins HPE Network Virtualization Plugin 1.0 stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34816 |
CVE-2022-36888 | A missing permission check in Jenkins HashiCorp Vault Plugin 354.vdb_858fd6b_f48 and earlier allows attackers with Overall/Read permission to obtain credentials stored in Vault with attacker-specified path and keys. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-36888 |
CVE-2022-36894 | An arbitrary file write vulnerability in Jenkins CLIF Performance Testing Plugin 64.vc0d66de1dfb_f and earlier allows attackers with Overall/Read permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specified content. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-36894 |
CVE-2022-36896 | A missing permission check in Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-36896 |
CVE-2022-36901 | Jenkins HTTP Request Plugin 1.15 and earlier stores HTTP Request passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-36901 |
CVE-2022-36906 | A cross-site request forgery (CSRF) vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-36906 |
CVE-2022-36907 | A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-36907 |
CVE-2022-36908 | A cross-site request forgery (CSRF) vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenkins controller file system to an attacker-specified URL. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-36908 |
CVE-2022-36909 | A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenkins controller file system to an attacker-specified URL. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-36909 |
CVE-2022-36911 | A cross-site request forgery (CSRF) vulnerability in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers to connect to an attacker-specified URL. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-36911 |
CVE-2022-38663 | Jenkins Git Plugin 4.11.4 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log provided by the Git Username and Password (`gitUsernamePassword`) credentials binding. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-38663 |
CVE-2022-38665 | Jenkins CollabNet Plugins Plugin 2.0.8 and earlier stores a RabbitMQ password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-38665 |
CVE-2022-41246 | A missing permission check in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-41246 |
CVE-2022-41250 | A missing permission check in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-41250 |
CVE-2022-41254 | Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-41254 |
CVE-2022-41255 | Jenkins CONS3RT Plugin 1.0.0 and earlier stores Cons3rt API token unencrypted in job config.xml files on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-41255 |
CVE-2022-43408 | Jenkins Pipeline: Stage View Plugin 2.26 and earlier does not correctly encode the ID of 'input' steps when using it to generate URLs to proceed or abort Pipeline builds, allowing attackers able to configure Pipelines to specify 'input' step IDs resulting in URLs that would bypass the CSRF protection of any target URL in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-43408 |
CVE-2022-43419 | Jenkins Katalon Plugin 1.0.32 and earlier stores API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-43419 |
CVE-2022-45383 | An incorrect permission check in Jenkins Support Core Plugin 1206.v14049fa_b_d860 and earlier allows attackers with Support/DownloadBundle permission to download a previously created support bundle containing information limited to users with Overall/Administer permission. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-45383 |
CVE-2022-45384 | Jenkins Reverse Proxy Auth Plugin 1.7.3 and earlier stores the LDAP manager password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-45384 |
CVE-2022-45392 | Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-45392 |
CVE-2023-24433 | Missing permission checks in Jenkins Orka by MacStadium Plugin 1.31 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24433 |
CVE-2023-24435 | A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24435 |
CVE-2023-0697 | Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 110.0.5481.77 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: High) | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0697 |
CVE-2023-0700 | Inappropriate implementation in Download in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0700 |
CVE-2023-0704 | Insufficient policy enforcement in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to bypass same origin policy and proxy settings via a crafted HTML page. (Chromium security severity: Low) | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0704 |
CVE-2023-0003 | A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR server software enables an authenticated user with access to the web interface to read local files from the server.\n | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0003 |
CVE-2023-25768 | A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-25768 |
CVE-2023-0004 | A local file deletion vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to delete files from the local file system with elevated privileges.\n\nThese files can include logs and system components that impact the integrity and availability of PAN-OS software. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0004 |
CVE-2023-2307 | Cross-Site Request Forgery (CSRF) in GitHub repository builderio/qwik prior to 0.104.0.\n\n | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2307 |
CVE-2023-29024 | \nA cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product \n\nA cross site scripting vulnerability was discovered that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability.\n\n\n\n | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-29024 |
CVE-2023-31147 | c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom() are unavailable, c-ares uses rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand() so will generate predictable output. Input from the random number generator is fed into a non-compilant RC4 implementation and may not be as strong as the original RC4 implementation. No attempt is made to look for modern OS-provided CSPRNGs like arc4random() that is widely available. This issue has been fixed in version 1.19.1. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-31147 |
CVE-2023-2650 | Issue summary: Processing some specially crafted ASN.1 object identifiers or\ndata containing them may be very slow.\n\nImpact summary: Applications that use OBJ_obj2txt() directly, or use any of\nthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message\nsize limit may experience notable to very long delays when processing those\nmessages, which may lead to a Denial of Service.\n\nAn OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -\nmost of which have no size limit. OBJ_obj2txt() may be used to translate\nan ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL\ntype ASN1_OBJECT) to its canonical numeric text form, which are the\nsub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by\nperiods.\n\nWhen one of the sub-identifiers in the OBJECT IDENTIFIER is very large\n(these are sizes that are seen as absurdly large, taking up tens or hundreds\nof KiBs), the translation to a decimal number in text may take a very long\ntime. The time complexity is O(n^2) with 'n' being the size of the\nsub-identifiers in bytes (*).\n\nWith OpenSSL 3.0, support to fetch cryptographic algorithms using names /\nidentifiers in string form was introduced. This includes using OBJECT\nIDENTIFIERs in canonical numeric text form as identifiers for fetching\nalgorithms.\n\nSuch OBJECT IDENTIFIERs may be received through the ASN.1 structure\nAlgorithmIdentifier, which is commonly used in multiple protocols to specify\nwhat cryptographic algorithm should be used to sign or verify, encrypt or\ndecrypt, or digest passed data.\n\nApplications that call OBJ_obj2txt() directly with untrusted data are\naffected, with any version of OpenSSL. If the use is for the mere purpose\nof display, the severity is considered low.\n\nIn OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,\nCMS, CMP/CRMF or TS. It also impacts anything that processes X.509\ncertificates, including simple things like verifying its signature.\n\nThe impact on TLS is relatively low, because all versions of OpenSSL have a\n100KiB limit on the peer's certificate chain. Additionally, this only\nimpacts clients, or servers that have explicitly enabled client\nauthentication.\n\nIn OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,\nsuch as X.509 certificates. This is assumed to not happen in such a way\nthat it would cause a Denial of Service, so these versions are considered\nnot affected by this issue in such a way that it would be cause for concern,\nand the severity is therefore considered low. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2650 |
CVE-2023-3338 | A null pointer dereference flaw was found in the Linux kernel's DECnet networking protocol. This issue could allow a remote user to crash the system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-3338 |
CVE-2023-4527 | A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-4527 |
CVE-2023-44249 | An authorization bypass through user-controlled key [CWE-639] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 allows a remote attacker with low privileges to read sensitive information via crafted HTTP requests. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-44249 |
CVE-2023-43777 | Eaton easySoft software is used to program easy controllers and displays for configuring, programming and defining parameters for all the intelligent relays. This software has a password protection functionality to secure the project file from unauthorized access. This password was being stored insecurely and could be retrieved by skilled adversaries. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43777 |
CVE-2023-22059 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-22059 |
CVE-2023-22079 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-22079 |
CVE-2023-22095 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). The supported version that is affected is 8.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-22095 |
CVE-2023-35083 | Allows an authenticated attacker with network access to read arbitrary files on Endpoint Manager recently discovered on 2022 SU3 and all previous versions potentially leading to the leakage of sensitive information. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-35083 |
CVE-2023-20261 | A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to retrieve arbitrary files from an affected system.\r\n\r This vulnerability is due to improper validation of parameters that are sent to the web UI. An attacker could exploit this vulnerability by logging in to Cisco Catalyst SD-WAN Manager and issuing crafted requests using the web UI. A successful exploit could allow the attacker to obtain arbitrary files from the underlying Linux file system of an affected system. To exploit this vulnerability, the attacker must be an authenticated user. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-20261 |
CVE-2023-36857 | \n\n\nBaker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05\n\n contains a replay vulnerability which could allow an attacker to \n\n\n\nreplay older captured packets of traffic to the device to gain access.\n\n\n\n | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-36857 |
CVE-2023-37504 | HCL Compass is vulnerable to failure to invalidate sessions. The application does not invalidate authenticated sessions when the log out functionality is called. If the session identifier can be discovered, it could be replayed to the application and used to impersonate the user.\n | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-37504 |
CVE-2023-5336 | The iPanorama 360 – WordPress Virtual Tour Builder plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 1.8.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5336 |
CVE-2023-25753 | \nThere exists an SSRF (Server-Side Request Forgery) vulnerability located at the /sandbox/proxyGateway endpoint. This vulnerability allows us to manipulate arbitrary requests and retrieve corresponding responses by inputting any URL into the requestUrl parameter.\n\nOf particular concern is our ability to exert control over the HTTP method, cookies, IP address, and headers. This effectively grants us the capability to dispatch complete HTTP requests to hosts of our choosing.\n\nThis issue affects Apache ShenYu: 2.5.1.\n\nUpgrade to Apache ShenYu 2.6.0 or apply patch https://github.com/apache/shenyu/pull/4776 .\n\n | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-25753 |
CVE-2023-31046 | A Path Traversal vulnerability exists in PaperCut NG before 22.1.1 and PaperCut MF before 22.1.1. Under specific conditions, this could potentially allow an authenticated attacker to achieve read-only access to the server's filesystem, because requests beginning with "GET /ui/static/..//.." reach getStaticContent in UIContentResource.class in the static-content-files servlet. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-31046 |
CVE-2023-5654 | The React Developer Tools extension registers a message listener with window.addEventListener('message', <listener>) in a content script that is accessible to any webpage that is active in the browser. Within the listener is code that requests a URL derived from the received message via fetch(). The URL is not validated or sanitised before it is fetched, thus allowing a malicious web page to arbitrarily fetch URL’s via the victim's browser. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5654 |
CVE-2023-41088 | \n\n\n\n\n\n\n\n\n\n\nThe affected product is vulnerable to a cleartext transmission of sensitive information vulnerability, which may allow an attacker with access to the network, where clients have access to the DexGate server, could capture traffic. The attacker can later us the information within it to access the application.\n\n\n\n\n\n\n\n\n\n\n\n | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-41088 |
CVE-2023-45820 | Directus is a real-time API and App dashboard for managing SQL database content. In affected versions any Directus installation that has websockets enabled can be crashed if the websocket server receives an invalid frame. A malicious user could leverage this bug to crash Directus. This issue has been addressed in version 10.6.2. Users are advised to upgrade. Users unable to upgrade should avoid using websockets. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-45820 |
CVE-2023-45826 | Leantime is an open source project management system. A 'userId' variable in `app/domain/files/repositories/class.files.php` is not parameterized. An authenticated attacker can send a carefully crafted POST request to `/api/jsonrpc` to exploit an SQL injection vulnerability. Confidentiality is impacted as it allows for dumping information from the database. This issue has been addressed in version 2.4-beta-4. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-45826 |
CVE-2023-4274 | The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 0.9.89. This allows authenticated attackers with administrative privileges to delete the contents of arbitrary directories on the server, which can be a critical issue in a shared environments. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-4274 |
CVE-2023-4598 | The Slimstat Analytics plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 5.0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-4598 |
CVE-2023-5070 | The Social Media Share Buttons & Social Sharing Icons plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.8.5 via the sfsi_save_export function. This can allow subscribers to export plugin settings that include social media authentication tokens and secrets as well as app passwords. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5070 |
CVE-2023-44256 | A server-side request forgery vulnerability [CWE-918] in Fortinet FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 and FortiManager version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 allows a remote attacker with low privileges to view sensitive data from internal servers or perform a local port scan via a crafted HTTP request. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-44256 |
CVE-2023-44483 | All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.\n | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-44483 |
CVE-2023-38735 | IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a victim to a phishing site. IBM X-Force ID: 262482. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-38735 |
CVE-2021-46897 | views.py in Wagtail CRX CodeRed Extensions (formerly CodeRed CMS or coderedcms) before 0.22.3 allows upward protected/..%2f..%2f path traversal when serving protected media. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-46897 |
CVE-2023-28803 | An authentication bypass by spoofing of a device with a synthetic IP address is possible in Zscaler Client Connector on Windows, allowing a functionality bypass. This issue affects Client Connector: before 3.9.\n\n | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28803 |
CVE-2023-43067 | \nDell Unity prior to 5.3 contains an XML External Entity injection vulnerability. An XXE attack could potentially exploit this vulnerability disclosing local files in the file system.\n\n | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43067 |
CVE-2022-38485 | A directory traversal vulnerability exists in the AgeVolt Portal prior to version 0.1 that leads to Information Disclosure. A remote authenticated attacker could leverage this vulnerability to read files from any location on the target operating system with web server privileges. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-38485 |
CVE-2023-27261 | Missing authentication in the DeleteAssignments method in IDAttend’s IDWeb application 3.1.052 and earlier allows deletion of data by unauthenticated attackers. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-27261 |
CVE-2023-37911 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 9.4-rc-1 and prior to versions 14.10.8 and 15.3-rc-1, when a document has been deleted and re-created, it is possible for users with view right on the re-created document but not on the deleted document to view the contents of the deleted document. Such a situation might arise when rights were added to the deleted document. This can be exploited through the diff feature and, partially, through the REST API by using versions such as `deleted:1` (where the number counts the deletions in the wiki and is thus guessable). Given sufficient rights, the attacker can also re-create the deleted document, thus extending the scope to any deleted document as long as the attacker has edit right in the location of the deleted document. This vulnerability has been patched in XWiki 14.10.8 and 15.3 RC1 by properly checking rights when deleted revisions of a document are accessed. The only workaround is to regularly clean deleted documents to minimize the potential exposure. Extra care should be taken when deleting sensitive documents that are protected individually (and not, e.g., by being placed in a protected space) or deleting a protected space as a whole. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-37911 |
CVE-2023-39231 | PingFederate using the PingOne MFA adapter allows a new MFA device to be paired without requiring second factor authentication from an existing registered device. A threat actor may be able to exploit this vulnerability to register their own MFA device if they have knowledge of a victim user's first factor credentials. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-39231 |
CVE-2023-43281 | Double Free vulnerability in Nothings Stb Image.h v.2.28 allows a remote attacker to cause a denial of service via a crafted file to the stbi_load_gif_main function. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43281 |
CVE-2023-31130 | c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1.\n | 6.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-31130 |
CVE-2019-10359 | A cross-site request forgery vulnerability in Jenkins Maven Release Plugin 0.14.0 and earlier in the M2ReleaseAction#doSubmit method allowed attackers to perform releases with attacker-specified options. | 6.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-10359 |
CVE-2023-36671 | An issue was discovered in the Clario VPN client through 5.9.1.1662 for macOS. The VPN client insecurely configures the operating system such that all IP traffic to the VPN server's IP address is sent in plaintext outside the VPN tunnel even if this traffic is not generated by the VPN client. This allows an adversary to trick the victim into sending plaintext traffic to the VPN server's IP address and thereby deanonymize the victim. NOTE: the tunnelcrack.mathyvanhoef.com website uses this CVE ID to refer more generally to "ServerIP attack for only traffic to the real IP address of the VPN server" rather than to only Clario. | 6.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-36671 |
CVE-2023-45821 | Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which the `registryIsDockerHub` function was only checking that the registry domain had the `docker.io` suffix. Artifact Hub allows providing some Docker credentials that are used to increase the rate limit applied when interacting with the Docker Hub registry API to read publicly available content. Due to the incorrect check described above, it'd be possible to hijack those credentials by purchasing a domain which ends with `docker.io` and deploying a fake OCI registry on it. <https://artifacthub.io/> uses some credentials that only have permissions to read public content available in the Docker Hub. However, even though credentials for private repositories (disabled on `artifacthub.io`) are handled in a different way, other Artifact Hub deployments could have been using them for a different purpose. This issue has been resolved in version `1.16.0`. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 6.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-45821 |
CVE-2021-4335 | The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized access to data and modification of plugin settings due to a missing capability check on multiple AJAX functions in versions up to, and including, 4.6.9. This makes it possible for authenticated attackers with subscriber-level permissions to modify plugin settings, including retrieving arbitrary order information or creating/updating/deleting products, orders, or other sensitive information not associated with their own account. | 6.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-4335 |
CVE-2019-1003023 | A cross-site scripting vulnerability exists in Jenkins Warnings Next Generation Plugin 1.0.1 and earlier in src/main/java/io/jenkins/plugins/analysis/core/model/DetailsTableModel.java, src/main/java/io/jenkins/plugins/analysis/core/model/SourceDetail.java, src/main/java/io/jenkins/plugins/analysis/core/model/SourcePrinter.java, src/main/java/io/jenkins/plugins/analysis/core/util/Sanitizer.java, src/main/java/io/jenkins/plugins/analysis/warnings/DuplicateCodeScanner.java that allows attackers with the ability to control warnings parser input to have Jenkins render arbitrary HTML. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003023 |
CVE-2019-10336 | A reflected cross site scripting vulnerability in Jenkins ElectricFlow Plugin 1.1.6 and earlier allowed attackers able to control the output of the ElectricFlow API to inject arbitrary HTML and JavaScript in job configuration forms containing post-build steps provided by this plugin. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-10336 |
CVE-2019-10346 | A reflected cross site scripting vulnerability in Jenkins Embeddable Build Status Plugin 2.0.1 and earlier allowed attackers inject arbitrary HTML and JavaScript into the response of this plugin. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-10346 |
CVE-2019-10372 | An open redirect vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows attackers to redirect users to a URL outside Jenkins after successful login. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-10372 |
CVE-2019-10376 | A reflected cross-site scripting vulnerability in Jenkins Wall Display Plugin 0.6.34 and earlier allows attackers to inject arbitrary HTML and JavaScript into web pages provided by this plugin. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-10376 |
CVE-2016-10893 | The crayon-syntax-highlighter plugin before 2.8.4 for WordPress has multiple XSS issues via AJAX requests. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2016-10893 |
CVE-2019-10475 | A reflected cross-site scripting vulnerability in Jenkins build-metrics Plugin allows attackers to inject arbitrary HTML and JavaScript into web pages provided by this plugin. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-10475 |
CVE-2020-2096 | Jenkins Gitlab Hook Plugin 1.4.2 and earlier does not escape project names in the build_now endpoint, resulting in a reflected XSS vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-2096 |
CVE-2020-2140 | Jenkins Audit Trail Plugin 3.2 and earlier does not escape the error message for the URL Patterns field form validation, resulting in a reflected cross-site scripting vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-2140 |
CVE-2020-2152 | Jenkins Subversion Release Manager Plugin 1.2 and earlier does not escape the error message for the Repository URL field form validation, resulting in a reflected cross-site scripting vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-2152 |
CVE-2020-2169 | A form validation endpoint in Jenkins Queue cleanup Plugin 1.3 and earlier does not properly escape a query parameter displayed in an error message, resulting in a reflected XSS vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-2169 |
CVE-2020-2174 | Jenkins AWSEB Deployment Plugin 0.3.19 and earlier does not escape various values printed as part of form validation output, resulting in a reflected cross-site scripting vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-2174 |
CVE-2020-2199 | Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier does not escape the error message for the repository URL field form validation, resulting in a reflected cross-site scripting vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-2199 |
CVE-2020-2206 | Jenkins VncRecorder Plugin 1.25 and earlier does not escape a parameter value in the checkVncServ form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-2206 |
CVE-2020-2207 | Jenkins VncViewer Plugin 1.7 and earlier does not escape a parameter value in the checkVncServ form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-2207 |
CVE-2020-2217 | Jenkins Compatibility Action Storage Plugin 1.0 and earlier does not escape the content coming from the MongoDB in the testConnection form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-2217 |
CVE-2020-2248 | Jenkins JSGames Plugin 0.2 and earlier evaluates part of a URL as code, resulting in a reflected cross-site scripting (XSS) vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-2248 |
CVE-2021-21610 | Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not implement any restrictions for the URL rendering a formatted preview of markup passed as a query parameter, resulting in a reflected cross-site scripting (XSS) vulnerability if the configured markup formatter does not prohibit unsafe elements (JavaScript) in markup. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-21610 |
CVE-2021-21613 | Jenkins TICS Plugin 2020.3.0.6 and earlier does not escape TICS service responses, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to control TICS service response content. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-21613 |
CVE-2021-21648 | Jenkins Credentials Plugin 2.3.18 and earlier does not escape user-controlled information on a view it provides, resulting in a reflected cross-site scripting (XSS) vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-21648 |
CVE-2021-21666 | Jenkins Kiuwan Plugin 1.6.0 and earlier does not escape query parameters in an error message for a form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-21666 |
CVE-2021-21673 | Jenkins CAS Plugin 1.6.0 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-21673 |
CVE-2021-21684 | Jenkins Git Plugin 4.8.2 and earlier does not escape the Git SHA-1 checksum parameters provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting (XSS) vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-21684 |
CVE-2022-24227 | A cross-site scripting (XSS) vulnerability in BoltWire v7.10 and v 8.00 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the name and lastname parameters. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-24227 |
CVE-2022-25321 | An issue was discovered in Cerebrate through 1.4. XSS could occur in the bookmarks component. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-25321 |
CVE-2022-29533 | An issue was discovered in MISP before 2.4.158. There is XSS in app/Controller/OrganisationsController.php in a situation with a "weird single checkbox page." | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-29533 |
CVE-2022-34170 | In Jenkins 2.320 through 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive) the help icon does not escape the feature name that is part of its tooltip, effectively undoing the fix for SECURITY-1955, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-34170 |
CVE-2022-34171 | In Jenkins 2.321 through 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive) the HTML output generated for new symbol-based SVG icons includes the 'title' attribute of 'l:ionicon' (until Jenkins 2.334) and 'alt' attribute of 'l:icon' (since Jenkins 2.335) without further escaping, resulting in a cross-site scripting (XSS) vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-34171 |
CVE-2022-34172 | In Jenkins 2.340 through 2.355 (both inclusive) symbol-based icons unescape previously escaped values of 'tooltip' parameters, resulting in a cross-site scripting (XSS) vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-34172 |
CVE-2022-34173 | In Jenkins 2.340 through 2.355 (both inclusive) the tooltip of the build button in list views supports HTML without escaping the job display name, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-34173 |
CVE-2022-34178 | Jenkins Embeddable Build Status Plugin 2.0.3 allows specifying a 'link' query parameter that build status badges will link to, without restricting possible values, resulting in a reflected cross-site scripting (XSS) vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-34178 |
CVE-2022-34182 | Jenkins Nested View Plugin 1.20 through 1.25 (both inclusive) does not escape search parameters, resulting in a reflected cross-site scripting (XSS) vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-34182 |
CVE-2022-34133 | Benjamin BALET Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Comment parameter at application/controllers/Leaves.php. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-34133 |
CVE-2022-36922 | Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not escape the search query parameter displayed on the 'search' result page, resulting in a reflected cross-site scripting (XSS) vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-36922 |
CVE-2022-2518 | The Stockists Manager for Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.2.1. This is due to missing nonce validation on the stockist_settings_main() function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-2518 |
CVE-2022-39020 | \nMultiple instances of XSS (stored and reflected) was found in the application. For example, features such as student assessment submission, file upload, news, ePortfolio and calendar event creation were found to be vulnerable to cross-site scripting.\n\n | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-39020 |
CVE-2022-40290 | \nThe application was vulnerable to an unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability in the barcode generation functionality, allowing attackers to generate an unsafe link that could compromise users.\n\n | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-40290 |
CVE-2022-33322 | Cross-site scripting vulnerability in Mitsubishi Electric consumer electronics products (Air Conditioning, Wi-Fi Interface, Refrigerator, HEMS adapter, Remote control with Wi-Fi Interface, BATHROOM THERMO VENTILATOR, Rice cooker, Mitsubishi Electric HEMS control adapter, Energy Recovery Ventilator, Smart Switch and Air Purifier) allows a remote unauthenticated attacker to execute an malicious script on a user's browser to disclose information, etc. The wide range of models/versions of Mitsubishi Electric consumer electronics products are affected by this vulnerability. As for the affected product models/versions, see the Mitsubishi Electric's advisory which is listed in [References] section.\n\n | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-33322 |
CVE-2022-39181 | \nGLPI - Reports plugin for GLPI Reflected Cross-Site-Scripting (RXSS).\nType 1: Reflected XSS (or Non-Persistent) - The server reads data directly from the HTTP request and reflects it back in\nthe HTTP response. Reflected XSS exploits occur when an attacker causes a victim to supply dangerous content to a\nvulnerable web application, which is then reflected back to the victim and executed by the web browser. The most\ncommon mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or emailed directly to the victim. URLs constructed in this manner constitute the core of many phishing schemes, whereby\nan attacker convinces a victim to visit a URL that refers to a vulnerable site. After the site reflects the attacker's content\nback to the victim, the content is executed by the victim's browser. \n\n | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-39181 |
CVE-2022-47928 | In MISP before 2.4.167, there is XSS in the template file uploads in app/View/Templates/upload_file.ctp. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-47928 |
CVE-2022-4859 | A vulnerability, which was classified as problematic, has been found in Joget up to 7.0.33. This issue affects the function submitForm of the file wflow-core/src/main/java/org/joget/plugin/enterprise/UserProfileMenu.java of the component User Profile Menu. The manipulation of the argument firstName/lastName leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 7.0.34 is able to address this issue. The patch is named 9a77f508a2bf8cf661d588f37a4cc29ecaea4fc8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217055. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-4859 |
CVE-2019-25094 | A vulnerability, which was classified as problematic, was found in innologi appointments Extension up to 2.0.5 on TYPO3. This affects an unknown part of the component Appointment Handler. The manipulation of the argument formfield leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 2.0.6 is able to address this issue. The identifier of the patch is 986d3cb34e5e086c6f04e061f600ffc5837abe7f. It is recommended to upgrade the affected component. The identifier VDB-217353 was assigned to this vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-25094 |
CVE-2022-4875 | A vulnerability has been found in fossology and classified as problematic. This vulnerability affects unknown code. The manipulation of the argument sql/VarValue leads to cross site scripting. The attack can be initiated remotely. The patch is identified as 8e0eba001662c7eb35f045b70dd458a4643b4553. It is recommended to apply a patch to fix this issue. VDB-217426 is the identifier assigned to this vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-4875 |
CVE-2022-4876 | A vulnerability was found in Kaltura mwEmbed up to 2.96.rc1 and classified as problematic. This issue affects some unknown processing of the file includes/DefaultSettings.php. The manipulation of the argument HTTP_X_FORWARDED_HOST leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.96.rc2 is able to address this issue. The patch is named 13b8812ebc8c9fa034eed91ab35ba8423a528c0b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217427. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-4876 |
CVE-2019-25095 | A vulnerability, which was classified as problematic, was found in kakwa LdapCherry up to 0.x. Affected is an unknown function of the component URL Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.0.0 is able to address this issue. The patch is identified as 6f98076281e9452fdb1adcd1bcbb70a6f968ade9. It is recommended to upgrade the affected component. VDB-217434 is the identifier assigned to this vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-25095 |
CVE-2019-25096 | A vulnerability has been found in soerennb eXtplorer up to 2.1.12 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 2.1.13 is able to address this issue. The patch is named b8fcb888f4ff5e171c16797a4b075c6c6f50bf46. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217435. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-25096 |
CVE-2018-25064 | A vulnerability was found in OSM Lab show-me-the-way. It has been rated as problematic. This issue affects some unknown processing of the file js/site.js. The manipulation leads to cross site scripting. The attack may be initiated remotely. The patch is named 4bed3b34dcc01fe6661f39c0e5d2285b340f7cac. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217439. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2018-25064 |
CVE-2018-25065 | A vulnerability was found in Wikimedia mediawiki-extensions-I18nTags and classified as problematic. This issue affects some unknown processing of the file I18nTags_body.php of the component Unlike Parser. The manipulation leads to cross site scripting. The attack may be initiated remotely. The identifier of the patch is b4bc3cbbb099eab50cf2b544cf577116f1867b94. It is recommended to apply a patch to fix this issue. The identifier VDB-217445 was assigned to this vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2018-25065 |
CVE-2021-4309 | A vulnerability, which was classified as problematic, has been found in 01-Scripts 01ACP. This issue affects some unknown processing. The manipulation of the argument $_SERVER['SCRIPT_NAME'] leads to cross site scripting. The attack may be initiated remotely. The identifier of the patch is a16eb7da46ed22bc61067c212635394f2571d3c4. It is recommended to apply a patch to fix this issue. The identifier VDB-217649 was assigned to this vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-4309 |
CVE-2021-4310 | A vulnerability was found in 01-Scripts 01-Artikelsystem. It has been classified as problematic. Affected is an unknown function of the file 01article.php. The manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. It is possible to launch the attack remotely. The patch is identified as ae849b347a58c2cb1be38d04bbe56fc883d5d84a. It is recommended to apply a patch to fix this issue. VDB-217662 is the identifier assigned to this vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-4310 |
CVE-2018-25073 | A vulnerability has been found in Newcomer1989 TSN-Ranksystem up to 1.2.6 and classified as problematic. This vulnerability affects the function getlog of the file webinterface/bot.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.2.7 is able to address this issue. The patch is identified as b3a3cd8efe2cd3bd3c5b3b7abf2fe80dbee51b77. It is recommended to upgrade the affected component. VDB-218002 is the identifier assigned to this vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2018-25073 |
CVE-2023-24070 | app/View/AuthKeys/authkey_display.ctp in MISP through 2.4.167 has an XSS in authkey add via a Referer field. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-24070 |
CVE-2022-48118 | Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Acronym parameter. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-48118 |
CVE-2018-25080 | A vulnerability, which was classified as problematic, has been found in MobileDetect 2.8.31. This issue affects the function initLayoutType of the file examples/session_example.php of the component Example. The manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.8.32 is able to address this issue. The identifier of the patch is 31818a441b095bdc4838602dbb17b8377d1e5cce. It is recommended to upgrade the affected component. The identifier VDB-220061 was assigned to this vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2018-25080 |
CVE-2023-0748 | Open Redirect in GitHub repository btcpayserver/btcpayserver prior to 1.7.6.\n\n | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-0748 |
CVE-2023-22932 | In Splunk Enterprise 9.0 versions before 9.0.4, a View allows for Cross-Site Scripting (XSS) through the error message in a Base64-encoded image. The vulnerability affects instances with Splunk Web enabled. It does not affect Splunk Enterprise versions below 9.0. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-22932 |
CVE-2023-22933 | In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a View allows for Cross-Site Scripting (XSS) in an extensible mark-up language (XML) View through the ‘layoutPanel’ attribute in the ‘module’ tag’. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-22933 |
CVE-2020-36663 | A vulnerability, which was classified as problematic, was found in Artesãos SEOTools up to 0.17.1. This affects the function makeTag of the file OpenGraph.php. The manipulation of the argument value leads to open redirect. Upgrading to version 0.17.2 is able to address this issue. The patch is named ca27cd0edf917e0bc805227013859b8b5a1f01fb. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222231. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-36663 |
CVE-2020-36665 | A vulnerability was found in Artesãos SEOTools up to 0.17.1 and classified as critical. This issue affects the function eachValue of the file TwitterCards.php. The manipulation of the argument value leads to open redirect. Upgrading to version 0.17.2 is able to address this issue. The identifier of the patch is ca27cd0edf917e0bc805227013859b8b5a1f01fb. It is recommended to upgrade the affected component. The identifier VDB-222233 was assigned to this vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-36665 |
CVE-2023-28884 | In MISP 2.4.169, app/Lib/Tools/CustomPaginationTool.php allows XSS in the community index. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-28884 |
CVE-2018-25084 | A vulnerability, which was classified as problematic, has been found in Ping Identity Self-Service Account Manager 1.1.2. Affected by this issue is some unknown functionality of the file src/main/java/com/unboundid/webapp/ssam/SSAMController.java. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.1.3 is able to address this issue. The patch is identified as f64b10d63bb19ca2228b0c2d561a1a6e5a3bf251. It is recommended to upgrade the affected component. VDB-225362 is the identifier assigned to this vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2018-25084 |
CVE-2017-20183 | A vulnerability was found in External Media without Import Plugin up to 1.0.0 on WordPress. It has been declared as problematic. This vulnerability affects the function print_media_new_panel of the file external-media-without-import.php. The manipulation of the argument url/error/width/height/mime-type leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.0.1 is able to address this issue. The patch is identified as 9d2ecd159a6e2e3f710b4f1c28e2714f66502746. It is recommended to upgrade the affected component. VDB-227950 is the identifier assigned to this vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2017-20183 |
CVE-2023-29023 | \nA cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability.\n\n | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-29023 |
CVE-2018-25086 | A vulnerability was found in sea75300 FanPress CM up to 3.6.3. It has been classified as problematic. This affects the function getArticlesPreview of the file inc/controller/action/system/templatepreview.php of the component Template Preview. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 3.6.4 is able to address this issue. The patch is named c380d343c2107fcee55ab00eb8d189ce5e03369b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230235. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2018-25086 |
CVE-2023-3134 | The Forminator WordPress plugin before 1.24.4 does not properly escape values that are being reflected inside form fields that use pre-populated query parameters, which could lead to reflected XSS attacks. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-3134 |
CVE-2023-4111 | A vulnerability was found in PHP Jabbers Bus Reservation System 1.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument index/pickup_id leads to cross site scripting. The attack may be launched remotely. VDB-235958 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-4111 |
CVE-2023-38964 | Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting (XSS) vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-38964 |
CVE-2023-3042 | In dotCMS, versions mentioned, a flaw in the NormalizationFilter does not strip double slashes (//) from URLs, potentially enabling bypasses for XSS and access controls. An example affected URL is https://demo.dotcms.com//html/portlet/ext/files/edit_text_inc.jsp https://demo.dotcms.com//html/portlet/ext/files/edit_text_inc.jsp , which should return a 404 response but didn't. \n\nThe oversight in the default invalid URL character list can be viewed at the provided GitHub link https://github.com/dotCMS/core/blob/master/dotCMS/src/main/java/com/dotcms/filters/NormalizationFilter.java#L37 . \n\nTo mitigate, users can block URLs with double slashes at firewalls or utilize dotCMS config variables.\n\nSpecifically, they can use the DOT_URI_NORMALIZATION_FORBIDDEN_STRINGS environmental variable to add // to the list of invalid strings. \n\nAdditionally, the DOT_URI_NORMALIZATION_FORBIDDEN_REGEX variable offers more detailed control, for instance, to block //html.* URLs.\n\nFix Version:23.06+, LTS 22.03.7+, LTS 23.01.4+\n | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-3042 |
CVE-2023-5538 | The MpOperationLogs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the IP Request Headers in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-5538 |
CVE-2023-25476 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ezoic AmpedSense – AdSense Split Tester plugin <= 4.68 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-25476 |
CVE-2023-45054 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in AWESOME TOGI Product Category Tree plugin <= 2.5 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-45054 |
CVE-2023-45062 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Thomas Scholl canvasio3D Light plugin <= 2.4.6 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-45062 |
CVE-2023-45064 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Daisuke Takahashi(Extend Wings) OPcache Dashboard plugin <= 0.3.1 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-45064 |
CVE-2023-32087 | \nPega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with task creation\n\n\n\n\n\n | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-32087 |
CVE-2023-32088 | \nPega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with ad-hoc case creation\n\n\n\n\n\n | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-32088 |
CVE-2023-32089 | \nPega Platform versions 8.1 to 8.8.2 are affected by an XSS issue with Pin description\n\n\n\n\n\n | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-32089 |
CVE-2023-45065 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Mad Fish Digital Bulk NoIndex & NoFollow Toolkit plugin <= 1.42 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-45065 |
CVE-2023-45070 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 10Web Form Builder Team Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin <= 1.15.18 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-45070 |
CVE-2023-45071 | Unauth. Stored Cross-Site Scripting (XSS) vulnerability in 10Web Form Builder Team Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin <= 1.15.18 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-45071 |
CVE-2023-30781 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Theme Blvd Tweeple plugin <= 0.9.5 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-30781 |
CVE-2023-45602 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Shopfiles Ltd Ebook Store plugin <= 5.785 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-45602 |
CVE-2023-45630 | Unauth. Stored Cross-Site Scripting (XSS) vulnerability in wpdevart Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-45630 |
CVE-2023-45632 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WebDorado SpiderVPlayer plugin <= 1.5.22 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-45632 |
CVE-2023-45958 | Thirty Bees Core v1.4.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the backup_pagination parameter at /controller/AdminController.php. This vulnerability allows attackers to execute arbitrary JavaScript in the web browser of a user via a crafted payload. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-45958 |
CVE-2023-45909 | zzzcms v2.2.0 was discovered to contain an open redirect vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-45909 |
CVE-2023-45281 | An issue in Yamcs 5.8.6 allows attackers to obtain the session cookie via upload of crafted HTML file. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-45281 |
CVE-2023-40153 | \nThe affected product is vulnerable to a cross-site scripting vulnerability, which could allow an attacker to access the web application to introduce arbitrary Java Script by injecting an XSS payload into the 'hostname' parameter of the vulnerable software.\n\n | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-40153 |
CVE-2023-43341 | Cross-site scripting (XSS) vulnerability in evolution evo v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected uid parameter. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-43341 |
CVE-2023-43875 | Multiple Cross-Site Scripting (XSS) vulnerabilities in installation of Subrion CMS v.4.2.1 allows a local attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost, dbname, dbuser, adminusername and adminemail. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-43875 |
CVE-2023-45818 | TinyMCE is an open source rich text editor. A mutation cross-site scripting (mXSS) vulnerability was discovered in TinyMCE’s core undo and redo functionality. When a carefully-crafted HTML snippet passes the XSS sanitisation layer, it is manipulated as a string by internal trimming functions before being stored in the undo stack. If the HTML snippet is restored from the undo stack, the combination of the string manipulation and reparative parsing by either the browser's native [DOMParser API](https://developer.mozilla.org/en-US/docs/Web/API/DOMParser) (TinyMCE 6) or the SaxParser API (TinyMCE 5) mutates the HTML maliciously, allowing an XSS payload to be executed. This vulnerability has been patched in TinyMCE 5.10.8 and TinyMCE 6.7.1 by ensuring HTML is trimmed using node-level manipulation instead of string manipulation. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-45818 |
CVE-2023-45819 | TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s Notification Manager API. The vulnerability exploits TinyMCE's unfiltered notification system, which is used in error handling. The conditions for this exploit requires carefully crafted malicious content to have been inserted into the editor and a notification to have been triggered. When a notification was opened, the HTML within the text argument was displayed unfiltered in the notification. The vulnerability allowed arbitrary JavaScript execution when an notification presented in the TinyMCE UI for the current user. This issue could also be exploited by any integration which uses a TinyMCE notification to display unfiltered HTML content. This vulnerability has been patched in TinyMCE 5.10.8 and TinyMCE 6.7.1 by ensuring that the HTML displayed in the notification is sanitized, preventing the exploit. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-45819 |
CVE-2022-4712 | The WP Cerber Security plugin for WordPress is vulnerable to stored cross-site scripting via the log parameter when logging in to the site in versions up to, and including, 9.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-4712 |
CVE-2023-46287 | XSS exists in NagVis before 1.9.38 via the select function in share/server/core/functions/html.php. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-46287 |
CVE-2023-3933 | The Your Journey theme for WordPress is vulnerable to Reflected Cross-Site Scripting via prototype pollution in versions up to, and including, 1.9.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-3933 |
CVE-2023-3962 | The Winters theme for WordPress is vulnerable to Reflected Cross-Site Scripting via prototype pollution in versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-3962 |
CVE-2023-3965 | The nsc theme for WordPress is vulnerable to Reflected Cross-Site Scripting via prototype pollution in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-3965 |
CVE-2023-38191 | An issue was discovered in SuperWebMailer 9.00.0.01710. It allows spamtest_external.php XSS via a crafted filename. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-38191 |
CVE-2023-38192 | An issue was discovered in SuperWebMailer 9.00.0.01710. It allows superadmincreate.php XSS via crafted incorrect passwords. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-38192 |
CVE-2023-38194 | An issue was discovered in SuperWebMailer 9.00.0.01710. It allows keepalive.php XSS via a GET parameter. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-38194 |
CVE-2023-4635 | The EventON plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-4635 |
CVE-2021-46898 | views/switch.py in django-grappelli (aka Django Grappelli) before 2.15.2 attempts to prevent external redirection with startswith("/") but this does not consider a protocol-relative URL (e.g., //example.com) attack. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-46898 |
CVE-2023-5694 | A vulnerability was found in CodeAstro Internet Banking System 1.0. It has been classified as problematic. Affected is an unknown function of the file pages_system_settings.php. The manipulation of the argument sys_name with the input <ScRiPt >alert(991)</ScRiPt> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243132. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-5694 |
CVE-2023-5695 | A vulnerability was found in CodeAstro Internet Banking System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file pages_reset_pwd.php. The manipulation of the argument email with the input testing%40example.com'%26%25<ScRiPt%20>alert(9860)</ScRiPt> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243133 was assigned to this vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-5695 |
CVE-2023-5696 | A vulnerability was found in CodeAstro Internet Banking System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file pages_transfer_money.php. The manipulation of the argument account_number with the input 357146928--><ScRiPt%20>alert(9206)</ScRiPt><!-- leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-243134 is the identifier assigned to this vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-5696 |
CVE-2023-5697 | A vulnerability classified as problematic has been found in CodeAstro Internet Banking System 1.0. This affects an unknown part of the file pages_withdraw_money.php. The manipulation of the argument account_number with the input 287359614--><ScRiPt%20>alert(1234)</ScRiPt><!-- leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243135. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-5697 |
CVE-2023-5698 | A vulnerability classified as problematic was found in CodeAstro Internet Banking System 1.0. This vulnerability affects unknown code of the file pages_deposit_money.php. The manipulation of the argument account_number with the input 421873905--><ScRiPt%20>alert(9523)</ScRiPt><!-- leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243136. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-5698 |
CVE-2023-5699 | A vulnerability, which was classified as problematic, has been found in CodeAstro Internet Banking System 1.0. This issue affects some unknown processing of the file pages_view_client.php. The manipulation of the argument acc_name with the input Johnnie Reyes'"()&%<zzz><ScRiPt >alert(5646)</ScRiPt> leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243137 was assigned to this vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-5699 |
CVE-2023-5701 | A vulnerability has been found in vnotex vnote up to 3.17.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Markdown File Handler. The manipulation with the input <xss onclick="alert(1)" style=display:block>Click here</xss> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243139. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-5701 |
CVE-2023-1356 | Reflected cross-site scripting in the StudentSearch component in IDAttend’s IDWeb application 3.1.052 and earlier allows hijacking of a user’s browsing session by attackers who have convinced the said user to click on a malicious link. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-1356 |
CVE-2023-34446 | iTop is an open source, web-based IT service management platform. Prior to versions 3.0.4 and 3.1.0, when displaying `pages/preferences.php`, cross site scripting is possible. This issue is fixed in versions 3.0.4 and 3.1.0.\n | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-34446 |
CVE-2023-34447 | iTop is an open source, web-based IT service management platform. Prior to versions 3.0.4 and 3.1.0, on `pages/UI.php`, cross site scripting is possible. This issue is fixed in versions 3.0.4 and 3.1.0. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-34447 |
CVE-2023-36085 | The sisqualWFM 7.1.319.103 thru 7.1.319.111 for Android, has a host header injection vulnerability in its "/sisqualIdentityServer/core/" endpoint. By modifying the HTTP Host header, an attacker can change webpage links and even redirect users to arbitrary or malicious locations. This can lead to phishing attacks, malware distribution, and unauthorized access to sensitive resources. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-36085 |
CVE-2023-3010 | Grafana is an open-source platform for monitoring and observability. \n\nThe WorldMap panel plugin, versions before 1.0.4 contains a DOM XSS vulnerability.\n\n | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-3010 |
CVE-2023-45634 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Biztechc Copy or Move Comments plugin <= 5.0.4 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-45634 |
CVE-2023-45637 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in EventPrime EventPrime – Events Calendar, Bookings and Tickets plugin <= 3.1.5 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-45637 |
CVE-2023-45750 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in POSIMYTH Nexter Extension plugin <= 2.0.3 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-45750 |
CVE-2023-45756 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Spider Teams ApplyOnline – Application Form Builder and Manager plugin <= 2.5.2 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-45756 |
CVE-2023-45761 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Joovii Sendle Shipping Plugin plugin <= 5.13 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-45761 |
CVE-2023-45769 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Alex Raven WP Report Post plugin <= 2.1.2 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-45769 |
CVE-2023-45770 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Fastwpspeed Fast WP Speed plugin <= 1.0.0 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-45770 |
CVE-2023-45772 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Scribit Proofreading plugin <= 1.0.11 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-45772 |
CVE-2023-46074 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Borbis Media FreshMail For WordPress plugin <= 2.3.2 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-46074 |
CVE-2023-46076 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RedNao WooCommerce PDF Invoice Builder, Create invoices, packing slips and more plugin <= 1.2.102 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-46076 |
CVE-2023-46077 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Arrow Plugins The Awesome Feed – Custom Feed plugin <= 2.2.5 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-46077 |
CVE-2023-46081 | Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Lavacode Lava Directory Manager plugin <= 1.1.34 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-46081 |
CVE-2023-5791 | A vulnerability, which was classified as problematic, was found in SourceCodester Sticky Notes App 1.0. This affects an unknown part of the file endpoint/add-note.php. The manipulation of the argument noteTitle/noteContent leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243597 was assigned to this vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-5791 |
CVE-2023-46208 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in StylemixThemes Motors – Car Dealer, Classifieds & Listing plugin <= 1.4.6 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-46208 |
CVE-2023-46209 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in G5Theme Grid Plus – Unlimited grid plugin <= 1.3.2 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-46209 |
CVE-2023-44484 | Online Blood Donation Management System v1.0 is vulnerable to multiple Store Cross-Site Scripting vulnerabilities. The 'firstName' parameter of the users/register.php resource is copied into the users/member.php document as plain text between tags. Any input is echoed unmodified in the users/member.php response.\n\n | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-44484 |
CVE-2023-44485 | Online Blood Donation Management System v1.0 is vulnerable to multiple Store Cross-Site Scripting vulnerabilities. The 'lastName' parameter of the users/register.php resource is copied into the users/member.php document as plain text between tags. Any input is echoed unmodified in the users/member.php response.\n\n | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-44485 |
CVE-2023-44486 | Online Blood Donation Management System v1.0 is vulnerable to multiple Store Cross-Site Scripting vulnerabilities. The 'address' parameter of the users/register.php resource is copied into the users/member.php document as plain text between tags. Any input is echoed unmodified in the users/member.php response.\n\n | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-44486 |
CVE-2023-5306 | Online Blood Donation Management System v1.0 is vulnerable to multiple Store Cross-Site Scripting vulnerabilities. The 'city' parameter of the users/register.php resource is copied into the users/member.php document as plain text between tags. Any input is echoed unmodified in the users/member.php response.\n\n | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-5306 |
CVE-2023-34044 | VMware Workstation( 17.x prior to 17.5) and Fusion(13.x prior to 13.5) contain an out-of-bounds \nread vulnerability that exists in the functionality for sharing host \nBluetooth devices with the virtual machine. A malicious actor with local administrative privileges on a virtual \nmachine may be able to read privileged information contained in \nhypervisor memory from a virtual machine. | 6 | https://nvd.nist.gov/vuln/detail/CVE-2023-34044 |
CVE-2019-1003019 | An session fixation vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm.java that allows unauthorized attackers to impersonate another user if they can control the pre-authentication session. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003019 |
CVE-2019-10314 | Jenkins Koji Plugin disables SSL/TLS and hostname verification globally for the Jenkins master JVM. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2019-10314 |
CVE-2019-10317 | Jenkins SiteMonitor Plugin 0.5 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2019-10317 |
CVE-2019-16546 | Jenkins Google Compute Engine Plugin 4.1.1 and earlier does not verify SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2019-16546 |
CVE-2020-28972 | In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2020-28972 |
CVE-2023-21967 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-21967 |
CVE-2023-29025 | \nA cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product \n\nthat could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.\n\n\n\n | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-29025 |
CVE-2020-22217 | Buffer overflow vulnerability in c-ares before 1_16_1 thru 1_17_0 via function ares_parse_soa_reply in ares_parse_soa_reply.c. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2020-22217 |
CVE-2023-4806 | A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-4806 |
CVE-2022-24400 | A flaw in the TETRA authentication procecure allows a MITM adversary that can predict the MS challenge RAND2 to set session key DCK to zero. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2022-24400 |
CVE-2023-31580 | light-oauth2 before version 2.1.27 obtains the public key without any verification. This could allow attackers to authenticate to the application with a crafted JWT token. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-31580 |
CVE-2020-2100 | Jenkins 2.218 and earlier, LTS 2.204.1 and earlier was vulnerable to a UDP amplification reflection denial of service attack on port 33848. | 5.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2100 |
CVE-2022-34212 | A missing permission check in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request to an attacker-specified URL. | 5.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-34212 |
CVE-2022-41231 | Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers with Item/Configure permission to create or replace any config.xml file on the Jenkins controller file system by providing a crafted file name to an API endpoint. | 5.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-41231 |
CVE-2023-22940 | In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, aliases of the ‘collect’ search processing language (SPL) command, including ‘summaryindex’, ‘sumindex’, ‘stash’,’ mcollect’, and ‘meventcollect’, were not designated as safeguarded commands. The commands could potentially allow for the exposing of data to a summary index that unprivileged users could access. The vulnerability requires a higher privileged user to initiate a request within their browser, and only affects instances with Splunk Web enabled. | 5.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-22940 |
CVE-2023-35838 | The WireGuard client 0.5.3 on Windows insecurely configures the operating system and firewall such that traffic to a local network that uses non-RFC1918 IP addresses is blocked. This allows an adversary to trick the victim into blocking IP traffic to selected IP addresses and services even while the VPN is enabled. NOTE: the tunnelcrack.mathyvanhoef.com website uses this CVE ID to refer more generally to "LocalNet attack resulting in the blocking of traffic" rather than to only WireGuard. | 5.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-35838 |
CVE-2023-36672 | An issue was discovered in the Clario VPN client through 5.9.1.1662 for macOS. The VPN client insecurely configures the operating system such that traffic to the local network is sent in plaintext outside the VPN tunnel even if the local network is using a non-RFC1918 IP subnet. This allows an adversary to trick the victim into sending arbitrary IP traffic in plaintext outside the VPN tunnel. NOTE: the tunnelcrack.mathyvanhoef.com website uses this CVE ID to refer more generally to "LocalNet attack resulting in leakage of traffic in plaintext" rather than to only Clario. | 5.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-36672 |
CVE-2020-2185 | Jenkins Amazon EC2 Plugin 1.50.1 and earlier does not validate SSH host keys when connecting agents, enabling man-in-the-middle attacks. | 5.6 | https://nvd.nist.gov/vuln/detail/CVE-2020-2185 |
CVE-2020-2187 | Jenkins Amazon EC2 Plugin 1.50.1 and earlier unconditionally accepts self-signed certificates and does not perform hostname validation, enabling man-in-the-middle attacks. | 5.6 | https://nvd.nist.gov/vuln/detail/CVE-2020-2187 |
CVE-2019-10345 | Jenkins Configuration as Code Plugin 1.20 and earlier did not treat the proxy password as a secret to be masked when logging or encrypted for export. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10345 |
CVE-2019-10361 | Jenkins Maven Release Plugin 0.14.0 and earlier stored credentials unencrypted on the Jenkins master where they could be viewed by users with access to the master file system. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10361 |
CVE-2019-10364 | Jenkins Amazon EC2 Plugin 1.43 and earlier wrote the beginning of private keys to the Jenkins system log. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10364 |
CVE-2019-10367 | Due to an incomplete fix of CVE-2019-10343, Jenkins Configuration as Code Plugin 1.26 and earlier did not properly apply masking to some values expected to be hidden when logging the configuration being applied. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10367 |
CVE-2019-10398 | Jenkins Beaker Builder Plugin 1.9 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10398 |
CVE-2019-10419 | Jenkins vFabric Application Director Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10419 |
CVE-2019-10420 | Jenkins Assembla Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10420 |
CVE-2019-10423 | Jenkins CodeScan Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10423 |
CVE-2019-10424 | Jenkins elOyente Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10424 |
CVE-2019-10426 | Jenkins Gem Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10426 |
CVE-2019-10429 | Jenkins GitLab Logo Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10429 |
CVE-2019-10430 | Jenkins NeuVector Vulnerability Scanner Plugin 1.5 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10430 |
CVE-2019-16543 | Jenkins Spira Importer Plugin 3.2.2 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-16543 |
CVE-2019-16572 | Jenkins Weibo Plugin 1.0.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-16572 |
CVE-2020-2145 | Jenkins Zephyr Enterprise Test Management Plugin 1.9.1 and earlier stores its Zephyr password in plain text on the Jenkins master file system. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2145 |
CVE-2020-2154 | Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier stores its credentials in plain text in a global configuration file on the Jenkins master file system. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2154 |
CVE-2020-2274 | Jenkins ElasTest Plugin 1.2.1 and earlier stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2274 |
CVE-2020-2314 | Jenkins AppSpider Plugin 1.0.12 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2314 |
CVE-2021-21612 | Jenkins TraceTronic ECU-TEST Plugin 2.23.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-21612 |
CVE-2021-21614 | Jenkins Bumblebee HP ALM Plugin 4.1.5 and earlier stores credentials unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-21614 |
CVE-2021-21681 | Jenkins Nomad Plugin 0.7.4 and earlier stores Docker passwords unencrypted in the global config.xml file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-21681 |
CVE-2022-20621 | Jenkins Metrics Plugin 4.0.2.8 and earlier stores an access key unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-20621 |
CVE-2022-0529 | A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-0529 |
CVE-2022-0530 | A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-0530 |
CVE-2022-27195 | Jenkins Parameterized Trigger Plugin 2.43 and earlier captures environment variables passed to builds triggered using Jenkins Parameterized Trigger Plugin, including password parameter values, in their `build.xml` files. These values are stored unencrypted and can be viewed by users with access to the Jenkins controller file system. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-27195 |
CVE-2022-45386 | Jenkins Violations Plugin 0.7.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-45386 |
CVE-2023-1638 | A vulnerability was found in IObit Malware Fighter 9.4.0.776. It has been rated as problematic. Affected by this issue is the function 0x8001E024/0x8001E040 in the library ImfRegistryFilter.sys of the component IOCTL Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-224018 is the identifier assigned to this vulnerability. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-1638 |
CVE-2023-1639 | A vulnerability classified as problematic has been found in IObit Malware Fighter 9.4.0.776. This affects the function 0x8001E04C in the library ImfRegistryFilter.sys of the component IOCTL Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224019. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-1639 |
CVE-2023-1640 | A vulnerability classified as problematic was found in IObit Malware Fighter 9.4.0.776. This vulnerability affects the function 0x222010 in the library ObCallbackProcess.sys of the component IOCTL Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224020. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-1640 |
CVE-2023-1641 | A vulnerability, which was classified as problematic, has been found in IObit Malware Fighter 9.4.0.776. This issue affects the function 0x222018 in the library ObCallbackProcess.sys of the component IOCTL Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier VDB-224021 was assigned to this vulnerability. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-1641 |
CVE-2023-1642 | A vulnerability, which was classified as problematic, was found in IObit Malware Fighter 9.4.0.776. Affected is the function 0x222034/0x222038/0x22203C/0x222040 in the library ObCallbackProcess.sys of the component IOCTL Handler. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. VDB-224022 is the identifier assigned to this vulnerability. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-1642 |
CVE-2023-1643 | A vulnerability has been found in IObit Malware Fighter 9.4.0.776 and classified as problematic. Affected by this vulnerability is the function 0x8001E000/0x8001E004/0x8001E018/0x8001E01C/0x8001E024/0x8001E040 in the library ImfHpRegFilter.sys of the component IOCTL Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224023. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-1643 |
CVE-2023-1644 | A vulnerability was found in IObit Malware Fighter 9.4.0.776 and classified as problematic. Affected by this issue is the function 0x8018E010 in the library IMFCameraProtect.sys of the component IOCTL Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224024. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-1644 |
CVE-2023-1645 | A vulnerability was found in IObit Malware Fighter 9.4.0.776. It has been classified as problematic. This affects the function 0x8018E008 in the library IMFCameraProtect.sys of the component IOCTL Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier VDB-224025 was assigned to this vulnerability. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-1645 |
CVE-2023-21929 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21929 |
CVE-2023-30774 | A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-30774 |
CVE-2023-4132 | A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs during device initialization when the siano device is plugged in. This flaw allows a local user to crash the system, causing a denial of service condition. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-4132 |
CVE-2023-4194 | A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized access to some resources. The original patches fixing CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits - a096ccca6e50 ("tun: tun_chr_open(): correctly initialize socket uid"), - 66b2c338adce ("tap: tap_open(): correctly initialize socket uid"), pass "inode->i_uid" to sock_init_data_uid() as the last parameter and that turns out to not be accurate. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-4194 |
CVE-2023-32611 | A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-32611 |
CVE-2023-4753 | OpenHarmony v3.2.1 and prior version has a system call function usage error. Local attackers can crash kernel by the error input. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-4753 |
CVE-2023-43782 | Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/.cadence-aloop-daemon.x Temporary File. The file is used even if it has been created by a local adversary before Cadence started. The adversary can then delete the file, disrupting Cadence. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43782 |
CVE-2023-43898 | Nothings stb 2.28 was discovered to contain a Null Pointer Dereference via the function stbi__convert_format. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted pic file. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43898 |
CVE-2023-45825 | ydb-go-sdk is a pure Go native and database/sql driver for the YDB platform. Since ydb-go-sdk v3.48.6 if you use a custom credentials object (implementation of interface Credentials it may leak into logs. This happens because this object could be serialized into an error message using `fmt.Errorf("something went wrong (credentials: %q)", credentials)` during connection to the YDB server. If such logging occurred, a malicious user with access to logs could read sensitive information (i.e. credentials) information and use it to get access to the database. ydb-go-sdk contains this problem in versions from v3.48.6 to v3.53.2. The fix for this problem has been released in version v3.53.3. Users are advised to upgrade. Users unable to upgrade should implement the `fmt.Stringer` interface in your custom credentials type with explicit stringify of object state. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-45825 |
CVE-2023-46115 | Tauri is a framework for building binaries for all major desktop platforms. This advisory is not describing a vulnerability in the Tauri code base itself but a commonly used misconfiguration which could lead to leaking of the private key and updater key password into bundled Tauri applications using the Vite frontend in a specific configuration. The Tauri documentation used an insecure example configuration in the `Vite guide` to showcase how to use Tauri together with Vite. Copying the following snippet `envPrefix: ['VITE_', 'TAURI_'],` from this guide into the `vite.config.ts` of a Tauri project leads to bundling the `TAURI_PRIVATE_KEY` and `TAURI_KEY_PASSWORD` into the Vite frontend code and therefore leaking this value to the released Tauri application. Using the `envPrefix: ['VITE_'],` or any other framework than Vite means you are not impacted by this advisory. Users are advised to rotate their updater private key if they are affected by this (requires Tauri CLI >=1.5.5). After updating the envPrefix configuration, generate a new private key with `tauri signer generate`, saving the new private key and updating the updater's `pubkey` value on `tauri.conf.json` with the new public key. To update your existing application, the next application build must be signed with the older private key in order to be accepted by the existing application. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-46115 |
CVE-2023-45663 | stb_image is a single file MIT licensed library for processing images. The stbi__getn function reads a specified number of bytes from context (typically a file) into the specified buffer. In case the file stream points to the end, it returns zero. There are two places where its return value is not checked: In the `stbi__hdr_load` function and in the `stbi__tga_load` function. The latter of the two is likely more exploitable as an attacker may also control the size of an uninitialized buffer. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-45663 |
CVE-2023-45680 | stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, the `f->comment_list` is set to `NULL`, but `f->comment_list_length` is not reset. Later in `vorbis_deinit` it tries to dereference the `NULL` pointer. This issue may lead to denial of service. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-45680 |
CVE-2021-26734 | Zscaler Client Connector Installer on Windows before version 3.4.0.124 improperly handled directory junctions during uninstallation. A local adversary may be able to delete folders in an elevated context.\n\n\n\n\n\n | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-26734 |
CVE-2023-46332 | WebAssembly wabt 1.0.33 contains an Out-of-Bound Memory Write in DataSegment::Drop(), which lead to segmentation fault. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-46332 |
CVE-2023-46331 | WebAssembly wabt 1.0.33 has an Out-of-Bound Memory Read in in DataSegment::IsValidRange(), which lead to segmentation fault. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-46331 |
CVE-2023-40121 | In appendEscapedSQLString of DatabaseUtils.java, there is a possible SQL injection due to unsafe deserialization. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40121 |
CVE-2023-40123 | In updateActionViews of PipMenuView.java, there is a possible bypass of a multi user security boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40123 |
CVE-2023-40133 | In multiple locations of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40133 |
CVE-2023-44323 | Adobe Acrobat for Edge version 118.0.2088.46 (and earlier) is affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-44323 |
CVE-2019-1003013 | An cross-site scripting vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/Export.java, blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/export/ExportConfig.java, blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/export/JSONDataWriter.java, blueocean-rest-impl/src/main/java/io/jenkins/blueocean/service/embedded/UserStatePreloader.java, blueocean-web/src/main/resources/io/jenkins/blueocean/PageStatePreloadDecorator/header.jelly that allows attackers with permission to edit a user's description in Jenkins to have Blue Ocean render arbitrary HTML when using it as that user. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003013 |
CVE-2019-1003042 | A cross site scripting vulnerability in Jenkins Lockable Resources Plugin 2.4 and earlier allows attackers able to control resource names to inject arbitrary JavaScript in web pages rendered by the plugin. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003042 |
CVE-2019-1003050 | The f:validateButton form control for the Jenkins UI did not properly escape job URLs in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, resulting in a cross-site scripting (XSS) vulnerability exploitable by users with the ability to control job names. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003050 |
CVE-2019-10325 | A cross-site scripting vulnerability in Jenkins Warnings NG Plugin 5.0.0 and earlier allowed attacker with Job/Configure permission to inject arbitrary JavaScript in build overview pages. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-10325 |
CVE-2019-10335 | A stored cross site scripting vulnerability in Jenkins ElectricFlow Plugin 1.1.5 and earlier allowed attackers able to configure jobs in Jenkins or control the output of the ElectricFlow API to inject arbitrary HTML and JavaScript in the plugin-provided output on build status pages. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-10335 |
CVE-2019-10349 | A stored cross site scripting vulnerability in Jenkins Dependency Graph Viewer Plugin 0.13 and earlier allowed attackers able to configure jobs in Jenkins to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-10349 |
CVE-2019-10360 | A stored cross site scripting vulnerability in Jenkins Maven Release Plugin 0.14.0 and earlier allowed attackers to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-10360 |
CVE-2019-10362 | Jenkins Configuration as Code Plugin 1.24 and earlier did not escape values resulting in variable interpolation during configuration import when exporting, allowing attackers with permission to change Jenkins system configuration to obtain the values of environment variables. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-10362 |
CVE-2019-10373 | A stored cross-site scripting vulnerability in Jenkins Build Pipeline Plugin 1.5.8 and earlier allows attackers able to edit the build pipeline description to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-10373 |
CVE-2019-10374 | A stored cross-site scripting vulnerability in Jenkins PegDown Formatter Plugin 1.3 and earlier allows attackers able to edit descriptions and other fields rendered using the configured markup formatter to insert links with the javascript scheme into the Jenkins UI. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-10374 |
CVE-2019-10395 | Jenkins Build Environment Plugin 1.6 and earlier did not escape variables shown on its views, resulting in a cross-site scripting vulnerability in Jenkins 2.145, 2.138.1, or older, exploitable by users able to change various job/build properties. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-10395 |
CVE-2019-10396 | Jenkins Dashboard View Plugin 2.11 and earlier did not escape build descriptions, resulting in a cross-site scripting vulnerability exploitable by users able to change build descriptions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-10396 |
CVE-2019-10401 | In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:expandableTextBox form control interpreted its content as HTML when expanded, resulting in a stored XSS vulnerability exploitable by users with permission to define its contents (typically Job/Configure). | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-10401 |
CVE-2019-10402 | In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:combobox form control interpreted its item labels as HTML, resulting in a stored XSS vulnerability exploitable by users with permission to define its contents. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-10402 |
CVE-2019-10403 | Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the SCM tag name on the tooltip for SCM tag actions, resulting in a stored XSS vulnerability exploitable by users able to control SCM tag names for these actions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-10403 |
CVE-2019-10404 | Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the reason why a queue items is blcoked in tooltips, resulting in a stored XSS vulnerability exploitable by users able to control parts of the reason a queue item is blocked, such as label expressions not matching any idle executors. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-10404 |
CVE-2019-10405 | Jenkins 2.196 and earlier, LTS 2.176.3 and earlier printed the value of the "Cookie" HTTP request header on the /whoAmI/ URL, allowing attackers exploiting another XSS vulnerability to obtain the HTTP session cookie despite it being marked HttpOnly. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-10405 |
CVE-2019-10410 | Jenkins Log Parser Plugin 2.0 and earlier did not escape an error message, resulting in a cross-site scripting vulnerability exploitable by users able to define log parsing rules. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-10410 |
CVE-2019-10432 | Jenkins HTML Publisher Plugin 1.20 and earlier did not escape the project and build display names in the HTML report frame, resulting in a cross-site scripting vulnerability exploitable by users able to change those. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-10432 |
CVE-2019-16552 | A missing permission check in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials, or determine the existence of a file with a given path on the Jenkins master. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-16552 |
CVE-2019-16559 | A missing permission check in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers with Overall/Read permission to perform connection tests and determine whether files with an attacker-specified path exist on the Jenkins master file system. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-16559 |
CVE-2019-16562 | Jenkins buildgraph-view Plugin 1.8 and earlier does not escape the description of builds shown in its view, resulting in a stored XSS vulnerability exploitable by users able to change build descriptions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-16562 |
CVE-2019-16563 | Jenkins Mission Control Plugin 0.9.16 and earlier does not escape job display names and build names shown on its view, resulting in a stored XSS vulnerability exploitable by attackers able to change these properties. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-16563 |
CVE-2019-16564 | Jenkins Pipeline Aggregator View Plugin 1.8 and earlier does not escape information shown on its view, resulting in a stored XSS vulnerability exploitable by attackers able to affects view content such as job display name or pipeline stage names. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-16564 |
CVE-2020-2103 | Jenkins 2.218 and earlier, LTS 2.204.1 and earlier exposed session identifiers on a user's detail object in the whoAmI diagnostic page. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2103 |
CVE-2020-2105 | REST API endpoints in Jenkins 2.218 and earlier, LTS 2.204.1 and earlier were vulnerable to clickjacking attacks. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2105 |
CVE-2020-2106 | Jenkins Code Coverage API Plugin 1.1.2 and earlier does not escape the filename of the coverage report used in its view, resulting in a stored XSS vulnerability exploitable by users able to change job configurations. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2106 |
CVE-2020-2111 | Jenkins Subversion Plugin 2.13.0 and earlier does not escape the error message for the Project Repository Base URL field form validation, resulting in a stored cross-site scripting vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2111 |
CVE-2020-2112 | Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the parameter name shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2112 |
CVE-2020-2113 | Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the default value shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2113 |
CVE-2020-2122 | Jenkins Brakeman Plugin 0.12 and earlier did not escape values received from parsed JSON files when rendering them, resulting in a stored cross-site scripting vulnerability exploitable by users able to control the Brakeman post-build step input data. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2122 |
CVE-2020-2136 | Jenkins Git Plugin 4.2.0 and earlier does not escape the error message for the repository URL for Microsoft TFS field form validation, resulting in a stored cross-site scripting vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2136 |
CVE-2020-2161 | Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not properly escape node labels that are shown in the form validation for label expressions on job configuration pages, resulting in a stored XSS vulnerability exploitable by users able to define node labels. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2161 |
CVE-2020-2162 | Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not set Content-Security-Policy headers for files uploaded as file parameters to a build, resulting in a stored XSS vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2162 |
CVE-2020-2163 | Jenkins 2.227 and earlier, LTS 2.204.5 and earlier improperly processes HTML content of list view column headers, resulting in a stored XSS vulnerability exploitable by users able to control column headers. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2163 |
CVE-2020-2170 | Jenkins RapidDeploy Plugin 4.2 and earlier does not escape package names in the table of packages obtained from a remote server, resulting in a stored XSS vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2170 |
CVE-2020-2173 | Jenkins Gatling Plugin 1.2.7 and earlier prevents Content-Security-Policy headers from being set for Gatling reports served by the plugin, resulting in an XSS vulnerability exploitable by users able to change report content. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2173 |
CVE-2020-2175 | Jenkins FitNesse Plugin 1.31 and earlier does not correctly escape report contents before showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users able to control the XML input files processed by the plugin. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2175 |
CVE-2020-2176 | Multiple form validation endpoints in Jenkins useMango Runner Plugin 1.4 and earlier do not escape values received from the useMango service, resulting in a cross-site scripting (XSS) vulnerability exploitable by users able to control the values returned from the useMango service. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2176 |
CVE-2020-2190 | Jenkins Script Security Plugin 1.72 and earlier does not correctly escape pending or approved classpath entries on the In-process Script Approval page, resulting in a stored cross-site scripting vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2190 |
CVE-2020-2193 | Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the parser identifier when rendering charts, resulting in a stored cross-site scripting vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2193 |
CVE-2020-2194 | Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the display name of the builds in the trend chart, resulting in a stored cross-site scripting vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2194 |
CVE-2020-2195 | Jenkins Compact Columns Plugin 1.11 and earlier displays the unprocessed job description in tooltips, resulting in a stored cross-site scripting vulnerability that can be exploited by users with Job/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2195 |
CVE-2020-2201 | Jenkins Sonargraph Integration Plugin 3.0.0 and earlier does not escape the file path for the Log file field form validation, resulting in a stored cross-site scripting vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2201 |
CVE-2020-2204 | A missing permission check in Jenkins Fortify on Demand Plugin 5.0.1 and earlier allows attackers with Overall/Read permission to connect to the globally configured Fortify on Demand endpoint using attacker-specified credentials IDs. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2204 |
CVE-2020-2214 | Jenkins ZAP Pipeline Plugin 1.9 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2214 |
CVE-2020-2219 | Jenkins Link Column Plugin 1.0 and earlier does not filter URLs of links created by users with View/Configure permission, resulting in a stored cross-site scripting vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2219 |
CVE-2020-2220 | Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the agent name in the build time trend page, resulting in a stored cross-site scripting vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2220 |
CVE-2020-2221 | Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the upstream job's display name shown as part of a build cause, resulting in a stored cross-site scripting vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2221 |
CVE-2020-2222 | Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the job name in the 'Keep this build forever' badge tooltip, resulting in a stored cross-site scripting vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2222 |
CVE-2020-2223 | Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape correctly the 'href' attribute of links to downstream jobs displayed in the build console page, resulting in a stored cross-site scripting vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2223 |
CVE-2020-2224 | Jenkins Matrix Project Plugin 1.16 and earlier does not escape the node names shown in tooltips on the overview page of builds with a single axis, resulting in a stored cross-site scripting vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2224 |
CVE-2020-2225 | Jenkins Matrix Project Plugin 1.16 and earlier does not escape the axis names shown in tooltips on the overview page of builds with multiple axes, resulting in a stored cross-site scripting vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2225 |
CVE-2020-2226 | Jenkins Matrix Authorization Strategy Plugin 2.6.1 and earlier does not escape user names shown in the configuration, resulting in a stored cross-site scripting vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2226 |
CVE-2020-2227 | Jenkins Deployer Framework Plugin 1.2 and earlier does not escape the URL displayed in the build home page, resulting in a stored cross-site scripting vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2227 |
CVE-2020-2229 | Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the tooltip content of help icons, resulting in a stored cross-site scripting (XSS) vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2229 |
CVE-2020-2230 | Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the project naming strategy description, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Overall/Manage permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2230 |
CVE-2020-2231 | Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the remote address of the host starting a build via 'Trigger builds remotely', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Job/Configure permission or knowledge of the Authentication Token. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2231 |
CVE-2020-2236 | Jenkins Yet Another Build Visualizer Plugin 1.11 and earlier does not escape tooltip content, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Run/Update permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2236 |
CVE-2020-2238 | Jenkins Git Parameter Plugin 0.9.12 and earlier does not escape the repository field on the 'Build with Parameters' page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2238 |
CVE-2020-2243 | Jenkins Cadence vManager Plugin 3.0.4 and earlier does not escape build descriptions in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2243 |
CVE-2020-2244 | Jenkins Build Failure Analyzer Plugin 1.27.0 and earlier does not escape matching text in a form validation response, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to provide console output for builds used to test build log indications. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2244 |
CVE-2020-2246 | Jenkins Valgrind Plugin 0.28 and earlier does not escape content in Valgrind XML reports, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control Valgrind XML report contents. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2246 |
CVE-2020-2256 | Jenkins Pipeline Maven Integration Plugin 3.9.2 and earlier does not escape the upstream job's display name shown as part of a build cause, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2256 |
CVE-2020-2257 | Jenkins Validating String Parameter Plugin 2.4 and earlier does not escape various user-controlled fields, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2257 |
CVE-2020-2259 | Jenkins computer-queue-plugin Plugin 1.5 and earlier does not escape the agent name in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2259 |
CVE-2020-2262 | Jenkins Android Lint Plugin 2.6 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide report files to the plugin's post-build step. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2262 |
CVE-2020-2263 | Jenkins Radiator View Plugin 1.29 and earlier does not escape the full name of the jobs in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2263 |
CVE-2020-2264 | Jenkins Custom Job Icon Plugin 0.2 and earlier does not escape the job descriptions in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2264 |
CVE-2020-2265 | Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does not escape the method information in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide report files to the plugin's post-build step. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2265 |
CVE-2020-2266 | Jenkins Description Column Plugin 1.3 and earlier does not escape the job description in the column tooltip, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2266 |
CVE-2020-2269 | Jenkins chosen-views-tabbar Plugin 1.2 and earlier does not escape view names in the dropdown to select views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with the ability to configure views. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2269 |
CVE-2020-2270 | Jenkins ClearCase Release Plugin 0.3 and earlier does not escape the composite baseline in badge tooltip, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2270 |
CVE-2020-2271 | Jenkins Locked Files Report Plugin 1.6 and earlier does not escape locked files' names in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2271 |
CVE-2020-2281 | A cross-site request forgery (CSRF) vulnerability in Jenkins Lockable Resources Plugin 2.8 and earlier allows attackers to reserve, unreserve, unlock, and reset resources. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2281 |
CVE-2020-2283 | Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not escape changeset contents, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users able to control changeset files evaluated by the plugin. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2283 |
CVE-2020-2289 | Jenkins Active Choices Plugin 2.4 and earlier does not escape the name and description of build parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2289 |
CVE-2020-2290 | Jenkins Active Choices Plugin 2.4 and earlier does not escape some return values of sandboxed scripts for Reactive Reference Parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2290 |
CVE-2020-2292 | Jenkins Release Plugin 2.10.2 and earlier does not escape the release version in badge tooltip, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Release/Release permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2292 |
CVE-2020-2316 | Jenkins Static Analysis Utilities Plugin 1.96 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2316 |
CVE-2020-2317 | Jenkins FindBugs Plugin 5.0.0 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide report files to Jenkins FindBugs Plugin's post build step. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2317 |
CVE-2021-21603 | Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape notification bar response contents, resulting in a cross-site scripting (XSS) vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-21603 |
CVE-2021-21608 | Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape button labels in the Jenkins UI, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with the ability to control button labels. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-21608 |
CVE-2021-21611 | Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape display names and IDs of item types shown on the New Item page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to specify display names or IDs of item types. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-21611 |
CVE-2021-21618 | Jenkins Repository Connector Plugin 2.0.2 and earlier does not escape parameter names and descriptions for past builds, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-21618 |
CVE-2021-21619 | Jenkins Claim Plugin 2.18.1 and earlier does not escape the user display name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers who are able to control the display names of Jenkins users, either via the security realm, or directly inside Jenkins. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-21619 |
CVE-2021-21622 | Jenkins Artifact Repository Parameter Plugin 1.0.0 and earlier does not escape parameter names and descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-21622 |
CVE-2021-21628 | Jenkins Build With Parameters Plugin 1.5 and earlier does not escape parameter names and descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-21628 |
CVE-2021-21630 | Jenkins Extra Columns Plugin 1.22 and earlier does not escape parameter values in the build parameters column, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-21630 |
CVE-2021-21635 | Jenkins REST List Parameter Plugin 1.3.0 and earlier does not escape a parameter name reference in embedded JavaScript, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-21635 |
CVE-2021-21644 | A cross-site request forgery (CSRF) vulnerability in Jenkins Config File Provider Plugin 3.7.0 and earlier allows attackers to delete configuration files corresponding to an attacker-specified ID. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-21644 |
CVE-2021-21649 | Jenkins Dashboard View Plugin 2.15 and earlier does not escape URLs referenced in Image Dashboard Portlets, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-21649 |
CVE-2021-21660 | Jenkins Markdown Formatter Plugin 0.1.0 and earlier does not sanitize crafted link target URLs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with the ability to edit any description rendered using the configured markup formatter. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-21660 |
CVE-2021-21667 | Jenkins Scriptler Plugin 3.2 and earlier does not escape parameter names shown in job configuration forms, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Scriptler/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-21667 |
CVE-2021-21668 | Jenkins Scriptler Plugin 3.1 and earlier does not escape script content, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Scriptler/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-21668 |
CVE-2021-21699 | Jenkins Active Choices Plugin 2.5.6 and earlier does not escape the parameter name of reactive parameters and dynamic reference parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-21699 |
CVE-2021-21700 | Jenkins Scriptler Plugin 3.3 and earlier does not escape the name of scripts on the UI when asking to confirm their deletion, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by exploitable by attackers able to create Scriptler scripts. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-21700 |
CVE-2022-20615 | Jenkins Matrix Project Plugin 1.19 and earlier does not escape HTML metacharacters in node and label names, and label descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-20615 |
CVE-2022-23108 | Jenkins Badge Plugin 1.9 and earlier does not escape the description and does not check for allowed protocols when creating a badge, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-23108 |
CVE-2022-23115 | Cross-site request forgery (CSRF) vulnerabilities in Jenkins batch task Plugin 1.19 and earlier allows attackers with Overall/Read access to retrieve logs, build or delete a batch task. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-23115 |
CVE-2022-25185 | Jenkins Generic Webhook Trigger Plugin 1.81 and earlier does not escape the build cause when using the webhook, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-25185 |
CVE-2022-25189 | Jenkins Custom Checkbox Parameter Plugin 1.1 and earlier does not escape parameter names of custom checkbox parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-25189 |
CVE-2022-25191 | Jenkins Agent Server Parameter Plugin 1.0 and earlier does not escape parameter names of agent server parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-25191 |
CVE-2022-25196 | Jenkins GitLab Authentication Plugin 1.13 and earlier records the HTTP Referer header as part of the URL query parameters when the authentication process starts, allowing attackers with access to Jenkins to craft a URL that will redirect users to an attacker-specified URL after logging in. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-25196 |
CVE-2022-25203 | Jenkins Team Views Plugin 0.9.0 and earlier does not escape team names, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Read permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-25203 |
CVE-2022-25204 | Jenkins Doktor Plugin 0.4.1 and earlier implements functionality that allows agent processes to render files on the controller as Markdown or Asciidoc, and error messages allow attackers able to control agent processes to determine whether a file with a given name exists. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-25204 |
CVE-2022-27196 | Jenkins Favorite Plugin 2.4.0 and earlier does not escape the names of jobs in the favorite column, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure or Item/Create permissions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-27196 |
CVE-2022-27197 | Jenkins Dashboard View Plugin 2.18 and earlier does not perform URL validation for the Iframe Portlet's Iframe source URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure views. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-27197 |
CVE-2022-27202 | Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier does not escape the value and description of extended choice parameters of radio buttons or check boxes type, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-27202 |
CVE-2022-27212 | Jenkins List Git Branches Parameter Plugin 0.0.9 and earlier does not escape the name of the 'List Git branches (and more)' parameter, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-27212 |
CVE-2022-27213 | Jenkins Environment Dashboard Plugin 1.1.10 and earlier does not escape the Environment order and the Component order configuration values in its views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-27213 |
CVE-2022-28133 | Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not limit URL schemes for callback URLs on OAuth consumers, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create BitBucket Server consumers. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-28133 |
CVE-2022-28134 | Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to create, view, and delete BitBucket Server consumers. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-28134 |
CVE-2022-28145 | Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier does not apply Content-Security-Policy headers to report files it serves, resulting in a stored cross-site scripting (XSS) exploitable by attackers with Item/Configure permission or otherwise able to control report contents. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-28145 |
CVE-2022-28149 | Jenkins Job and Node ownership Plugin 0.13.0 and earlier does not escape the names of the secondary owners, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-28149 |
CVE-2022-28153 | Jenkins SiteMonitor Plugin 0.6 and earlier does not escape URLs of sites to monitor in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-28153 |
CVE-2022-28159 | Jenkins Tests Selector Plugin 1.3.3 and earlier does not escape the Properties File Path option for Choosing Tests parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-28159 |
CVE-2022-29036 | Jenkins Credentials Plugin 1111.v35a_307992395 and earlier, except 1087.1089.v2f1b_9a_b_040e4, 1074.1076.v39c30cecb_0e2, and 2.6.1.1, does not escape the name and description of Credentials parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-29036 |
CVE-2022-29037 | Jenkins CVS Plugin 2.19 and earlier does not escape the name and description of CVS Symbolic Name parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-29037 |
CVE-2022-29038 | Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier does not escape the name and description of Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-29038 |
CVE-2022-29039 | Jenkins Gerrit Trigger Plugin 2.35.2 and earlier does not escape the name and description of Base64 Encoded String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-29039 |
CVE-2022-29040 | Jenkins Git Parameter Plugin 0.9.15 and earlier does not escape the name and description of Git parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-29040 |
CVE-2022-29041 | Jenkins Jira Plugin 3.7 and earlier, except 3.6.1, does not escape the name and description of Jira Issue and Jira Release Version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-29041 |
CVE-2022-29042 | Jenkins Job Generator Plugin 1.22 and earlier does not escape the name and description of Generator Parameter and Generator Choice parameters on Job Generator jobs' Build With Parameters views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-29042 |
CVE-2022-29043 | Jenkins Mask Passwords Plugin 3.0 and earlier does not escape the name and description of Non-Stored Password parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-29043 |
CVE-2022-29044 | Jenkins Node and Label parameter Plugin 1.10.3 and earlier does not escape the name and description of Node and Label parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-29044 |
CVE-2022-29045 | Jenkins promoted builds Plugin 873.v6149db_d64130 and earlier, except 3.10.1, does not escape the name and description of Promoted Build parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-29045 |
CVE-2022-29046 | Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags (and more) parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-29046 |
CVE-2022-29049 | Jenkins promoted builds Plugin 873.v6149db_d64130 and earlier, except 3.10.1, does not validate the names of promotions defined in Job DSL, allowing attackers with Job/Configure permission to create a promotion with an unsafe name. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-29049 |
CVE-2022-29529 | An issue was discovered in MISP before 2.4.158. There is stored XSS via the LinOTP login field. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-29529 |
CVE-2022-29530 | An issue was discovered in MISP before 2.4.158. There is stored XSS in the galaxy clusters. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-29530 |
CVE-2022-29531 | An issue was discovered in MISP before 2.4.158. There is stored XSS in the event graph via a tag name. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-29531 |
CVE-2022-30956 | Jenkins Rundeck Plugin 3.6.10 and earlier does not restrict URL schemes in Rundeck webhook submissions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to submit crafted Rundeck webhook payloads. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-30956 |
CVE-2022-30960 | Jenkins Application Detector Plugin 1.0.8 and earlier does not escape the name of Chois Application Version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-30960 |
CVE-2022-30961 | Jenkins Autocomplete Parameter Plugin 1.1 and earlier does not escape the name of Dropdown Autocomplete and Auto Complete String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-30961 |
CVE-2022-30962 | Jenkins Global Variable String Parameter Plugin 1.2 and earlier does not escape the name and description of Global Variable String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-30962 |
CVE-2022-30963 | Jenkins JDK Parameter Plugin 1.0 and earlier does not escape the name and description of JDK parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-30963 |
CVE-2022-30964 | Jenkins Multiselect parameter Plugin 1.3 and earlier does not escape the name and description of Multiselect parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-30964 |
CVE-2022-30965 | Jenkins Promoted Builds (Simple) Plugin 1.9 and earlier does not escape the name and description of Promotion Level parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-30965 |
CVE-2022-30966 | Jenkins Random String Parameter Plugin 1.0 and earlier does not escape the name and description of Random String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-30966 |
CVE-2022-30967 | Jenkins Selection tasks Plugin 1.0 and earlier does not escape the name and description of Script Selection task variable parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-30967 |
CVE-2022-30968 | Jenkins vboxwrapper Plugin 1.3 and earlier does not escape the name and description of VBox node parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-30968 |
CVE-2022-30970 | Jenkins Autocomplete Parameter Plugin 1.1 and earlier references Dropdown Autocomplete parameter and Auto Complete String parameter names in an unsafe manner from Javascript embedded in view definitions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-30970 |
CVE-2022-34176 | Jenkins JUnit Plugin 1119.va_a_5e9068da_d7 and earlier does not escape descriptions of test results, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-34176 |
CVE-2022-34183 | Jenkins Agent Server Parameter Plugin 1.1 and earlier does not escape the name and description of Agent Server parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-34183 |
CVE-2022-34184 | Jenkins CRX Content Package Deployer Plugin 1.9 and earlier does not escape the name and description of CRX Content Package Choice parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-34184 |
CVE-2022-34185 | Jenkins Date Parameter Plugin 0.0.4 and earlier does not escape the name and description of Date parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-34185 |
CVE-2022-34186 | Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape the name and description of Moded Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-34186 |
CVE-2022-34187 | Jenkins Filesystem List Parameter Plugin 0.0.7 and earlier does not escape the name and description of File system objects list parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-34187 |
CVE-2022-34188 | Jenkins Hidden Parameter Plugin 0.0.4 and earlier does not escape the name and description of Hidden Parameter parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-34188 |
CVE-2022-34189 | Jenkins Image Tag Parameter Plugin 1.10 and earlier does not escape the name and description of Image Tag parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-34189 |
CVE-2022-34190 | Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.1 and earlier does not escape the name and description of List maven artifact versions parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-34190 |
CVE-2022-34191 | Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.77 and earlier does not escape the name of NetStorm Test parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-34191 |
CVE-2022-34192 | Jenkins ontrack Jenkins Plugin 4.0.0 and earlier does not escape the name of Ontrack: Multi Parameter choice, Ontrack: Parameter choice, and Ontrack: SingleParameter parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-34192 |
CVE-2022-34193 | Jenkins Package Version Plugin 1.0.1 and earlier does not escape the name of Package version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-34193 |
CVE-2022-34194 | Jenkins Readonly Parameter Plugin 1.0.0 and earlier does not escape the name and description of Readonly String and Readonly Text parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-34194 |
CVE-2022-34195 | Jenkins Repository Connector Plugin 2.2.0 and earlier does not escape the name and description of Maven Repository Artifact parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-34195 |
CVE-2022-34196 | Jenkins REST List Parameter Plugin 1.5.2 and earlier does not escape the name and description of REST list parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-34196 |
CVE-2022-34197 | Jenkins Sauce OnDemand Plugin 1.204 and earlier does not escape the name and description of Sauce Labs Browsers parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-34197 |
CVE-2022-34198 | Jenkins Stash Branch Parameter Plugin 0.3.0 and earlier does not escape the name and description of Stash Branch parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-34198 |
CVE-2022-34777 | Jenkins GitLab Plugin 1.5.34 and earlier does not escape multiple fields inserted into the description of webhook-triggered builds, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-34777 |
CVE-2022-34778 | Jenkins TestNG Results Plugin 554.va4a552116332 and earlier renders the unescaped test descriptions and exception messages provided in test results if certain job-level options are set, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs or control test results. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-34778 |
CVE-2022-34783 | Jenkins Plot Plugin 2.1.10 and earlier does not escape plot descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-34783 |
CVE-2022-34784 | Jenkins build-metrics Plugin 1.3 does not escape the build description on one of its views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Build/Update permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-34784 |
CVE-2022-34786 | Jenkins Rich Text Publisher Plugin 1.4 and earlier does not escape the HTML message set by its post-build step, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-34786 |
CVE-2022-34787 | Jenkins Project Inheritance Plugin 21.04.03 and earlier does not escape the reason a build is blocked in tooltips, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to control the reason a queue item is blocked. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-34787 |
CVE-2022-34788 | Jenkins Matrix Reloaded Plugin 1.1.3 and earlier does not escape the agent name in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-34788 |
CVE-2022-34790 | Jenkins eXtreme Feedback Panel Plugin 2.0.1 and earlier does not escape the job names used in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-34790 |
CVE-2022-34791 | Jenkins Validating Email Parameter Plugin 1.10 and earlier does not escape the name and description of its parameter type, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-34791 |
CVE-2022-34795 | Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not escape environment names on its Deployment Dashboard view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-34795 |
CVE-2022-36902 | Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape several fields of Moded Extended Choice parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-36902 |
CVE-2022-36905 | Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.2 and earlier does not perform URL validation for the Repository Base URL of List maven artifact versions parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-36905 |
CVE-2022-36910 | Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to reindex the database and to obtain information about jobs otherwise inaccessible to them. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-36910 |
CVE-2022-38664 | Jenkins Job Configuration History Plugin 1165.v8cc9fd1f4597 and earlier does not escape the job name on the System Configuration History page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure job names. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-38664 |
CVE-2022-41224 | Jenkins 2.367 through 2.369 (both inclusive) does not escape tooltips of the l:helpIcon UI component used for some help icons on the Jenkins web UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control tooltips for this component. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-41224 |
CVE-2022-41225 | Jenkins Anchore Container Image Scanner Plugin 1.0.24 and earlier does not escape content provided by the Anchore engine API, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control API responses by Anchore engine. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-41225 |
CVE-2022-41229 | Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.134 and earlier does not escape configuration options of the Execute NetStorm/NetCloud Test build step, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-41229 |
CVE-2022-41239 | Jenkins DotCi Plugin 2.40.00 and earlier does not escape the GitHub user name parameter provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting (XSS) vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-41239 |
CVE-2022-41240 | Jenkins Walti Plugin 1.0.1 and earlier does not escape the information provided by the Walti API, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide malicious API responses from Walti. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-41240 |
CVE-2022-41242 | A missing permission check in Jenkins extreme-feedback Plugin 1.7 and earlier allows attackers with Overall/Read permission to discover information about job names attached to lamps, discover MAC and IP addresses of existing lamps, and rename lamps. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-41242 |
CVE-2022-43409 | Jenkins Pipeline: Supporting APIs Plugin 838.va_3a_087b_4055b and earlier does not sanitize or properly encode URLs of hyperlinks sending POST requests in build logs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create Pipelines. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-43409 |
CVE-2022-43420 | Jenkins Contrast Continuous Application Security Plugin 3.9 and earlier does not escape data returned from the Contrast service when generating a report, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control or modify Contrast service API responses. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-43420 |
CVE-2022-43425 | Jenkins Custom Checkbox Parameter Plugin 1.4 and earlier does not escape the name and description of Custom Checkbox Parameter parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-43425 |
CVE-2022-39017 | \n\n\nImproper input validation and output encoding in all comments fields, in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to introduce cross-site scripting attacks via specially crafted comments.\n\n | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-39017 |
CVE-2022-45380 | Jenkins JUnit Plugin 1159.v0b_396e1e07dd and earlier converts HTTP(S) URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-45380 |
CVE-2022-45382 | Jenkins Naginator Plugin 1.18.1 and earlier does not escape display names of source builds in builds that were triggered via Retry action, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to edit build display names. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-45382 |
CVE-2022-45387 | Jenkins BART Plugin 1.0.3 and earlier does not escape the parsed content of build logs before rendering it on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-45387 |
CVE-2022-45401 | Jenkins Associated Files Plugin 0.2.1 and earlier does not escape names of associated files, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-45401 |
CVE-2023-0028 | Cross-site Scripting (XSS) - Stored in GitHub repository linagora/twake prior to 2023.Q1.1200+.\n\n | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-0028 |
CVE-2019-25093 | A vulnerability, which was classified as problematic, was found in dragonexpert Recent Threads on Index. Affected is the function recentthread_list_threads of the file inc/plugins/recentthreads/hooks.php of the component Setting Handler. The manipulation of the argument recentthread_forumskip leads to cross site scripting. It is possible to launch the attack remotely. The patch is identified as 051465d807a8fcc6a8b0f4bcbb19299672399f48. It is recommended to apply a patch to fix this issue. VDB-217182 is the identifier assigned to this vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-25093 |
CVE-2022-4881 | A vulnerability was found in CapsAdmin PAC3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file lua/pac3/core/shared/http.lua. The manipulation of the argument url leads to cross site scripting. The attack may be launched remotely. The patch is identified as 8fc9e12dfa21d757be6eb4194c763e848b299ac0. It is recommended to apply a patch to fix this issue. VDB-217646 is the identifier assigned to this vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-4881 |
CVE-2023-25761 | Jenkins JUnit Plugin 1166.va_436e268e972 and earlier does not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control test case class names in the JUnit resources processed by the plugin. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-25761 |
CVE-2023-25762 | Jenkins Pipeline: Build Step Plugin 2.18 and earlier does not escape job names in a JavaScript expression used in the Pipeline Snippet Generator, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control job names. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-25762 |
CVE-2023-25763 | Jenkins Email Extension Plugin 2.93 and earlier does not escape various fields included in bundled email templates, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control affected fields. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-25763 |
CVE-2023-25764 | Jenkins Email Extension Plugin 2.93 and earlier does not escape, sanitize, or sandbox rendered email template output or log output generated during template rendering, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create or change custom email templates. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-25764 |
CVE-2023-0879 | Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.12.\n\n | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-0879 |
CVE-2023-0377 | The Scriptless Social Sharing WordPress plugin before 3.2.2 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-0377 |
CVE-2023-2718 | The Contact Form Email WordPress plugin before 1.3.38 does not escape submitted values before displaying them in the HTML, leading to a Stored XSS vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-2718 |
CVE-2023-3575 | The Quiz And Survey Master WordPress plugin before 8.1.11 does not properly sanitize and escape question titles, which could allow users with the Contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-3575 |
CVE-2023-43191 | SpringbootCMS 1.0 foreground message can be embedded malicious code saved in the database. When users browse the comments, these malicious codes embedded in the HTML will be executed, and the user's browser will be controlled by the attacker, so as to achieve the special purpose of the attacker, such as cookie theft | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43191 |
CVE-2023-43872 | A File upload vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS). | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43872 |
CVE-2023-5496 | A vulnerability was found in Translator PoqDev Add-On 1.0.11 on Firefox. It has been rated as problematic. This issue affects some unknown processing of the component Select Text Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-241649 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5496 |
CVE-2023-22082 | Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Pod Admin). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-22082 |
CVE-2023-45049 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Ciprian Popescu YouTube Playlist Player plugin <= 4.6.7 versions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-45049 |
CVE-2023-45059 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Gumroad plugin <= 3.1.0 versions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-45059 |
CVE-2023-31217 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in MyTechTalky User Location and IP plugin <= 1.6 versions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-31217 |
CVE-2023-45067 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Ashish Ajani WordPress Simple HTML Sitemap plugin <= 2.1 versions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-45067 |
CVE-2023-45608 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Nicola Modugno Smart Cookie Kit plugin <= 2.3.1 versions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-45608 |
CVE-2023-45607 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Hector Cabrera WordPress Popular Posts plugin <= 6.3.2 versions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-45607 |
CVE-2023-45628 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in QROkes QR Twitter Widget plugin <= 0.2.3 versions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-45628 |
CVE-2023-5631 | \nRoundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcube_washtml.php behavior. This could allow a remote attacker\n\nto load arbitrary JavaScript code.\n\n\n\n\n\n\n\n | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5631 |
CVE-2023-5638 | The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wcj_image' shortcode in versions up to, and including, 7.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5638 |
CVE-2023-5639 | The Team Showcase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tmfshortcode' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5639 |
CVE-2023-43342 | Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Languages Menu component. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43342 |
CVE-2023-43344 | Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the SEO - Meta description parameter in the Pages Menu component. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43344 |
CVE-2023-43359 | Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Page Specific Metadata and Smarty data parameters in the Content Manager Menu component. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43359 |
CVE-2023-45279 | Yamcs 5.8.6 allows XSS (issue 1 of 2). It comes with a Bucket as its primary storage mechanism. Buckets allow for the upload of any file. There's a way to upload a display referencing a malicious JavaScript file to the bucket. The user can then open the uploaded display by selecting Telemetry from the menu and navigating to the display. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-45279 |
CVE-2023-45280 | Yamcs 5.8.6 allows XSS (issue 2 of 2). It comes with a Bucket as its primary storage mechanism. Buckets allow for the upload of any file. There's a way to upload an HTML file containing arbitrary JavaScript and then navigate to it. Once the user opens the file, the browser will execute the arbitrary JavaScript. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-45280 |
CVE-2023-45815 | ArchiveBox is an open source self-hosted web archiving system. Any users who are using the `wget` extractor and view the content it outputs. The impact is potentially severe if you are logged in to the ArchiveBox admin site in the same browser session and view an archived malicious page designed to target your ArchiveBox instance. Malicious Javascript could potentially act using your logged-in admin credentials and add/remove/modify snapshots, add/remove/modify ArchiveBox users, and generally do anything an admin user could do. The impact is less severe for non-logged-in users, as malicious Javascript cannot *modify* any archives, but it can still *read* all the other archived content by fetching the snapshot index and iterating through it. Because all of ArchiveBox's archived content is served from the same host and port as the admin panel, when archived pages are viewed the JS executes in the same context as all the other archived pages (and the admin panel), defeating most of the browser's usual CORS/CSRF security protections and leading to this issue. A patch is being developed in https://github.com/ArchiveBox/ArchiveBox/issues/239. As a mitigation for this issue would be to disable the wget extractor by setting `archivebox config --set SAVE_WGET=False`, ensure you are always logged out, or serve only a [static HTML version](https://github.com/ArchiveBox/ArchiveBox/wiki/Publishing-Your-Archive#2-export-and-host-it-as-static-html) of your archive. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-45815 |
CVE-2023-41893 | Home assistant is an open source home automation. The audit team’s analyses confirmed that the `redirect_uri` and `client_id` are alterable when logging in. Consequently, the code parameter utilized to fetch the `access_token` post-authentication will be sent to the URL specified in the aforementioned parameters. Since an arbitrary URL is permitted and `homeassistant.local` represents the preferred, default domain likely used and trusted by many users, an attacker could leverage this weakness to manipulate a user and retrieve account access. Notably, this attack strategy is plausible if the victim has exposed their Home Assistant to the Internet, since after acquiring the victim’s `access_token` the adversary would need to utilize it directly towards the instance to achieve any pertinent malicious actions. To achieve this compromise attempt, the attacker must send a link with a `redirect_uri` that they control to the victim’s own Home Assistant instance. In the eventuality the victim authenticates via said link, the attacker would obtain code sent to the specified URL in `redirect_uri`, which can then be leveraged to fetch an `access_token`. Pertinently, an attacker could increase the efficacy of this strategy by registering a near identical domain to `homeassistant.local`, which at first glance may appear legitimate and thereby obfuscate any malicious intentions. This issue has been addressed in version 2023.9.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-41893 |
CVE-2023-45394 | Stored Cross-Site Scripting (XSS) vulnerability in the Company field in the "Request a Quote" Section of Small CRM v3.0 allows an attacker to store and execute malicious javascript code in the Admin panel which leads to Admin account takeover. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-45394 |
CVE-2023-45471 | The QAD Search Server is vulnerable to Stored Cross-Site Scripting (XSS) in versions up to, and including, 1.0.0.315 due to insufficient checks on indexes. This makes it possible for unauthenticated attackers to create a new index and inject a malicious web script into its name, that will execute whenever a user accesses the search page. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-45471 |
CVE-2023-5613 | The Super Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tpsscode' shortcode in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5613 |
CVE-2023-5614 | The Theme Switcha plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'theme_switcha_list' shortcode in all versions up to, and including, 3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5614 |
CVE-2023-5668 | The WhatsApp Share Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'whatsapp' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5668 |
CVE-2023-2325 | Stored XSS Vulnerability in M-Files Classic Web versions before 23.10 and LTS Service Release Versions before 23.2 LTS SR4 and 23.8 LTS SR1allows attacker to execute script on users browser via stored HTML document.\n\n | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-2325 |
CVE-2023-4482 | The Auto Amazon Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the style parameter in versions up to, and including, 5.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-4482 |
CVE-2023-4919 | The iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `iframe` shortcode in versions up to, and including, 4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permission and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This was partially patched in version 4.6 and fully patched in version 4.7. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-4919 |
CVE-2023-5050 | The Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5050 |
CVE-2023-5071 | The Sitekit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'sitekit_iframe' shortcode in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5071 |
CVE-2023-5200 | The flowpaper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'flipbook' shortcode in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5200 |
CVE-2023-5308 | The Podcast Subscribe Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'podcast_subscribe' shortcode in versions up to, and including, 1.4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5308 |
CVE-2023-4961 | The Poptin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'poptin-form' shortcode in versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-4961 |
CVE-2023-5086 | The Copy Anything to Clipboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'copy' shortcode in versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5086 |
CVE-2023-5109 | The WP Mailto Links – Protect Email Addresses plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wpml_mailto' shortcode in versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This was partially patched in version 3.1.3 and fully patched in version 3.1.4. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5109 |
CVE-2023-5231 | The Magic Action Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 2.17.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5231 |
CVE-2023-5292 | The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'acfe_form' shortcode in versions up to, and including, 0.8.9.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5292 |
CVE-2023-5337 | The Contact form Form For All plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'formforall' shortcode in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5337 |
CVE-2023-5534 | The AI ChatBot plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.8.9 and 4.9.2. This is due to missing or incorrect nonce validation on the corresponding functions. This makes it possible for unauthenticated attackers to invoke those functions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5534 |
CVE-2023-5615 | The Skype Legacy Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'skype-status' shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5615 |
CVE-2023-5618 | The Modern Footnotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in versions up to, and including, 1.4.16 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5618 |
CVE-2023-5688 | Cross-site Scripting (XSS) - DOM in GitHub repository modoboa/modoboa prior to 2.2.2. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5688 |
CVE-2023-5689 | Cross-site Scripting (XSS) - DOM in GitHub repository modoboa/modoboa prior to 2.2.2. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5689 |
CVE-2023-43353 | Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the extra parameter in the news menu component. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43353 |
CVE-2023-43354 | Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Profiles parameter in the Extensions -MicroTiny WYSIWYG editor component. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43354 |
CVE-2023-43355 | Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the password and password again parameters in the My Preferences - Add user component. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43355 |
CVE-2023-43356 | Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Global Meatadata parameter in the Global Settings Menu component. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43356 |
CVE-2023-43357 | Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the Manage Shortcuts component. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43357 |
CVE-2023-43346 | Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Backend - Dashboard parameter in the Languages Menu component. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43346 |
CVE-2023-46003 | I-doit pro 25 and below is vulnerable to Cross Site Scripting (XSS) via index.php. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-46003 |
CVE-2023-46054 | Cross Site Scripting (XSS) vulnerability in WBCE CMS v.1.6.1 and before allows a remote attacker to escalate privileges via a crafted script to the website_footer parameter in the admin/settings/save.php component. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-46054 |
CVE-2023-5205 | The Add Custom Body Class plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'add_custom_body_class' value in versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5205 |
CVE-2023-43065 | \nDell Unity prior to 5.3 contains a Cross-site scripting vulnerability. A low-privileged authenticated attacker can exploit these issues to obtain escalated privileges.\n\n | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43065 |
CVE-2023-46127 | Frappe is a full-stack web application framework that uses Python and MariaDB on the server side and an integrated client side library. A malicious Frappe user with desk access could create documents containing HTML payloads allowing HTML Injection. This vulnerability has been patched in version 14.49.0. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-46127 |
CVE-2023-38722 | IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 262174. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-38722 |
CVE-2023-37636 | A stored cross-site scripting (XSS) vulnerability in UVDesk Community Skeleton v1.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Message field when creating a ticket. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-37636 |
CVE-2023-43358 | Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the News Menu component. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43358 |
CVE-2023-44760 | Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS v.9.2.1 allow an attacker to execute arbitrary code via a crafted script to the Header and Footer Tracking Codes of the SEO & Statistics. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-44760 |
CVE-2023-45998 | kodbox 1.44 is vulnerable to Cross Site Scripting (XSS). Customizing global HTML results in storing XSS. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-45998 |
CVE-2023-26577 | Stored cross-site scripting in the IDAttend’s IDWeb application 3.1.052 and earlier allows attackers to hijack the browsing session of the logged in user. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-26577 |
CVE-2023-43360 | Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Top Directory parameter in the File Picker Menu component. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43360 |
CVE-2023-45646 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Henryholtgeerts PDF Block plugin <= 1.1.0 versions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-45646 |
CVE-2023-45829 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in HappyBox Newsletter & Bulk Email Sender – Email Newsletter Plugin for WordPress plugin <= 2.0.1 versions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-45829 |
CVE-2023-30492 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Vark Minimum Purchase for WooCommerce plugin <= 2.0.0.1 versions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-30492 |
CVE-2023-46450 | Sourcecodester Free and Open Source inventory management system 1.0 is vulnerable to Cross Site Scripting (XSS) via the Add supplier function. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-46450 |
CVE-2023-46211 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Brainstorm Force Ultimate Addons for WPBakery Page Builder plugin <= 3.19.14 versions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-46211 |
CVE-2019-1003017 | A data modification vulnerability exists in Jenkins Job Import Plugin 3.0 and earlier in JobImportAction.java that allows attackers to copy jobs from a preconfigured other Jenkins instance, potentially installing additional plugins necessary to load the imported job's configuration. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003017 |
CVE-2019-10378 | Jenkins TestLink Plugin 3.16 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-10378 |
CVE-2019-10427 | Jenkins Aqua MicroScanner Plugin 1.0.7 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-10427 |
CVE-2019-16568 | Jenkins SCTMExecutor Plugin 2.2 and earlier transmits previously configured service credentials in plain text as part of the global configuration, as well as individual jobs' configurations. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-16568 |
CVE-2020-2101 | Jenkins 2.218 and earlier, LTS 2.204.1 and earlier did not use a constant-time comparison function for validating connection secrets, which could potentially allow an attacker to use a timing attack to obtain this secret. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2101 |
CVE-2020-2102 | Jenkins 2.218 and earlier, LTS 2.204.1 and earlier used a non-constant time comparison function when validating an HMAC. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2102 |
CVE-2020-2119 | Jenkins Azure AD Plugin 1.1.2 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2119 |
CVE-2020-2143 | Jenkins Logstash Plugin 2.3.1 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2143 |
CVE-2020-2149 | Jenkins Repository Connector Plugin 1.2.6 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2149 |
CVE-2020-2150 | Jenkins Sonar Quality Gates Plugin 1.3.1 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2150 |
CVE-2020-2151 | Jenkins Quality Gates Plugin 2.5 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2151 |
CVE-2020-2155 | Jenkins OpenShift Deployer Plugin 1.2.0 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2155 |
CVE-2020-2287 | Jenkins Audit Trail Plugin 3.6 and earlier applies pattern matching to a different representation of request URL paths than the Stapler web framework uses for dispatching requests, which allows attackers to craft URLs that bypass request logging of any target URL. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2287 |
CVE-2020-2288 | In Jenkins Audit Trail Plugin 3.6 and earlier, the default regular expression pattern could be bypassed in many cases by adding a suffix to the URL that would be ignored during request handling. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2288 |
CVE-2020-2323 | Jenkins Chaos Monkey Plugin 0.4 and earlier does not perform permission checks in an HTTP endpoint, allowing attackers with Overall/Read permission to access the Chaos Monkey page and to see the history of actions. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2323 |
CVE-2021-21609 | Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not correctly match requested URLs to the list of always accessible paths, allowing attackers without Overall/Read permission to access some URLs as if they did have Overall/Read permission. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-21609 |
CVE-2021-21615 | Jenkins 2.275 and LTS 2.263.2 allows reading arbitrary files using the file browser for workspaces and archived artifacts due to a time-of-check to time-of-use (TOCTOU) race condition. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-21615 |
CVE-2021-21621 | Jenkins Support Core Plugin 2.72 and earlier provides the serialized user authentication as part of the "About user (basic authentication details only)" information, which can include the session ID of the user creating the support bundle in some configurations. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-21621 |
CVE-2022-23106 | Jenkins Configuration as Code Plugin 1.55 and earlier used a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-23106 |
CVE-2022-25319 | An issue was discovered in Cerebrate through 1.4. Endpoints could be open even when not enabled. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-25319 |
CVE-2022-25320 | An issue was discovered in Cerebrate through 1.4. Username enumeration could occur. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-25320 |
CVE-2022-29047 | Jenkins Pipeline: Shared Groovy Libraries Plugin 564.ve62a_4eb_b_e039 and earlier, except 2.21.3, allows attackers able to submit pull requests (or equivalent), but not able to commit directly to the configured SCM, to effectively change the Pipeline behavior by changing the definition of a dynamically retrieved library in their pull request, even if the Pipeline is configured to not trust them. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-29047 |
CVE-2022-30949 | Jenkins REPO Plugin 1.14.0 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-30949 |
CVE-2022-36884 | The webhook endpoint in Jenkins Git Plugin 4.11.3 and earlier provide unauthenticated attackers information about the existence of jobs configured to use an attacker-specified Git repository. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-36884 |
CVE-2022-36885 | Jenkins GitHub Plugin 1.34.4 and earlier uses a non-constant time comparison function when checking whether the provided and computed webhook signatures are equal, allowing attackers to use statistical methods to obtain a valid webhook signature. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-36885 |
CVE-2022-2461 | The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient permissions checking on the 'tp_translation' AJAX action and default settings which makes it possible for unauthenticated attackers to influence the data shown on the site. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-2461 |
CVE-2022-41235 | Jenkins WildFly Deployer Plugin 1.0.2 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-41235 |
CVE-2022-41248 | Jenkins BigPanda Notifier Plugin 1.4.0 and earlier does not mask the BigPanda API key on the global configuration form, increasing the potential for attackers to observe and capture it. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-41248 |
CVE-2022-38398 | Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-38398 |
CVE-2022-38648 | Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-38648 |
CVE-2022-43410 | Jenkins Mercurial Plugin 1251.va_b_121f184902 and earlier provides information about which jobs were triggered or scheduled for polling through its webhook endpoint, including jobs the user has no permission to access. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-43410 |
CVE-2022-43411 | Jenkins GitLab Plugin 1.5.35 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-43411 |
CVE-2022-43412 | Jenkins Generic Webhook Trigger Plugin 1.84.1 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-43412 |
CVE-2022-43414 | Jenkins NUnit Plugin 0.27 and earlier implements an agent-to-controller message that parses files inside a user-specified directory as test results, allowing attackers able to control agent processes to obtain test results from files in an attacker-specified directory on the Jenkins controller. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-43414 |
CVE-2022-43421 | A missing permission check in Jenkins Tuleap Git Branch Source Plugin 3.2.4 and earlier allows unauthenticated attackers to trigger Tuleap projects whose configured repository matches the attacker-specified value. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-43421 |
CVE-2022-43422 | Jenkins Compuware Topaz Utilities Plugin 1.0.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-43422 |
CVE-2022-43423 | Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-43423 |
CVE-2022-43424 | Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-43424 |
CVE-2022-43426 | Jenkins S3 Explorer Plugin 1.0.8 and earlier does not mask the AWS_SECRET_ACCESS_KEY form field, increasing the potential for attackers to observe and capture it. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-43426 |
CVE-2022-43428 | Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-43428 |
CVE-2022-43434 | Jenkins NeuVector Vulnerability Scanner Plugin 1.20 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-43434 |
CVE-2022-43435 | Jenkins 360 FireLine Plugin 1.7.2 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-43435 |
CVE-2022-40292 | \nThe application allowed for Unauthenticated User Enumeration by interacting with an unsecured endpoint to retrieve information on each account within the system.\n\n | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-40292 |
CVE-2022-45389 | A missing permission check in Jenkins XP-Dev Plugin 1.0 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to an attacker-specified repository. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-45389 |
CVE-2022-39178 | \nWebvendome - webvendome Internal Server IP Disclosure.\nSend GET Request to the request which is shown in the picture.\nInternal Server IP and Full path disclosure. \n\n | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-39178 |
CVE-2022-43557 | The BD BodyGuard™ infusion pumps specified allow for access through the RS-232 (serial) port interface. If exploited, threat actors with physical access, specialized equipment and knowledge may be able to configure or disable the pump. No electronic protected health information (ePHI), protected health information (PHI) or personally identifiable information (PII) is stored in the pump. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-43557 |
CVE-2019-25099 | A vulnerability classified as critical was found in Arthmoor QSF-Portal. This vulnerability affects unknown code of the file index.php. The manipulation of the argument a leads to path traversal. The patch is identified as ea4f61e23ecb83247d174bc2e2cbab521c751a7d. It is recommended to apply a patch to fix this issue. VDB-217558 is the identifier assigned to this vulnerability. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-25099 |
CVE-2020-36647 | A vulnerability classified as critical has been found in YunoHost-Apps transmission_ynh. Affected is an unknown function of the file conf/nginx.conf. The manipulation leads to path traversal. The patch is identified as f136dfd44eda128129e5fd2d850a3a3c600e6a4a. It is recommended to apply a patch to fix this issue. VDB-217638 is the identifier assigned to this vulnerability. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-36647 |
CVE-2023-22943 | In Splunk Add-on Builder (AoB) versions below 4.1.2 and the Splunk CloudConnect SDK versions below 3.1.3, requests to third-party APIs through the REST API Modular Input incorrectly revert to using HTTP to connect after a failure to connect over HTTPS occurs. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-22943 |
CVE-2023-32675 | Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In contracts with more than one regular nonpayable function, it is possible to send funds to the default function, even if the default function is marked `nonpayable`. This applies to contracts compiled with vyper versions prior to 0.3.8. This issue was fixed by the removal of the global `calldatasize` check in commit `02339dfda`. Users are advised to upgrade to version 0.3.8. Users unable to upgrade should avoid use of nonpayable default functions. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-32675 |
CVE-2023-2541 | The Web Frontend of KNIME Business Hub before 1.4.0 allows an unauthenticated remote attacker to access internals about the application such as versions, host names, or IP addresses. No personal information or application data was exposed.\n\n\n\n | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-2541 |
CVE-2023-3817 | Issue summary: Checking excessively long DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_check(), DH_check_ex()\nor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\ndelays. Where the key or parameters that are being checked have been obtained\nfrom an untrusted source this may lead to a Denial of Service.\n\nThe function DH_check() performs various checks on DH parameters. After fixing\nCVE-2023-3446 it was discovered that a large q parameter value can also trigger\nan overly long computation during some of these checks. A correct q value,\nif present, cannot be larger than the modulus p parameter, thus it is\nunnecessary to perform these checks if q is larger than p.\n\nAn application that calls DH_check() and supplies a key or parameters obtained\nfrom an untrusted source could be vulnerable to a Denial of Service attack.\n\nThe function DH_check() is itself called by a number of other OpenSSL functions.\nAn application calling any of those other functions may similarly be affected.\nThe other functions affected by this are DH_check_ex() and\nEVP_PKEY_param_check().\n\nAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\nwhen using the "-check" option.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-3817 |
CVE-2023-20190 | A vulnerability in the classic access control list (ACL) compression feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass the protection that is offered by a configured ACL on an affected device.\r\n\r This vulnerability is due to incorrect destination address range encoding in the compression module of an ACL that is applied to an interface of an affected device. An attacker could exploit this vulnerability by sending traffic through the affected device that should be denied by the configured ACL. A successful exploit could allow the attacker to bypass configured ACL protections on the affected device, allowing the attacker to access trusted networks that the device might be protecting.\r\n\r There are workarounds that address this vulnerability.\r\n\r \r\n\r \r This advisory is part of the September 2023 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2023 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication . | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-20190 |
CVE-2023-41295 | Vulnerability of improper permission management in the displayengine module. Successful exploitation of this vulnerability may cause the screen to turn dim. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-41295 |
CVE-2023-44188 | \nA Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in telemetry processing of Juniper Networks Junos OS allows a network-based authenticated attacker to flood the system with multiple telemetry requests, causing the Junos Kernel Debugging Streaming Daemon (jkdsd) process to crash, leading to a Denial of Service (DoS). Continued receipt and processing of telemetry requests will repeatedly crash the jkdsd process and sustain the Denial of Service (DoS) condition.\n\nThis issue is seen on all Junos platforms. The crash is triggered when multiple telemetry requests come from different collectors. As the load increases, the Dynamic Rendering Daemon (drend) decides to defer processing and continue later, which results in a timing issue accessing stale memory, causing the jkdsd process to crash and restart.\n\nNote: jkdsd is not shipped with SRX Series devices and therefore are not affected by this vulnerability.\nThis issue affects:\n\nJuniper Networks Junos OS:\n\n\n\n * 20.4 versions prior to 20.4R3-S9;\n * 21.1 versions 21.1R1 and later;\n * 21.2 versions prior to 21.2R3-S6;\n * 21.3 versions prior to 21.3R3-S5;\n * 21.4 versions prior to 21.4R3-S5;\n * 22.1 versions prior to 22.1R3-S4;\n * 22.2 versions prior to 22.2R3-S2;\n * 22.3 versions prior to 22.3R2-S1, 22.3R3-S1;\n * 22.4 versions prior to 22.4R2-S2, 22.4R3;\n * 23.1 versions prior to 23.1R2;\n * 23.2 versions prior to 23.2R2.\n\n\n\n\nThis issue does not affect Juniper Networks Junos OS versions prior to 19.4R1.\n\n\n\n | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-44188 |
CVE-2023-22067 | Vulnerability in Oracle Java SE (component: CORBA). Supported versions that are affected are Oracle Java SE: 8u381 and 8u381-perf. Easily exploitable vulnerability allows unauthenticated attacker with network access via CORBA to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-22067 |
CVE-2023-22081 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8 and 21. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-22081 |
CVE-2023-45814 | Bunkum is an open-source protocol-agnostic request server for custom game servers. First, a little bit of background. So, in the beginning, Bunkum's `AuthenticationService` only supported injecting `IUser`s. However, as Refresh and SoundShapesServer implemented permissions systems support for injecting `IToken`s into endpoints was added. All was well until 4.0. Bunkum 4.0 then changed to enforce relations between `IToken`s and `IUser`s. This wasn't implemented in a very good way in the `AuthenticationService`, and ended up breaking caching in such a way that cached tokens would persist after the lifetime of the request - since we tried to cache both tokens and users. From that point until now, from what I understand, Bunkum was attempting to use that cached token at the start of the next request once cached. Naturally, when that token expired, downstream projects like Refresh would remove the object from Realm - and cause the object in the cache to be in a detached state, causing an exception from invalid use of `IToken.User`. So in other words, a use-after-free since Realm can't manage the lifetime of the cached token. Security-wise, the scope is fairly limited, can only be pulled off on a couple endpoints given a few conditions, and you can't guarantee which token you're going to get. Also, the token *would* get invalidated properly if the endpoint had either a `IToken` usage or a `IUser` usage. The fix is to just wipe the token cache after the request was handled, which is now in `4.2.1`. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-45814 |
CVE-2023-4645 | The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the ai_ajax function. This can allow unauthenticated attackers to extract sensitive data such as post titles and slugs (including those of protected posts along with their passwords), usernames, available roles, the plugin license key provided the remote debugging option is enabled. In the default state it is disabled. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-4645 |
CVE-2023-5254 | The ChatBot plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.8.9 via the qcld_wb_chatbot_check_user function. This can allow unauthenticated attackers to extract sensitive data including confirmation as to whether a user name exists on the site as well as order information for existing users. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-5254 |
CVE-2023-42666 | \n\n\n\n\n\n\n\n\n\n\n\n\nThe affected product is vulnerable to an exposure of sensitive information to an unauthorized actor vulnerability, which may allow an attacker to create malicious requests for obtaining the information of the version about the web server used.\n\n\n\n\n\n\n\n\n\n\n\n\n\n | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-42666 |
CVE-2023-30633 | An issue was discovered in TrEEConfigDriver in Insyde InsydeH2O with kernel 5.0 through 5.5. It can report false TPM PCR values, and thus mask malware activity. Devices use Platform Configuration Registers (PCRs) to record information about device and software configuration to ensure that the boot process is secure. (For example, Windows uses these PCR measurements to determine device health.) A vulnerable device can masquerade as a healthy device by extending arbitrary values into Platform Configuration Register (PCR) banks. This requires physical access to a target victim's device, or compromise of user credentials for a device. This issue is similar to CVE-2021-42299 (on Surface Pro devices). | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-30633 |
CVE-2023-45822 | Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which a default unsafe rego built-in was allowed to be used when defining authorization policies. Artifact Hub includes a fine-grained authorization mechanism that allows organizations to define what actions can be performed by their members. It is based on customizable authorization policies that are enforced by the `Open Policy Agent`. Policies are written using `rego` and their data files are expected to be json documents. By default, `rego` allows policies to make HTTP requests, which can be abused to send requests to internal resources and forward the responses to an external entity. In the context of Artifact Hub, this capability should have been disabled. This issue has been resolved in version `1.16.0`. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-45822 |
CVE-2023-39731 | The leakage of the client secret in Kaibutsunosato v13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-39731 |
CVE-2023-41894 | Home assistant is an open source home automation. The assessment verified that webhooks available in the webhook component are triggerable via the `*.ui.nabu.casa` URL without authentication, even when the webhook is marked as Only accessible from the local network. This issue is facilitated by the SniTun proxy, which sets the source address to 127.0.0.1 on all requests sent to the public URL and forwarded to the local Home Assistant. This issue has been addressed in version 2023.9.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-41894 |
CVE-2021-4353 | The WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to unauthenticated settings export in versions up to, and including, 2.4.1. This is due to missing authorization on the export() function which makes makes it possible for unauthenticated attackers to export the plugin's settings. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-4353 |
CVE-2022-4943 | The miniOrange's Google Authenticator plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when changing plugin settings in versions up to, and including, 5.6.5. This makes it possible for unauthenticated attackers to change the plugin's settings. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-4943 |
CVE-2023-3869 | The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the voteOnComment function in versions up to, and including, 7.6.3. This makes it possible for unauthenticated attackers to increase or decrease the rating of a comment. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-3869 |
CVE-2023-3998 | The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the userRate function in versions up to, and including, 7.6.3. This makes it possible for unauthenticated attackers to increase or decrease the rating of a post. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-3998 |
CVE-2023-4939 | The SALESmanago plugin for WordPress is vulnerable to Log Injection in versions up to, and including, 3.2.4. This is due to the use of a weak authentication token for the /wp-json/salesmanago/v1/callbackApiV3 API endpoint which is simply a SHA1 hash of the site URL and client ID found in the page source of the website. This makes it possible for unauthenticated attackers to inject arbitrary content into the log files, and when combined with another vulnerability this could have significant consequences. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-4939 |
CVE-2023-28804 | An Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows replacing binaries.This issue affects Linux Client Connector: before 1.4.0.105 | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-28804 |
CVE-2023-26579 | Missing authentication in the DeleteStaff method in IDAttend’s IDWeb application 3.1.013 allows deletion of staff information by unauthenticated attackers. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-26579 |
CVE-2023-27256 | Missing authentication in the GetLogFiles method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of sensitive log files by unauthenticated attackers. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-27256 |
CVE-2023-41339 | GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The WMS specification defines an ``sld=<url>`` parameter for GetMap, GetLegendGraphic and GetFeatureInfo operations for user supplied "dynamic styling". Enabling the use of dynamic styles, without also configuring URL checks, provides the opportunity for Service Side Request Forgery. This vulnerability can be used to steal user NetNTLMv2 hashes which could be relayed or cracked externally to gain further access. This vulnerability has been patched in versions 2.22.5 and 2.23.2. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-41339 |
CVE-2023-41721 | Instances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are versions 7.5.176. and earlier, implement device adoption with improper access control logic, creating a risk of access to device configuration information by a malicious actor with preexisting access to the network.\n\nAffected Products:\nUDM\nUDM-PRO\nUDM-SE\nUDR\nUDW\n \nMitigation:\nUpdate UniFi Network to Version 7.5.187 or later.\n | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-41721 |
CVE-2023-43340 | Cross-site scripting (XSS) vulnerability in evolution v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected into the cmsadmin, cmsadminemail, cmspassword and cmspasswordconfim parameters | 5.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-43340 |
CVE-2019-10363 | Jenkins Configuration as Code Plugin 1.24 and earlier did not reliably identify sensitive values expected to be exported in their encrypted form. | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2019-10363 |
CVE-2022-2943 | The WordPress Infinite Scroll – Ajax Load More plugin for Wordpress is vulnerable to arbitrary file reading in versions up to, and including, 5.5.3 due to insufficient file path validation on the alm_repeaters_export() function. This makes it possible for authenticated attackers, with administrative privileges, to download arbitrary files hosted on the server that may contain sensitive content, such as the wp-config.php file. | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2022-2943 |
CVE-2022-40295 | \nThe application was vulnerable to an authenticated information disclosure, allowing administrators to view unsalted user passwords, which could lead to the compromise of plaintext passwords via offline attacks.\n\n | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2022-40295 |
CVE-2023-21920 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-21920 |
CVE-2023-21933 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-21933 |
CVE-2023-21935 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-21935 |
CVE-2023-21945 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-21945 |
CVE-2023-21955 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-21955 |
CVE-2023-21962 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-21962 |
CVE-2023-22008 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-22008 |
CVE-2023-22046 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-22046 |
CVE-2023-26141 | Versions of the package sidekiq before 7.1.3 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file. An attacker can exploit this vulnerability by manipulating the localStorage value which will cause excessive polling requests. | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-26141 |
CVE-2023-45129 | Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Prior to version 1.94.0, a malicious server ACL event can impact performance temporarily or permanently leading to a persistent denial of service. Homeservers running on a closed federation (which presumably do not need to use server ACLs) are not affected. Server administrators are advised to upgrade to Synapse 1.94.0 or later. As a workaround, rooms with malicious server ACL events can be purged and blocked using the admin API. | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-45129 |
CVE-2023-22015 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.42 and prior and 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-22015 |
CVE-2023-22026 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.42 and prior and 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-22026 |
CVE-2023-22028 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.43 and prior and 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-22028 |
CVE-2023-22032 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-22032 |
CVE-2023-22064 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-22064 |
CVE-2023-22065 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-22065 |
CVE-2023-22066 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-22066 |
CVE-2023-22068 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-22068 |
CVE-2023-22070 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-22070 |
CVE-2023-22078 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-22078 |
CVE-2023-22084 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.43 and prior, 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-22084 |
CVE-2023-22092 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-22092 |
CVE-2023-22097 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-22097 |
CVE-2023-22103 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-22103 |
CVE-2023-22104 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-22104 |
CVE-2023-22110 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-22110 |
CVE-2023-22111 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-22111 |
CVE-2023-22112 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-22112 |
CVE-2023-22114 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-22114 |
CVE-2023-22115 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-22115 |
CVE-2023-29973 | Pfsense CE version 2.6.0 is vulnerable to No rate limit which can lead to an attacker creating multiple malicious users in firewall. | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-29973 |
CVE-2023-42031 | IBM TXSeries for Multiplatforms, 8.1, 8.2, and 9.1, CICS TX Standard CICS TX Advanced 10.1 and 11.1 could allow a privileged user to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 266016. | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-42031 |
CVE-2019-1003014 | An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/lib/configfiles/configfiles.jelly that allows attackers with permission to define shared configuration files to execute arbitrary JavaScript when a user attempts to delete the shared configuration file. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003014 |
CVE-2019-10383 | A stored cross-site scripting vulnerability in Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed attackers with Overall/Administer permission to configure the update site URL to inject arbitrary HTML and JavaScript in update center web pages. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10383 |
CVE-2019-10406 | Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not restrict or filter values set as Jenkins URL in the global configuration, resulting in a stored XSS vulnerability exploitable by attackers with Overall/Administer permission. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10406 |
CVE-2020-2137 | Jenkins Timestamper Plugin 1.11.1 and earlier does not sanitize HTML formatting of its output, resulting in a stored XSS vulnerability exploitable by attackers with Overall/Administer permission. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2137 |
CVE-2020-2205 | Jenkins VncRecorder Plugin 1.25 and earlier does not escape a tool path in the `checkVncServ` form validation endpoint, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by Jenkins administrators. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2205 |
CVE-2020-2252 | Jenkins Mailer Plugin 1.32 and earlier does not perform hostname validation when connecting to the configured SMTP server. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2252 |
CVE-2020-2253 | Jenkins Email Extension Plugin 2.75 and earlier does not perform hostname validation when connecting to the configured SMTP server. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2253 |
CVE-2020-27218 | In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the application, then a subsequent request on the same connection will see that body prepended to its body. The attacker will not see any data but may inject data into the body of the subsequent request. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-27218 |
CVE-2022-23110 | Jenkins Publish Over SSH Plugin 1.22 and earlier does not escape the SSH server name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-23110 |
CVE-2022-25202 | Jenkins Promoted Builds (Simple) Plugin 1.9 and earlier does not escape the name of custom promotion levels, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25202 |
CVE-2022-27200 | Jenkins Folder-based Authorization Strategy Plugin 1.3 and earlier does not escape the names of roles shown on the configuration form, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-27200 |
CVE-2022-27207 | Jenkins global-build-stats Plugin 1.5 and earlier does not escape multiple fields in the chart configuration on the 'Global Build Stats' page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-27207 |
CVE-2022-29532 | An issue was discovered in MISP before 2.4.158. There is XSS in the cerebrate view if one administrator puts a javascript\: URL in the URL field, and another administrator clicks on it. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-29532 |
CVE-2018-25085 | A vulnerability classified as problematic was found in Responsive Menus 7.x-1.x-dev on Drupal. Affected by this vulnerability is the function responsive_menus_admin_form_submit of the file responsive_menus.module of the component Configuration Setting Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 7.x-1.7 is able to address this issue. The patch is named 3c554b31d32a367188f44d44857b061eac949fb8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-227755. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-25085 |
CVE-2023-22091 | Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.8 and 21. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GraalVM for JDK accessible data as well as unauthorized read access to a subset of Oracle GraalVM for JDK accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22091 |
CVE-2023-45008 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPJohnny Comment Reply Email plugin <= 1.0.3 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45008 |
CVE-2023-5621 | The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Title field in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5621 |
CVE-2023-45051 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Image vertical reel scroll slideshow plugin <= 9.0 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45051 |
CVE-2023-45056 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in 100plugins Open User Map plugin <= 1.3.26 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45056 |
CVE-2023-45057 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Hitsteps Web Analytics plugin <= 5.86 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45057 |
CVE-2023-45072 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kardi Order auto complete for WooCommerce plugin <= 1.2.0 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45072 |
CVE-2023-45073 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Michael Koch Mendeley Plugin plugin <= 1.3.2 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45073 |
CVE-2023-45604 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Scott Reilly Get Custom Field Values plugin <= 4.0.1 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45604 |
CVE-2022-4954 | The Waiting: One-click countdowns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown name in versions up to, and including, 0.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-4954 |
CVE-2023-4271 | The Photospace Responsive plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘psres_button_size’ parameter in versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4271 |
CVE-2023-4968 | The WPLegalPages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wplegalpage' shortcode in versions up to, and including, 2.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with author-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4968 |
CVE-2023-5120 | The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image file path parameter in versions up to, and including, 0.9.89 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5120 |
CVE-2023-3996 | The ARMember Lite - Membership Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 4.0.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-3996 |
CVE-2023-4021 | The Modern Events Calendar lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Google API key and Calendar ID in versions up to, but not including, 7.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4021 |
CVE-2023-4648 | The WP Customer Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4648 |
CVE-2023-5121 | The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings (the backup path parameter) in versions up to, and including, 0.9.89 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5121 |
CVE-2023-27148 | A stored cross-site scripting (XSS) vulnerability in the Admin panel in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Role Name parameter. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27148 |
CVE-2023-27149 | A stored cross-site scripting (XSS) vulnerability in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Label input parameter when updating a custom list. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27149 |
CVE-2023-33840 | IBM Security Verify Governance 10.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 256037. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-33840 |
CVE-2023-46058 | Cross Site Scripting (XSS) vulnerability in Geeklog-Core geeklog v.2.2.2 allows a remote attacker to execute arbitrary code via a crafted payload to the grp_desc parameter of the admin/group.php component. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46058 |
CVE-2023-46059 | Cross Site Scripting (XSS) vulnerability in Geeklog-Core geeklog v.2.2.2 allows a remote attacker to execute arbitrary code via a crafted payload to the Service, and website URL to Ping parameters of the admin/trackback.php component. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46059 |
CVE-2023-25032 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Print, PDF, Email by PrintFriendly plugin <= 5.5.1 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25032 |
CVE-2023-39924 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mitchell Bennis Simple File List plugin <= 6.1.9 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-39924 |
CVE-2023-45644 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Anurag Deshmukh CPT Shortcode Generator plugin <= 1.0 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45644 |
CVE-2023-45747 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Syed Balkhi WP Lightbox 2 plugin <= 3.0.6.5 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45747 |
CVE-2023-45754 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Easy Testimonial Slider and Form plugin <= 1.0.18 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45754 |
CVE-2023-45755 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in BuddyBoss BuddyPress Global Search plugin <= 1.2.1 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45755 |
CVE-2023-45758 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marco Milesi Amministrazione Trasparente plugin <= 8.0.2 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45758 |
CVE-2023-45764 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Scroll post excerpt plugin <= 8.0 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45764 |
CVE-2023-45767 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wokamoto Simple Tweet plugin <= 1.4.0.2 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45767 |
CVE-2023-45768 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Stephanie Leary Next Page plugin <= 1.5.2 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45768 |
CVE-2023-32116 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in TotalPress.Org Custom post types, Custom Fields & more plugin <= 4.0.12 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-32116 |
CVE-2023-46200 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Stephen Darlington, Wandle Software Limited Smart App Banner plugin <= 1.1.3 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46200 |
CVE-2021-26737 | The Zscaler Client Connector for macOS prior to 3.6 did not sufficiently validate RPC clients. A local adversary without sufficient privileges may be able to shutdown the Zscaler tunnel by exploiting a race condition.\n\n\n | 4.7 | https://nvd.nist.gov/vuln/detail/CVE-2021-26737 |
CVE-2021-21616 | Jenkins Active Choices Plugin 2.5.2 and earlier does not escape reference parameter values, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | 4.6 | https://nvd.nist.gov/vuln/detail/CVE-2021-21616 |
CVE-2023-22109 | Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Web Dashboards). Supported versions that are affected are 6.4.0.0.0, 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 4.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N). | 4.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-22109 |
CVE-2021-25284 | An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level. | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-25284 |
CVE-2023-21940 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.32 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-21940 |
CVE-2023-3212 | A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure after it has been freed and set to NULL. A privileged local user could use this flaw to cause a kernel panic. | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-3212 |
CVE-2023-22005 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-22005 |
CVE-2023-22033 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-22033 |
CVE-2023-3772 | A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in xfrm_update_ae_params(), leading to a possible kernel crash and denial of service. | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-3772 |
CVE-2023-3773 | A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to cause a 4 byte out-of-bounds read of XFRMA_MTIMER_THRESH when parsing netlink attributes, leading to potential leakage of sensitive heap data to userspace. | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-3773 |
CVE-2022-44730 | Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16.\n\nA malicious SVG can probe user profile / data and send it directly as parameter to a URL.\n\n | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-44730 |
CVE-2022-0353 | \nA denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to \n\n1.3.1.2\n\n and \n\nLenovo Diagnostics versions prior to 4.45\n\n that could allow a local user with administrative access to trigger a system crash.\n\n | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-0353 |
CVE-2022-3698 | \nA denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to \n\n1.3.1.2\n\n and \n\nLenovo Diagnostics versions prior to 4.45\n\n that could allow a local user with administrative access to trigger a system crash.\n\n | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-3698 |
CVE-2019-1003018 | An exposure of sensitive information vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm/config.jelly that allows attackers able to view a Jenkins administrator's web browser output, or control the browser (e.g. malicious extension) to retrieve the configured client secret. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003018 |
CVE-2019-1003020 | A server-side request forgery vulnerability exists in Jenkins Kanboard Plugin 1.5.10 and earlier in KanboardGlobalConfiguration.java that allows attackers with Overall/Read permission to submit a GET request to an attacker-specified URL. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003020 |
CVE-2019-1003021 | An exposure of sensitive information vulnerability exists in Jenkins OpenId Connect Authentication Plugin 1.4 and earlier in OicSecurityRealm/config.jelly that allows attackers able to view a Jenkins administrator's web browser output, or control the browser (e.g. malicious extension) to retrieve the configured client secret. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003021 |
CVE-2019-1003026 | A server-side request forgery vulnerability exists in Jenkins Mattermost Notification Plugin 2.6.2 and earlier in MattermostNotifier.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified Mattermost server and room and send a message. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003026 |
CVE-2019-1003027 | A server-side request forgery vulnerability exists in Jenkins OctopusDeploy Plugin 1.8.1 and earlier in OctopusDeployPlugin.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified URL and obtain the HTTP response code if successful, and exception error message otherwise. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003027 |
CVE-2019-1003028 | A server-side request forgery vulnerability exists in Jenkins JMS Messaging Plugin 1.1.1 and earlier in SSLCertificateAuthenticationMethod.java, UsernameAuthenticationMethod.java that allows attackers with Overall/Read permission to have Jenkins connect to a JMS endpoint. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003028 |
CVE-2019-1003035 | An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgentTemplate.java, src/main/java/com/microsoft/azure/vmagent/AzureVMCloud.java that allows attackers with Overall/Read permission to perform the 'verify configuration' form validation action, thereby obtaining limited information about the Azure configuration. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003035 |
CVE-2019-1003036 | A data modification vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgent.java that allows attackers with Overall/Read permission to attach a public IP address to an Azure VM agent. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003036 |
CVE-2019-10312 | A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doFillTowerCredentialsIdItems method allowed attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-10312 |
CVE-2019-10319 | A missing permission check in Jenkins PAM Authentication Plugin 1.5 and earlier, except 1.4.1 in PamSecurityRealm.DescriptorImpl#doTest allowed users with Overall/Read permission to obtain limited information about the file /etc/shadow and the user Jenkins is running as. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-10319 |
CVE-2019-10320 | Jenkins Credentials Plugin 2.1.18 and earlier allowed users with permission to create or update credentials to confirm the existence of files on the Jenkins master with an attacker-specified path, and obtain the certificate content of files containing a PKCS#12 certificate. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-10320 |
CVE-2019-10321 | A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and earlier in ArtifactoryBuilder.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-10321 |
CVE-2019-10322 | A missing permission check in Jenkins Artifactory Plugin 3.2.2 and earlier in ArtifactoryBuilder.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-10322 |
CVE-2019-10323 | A missing permission check in Jenkins Artifactory Plugin 3.2.3 and earlier in various 'fillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-10323 |
CVE-2019-10326 | A cross-site request forgery vulnerability in Jenkins Warnings NG Plugin 5.0.0 and earlier allowed attackers to reset warning counts for future builds. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-10326 |
CVE-2019-10331 | A cross-site request forgery vulnerability in Jenkins ElectricFlow Plugin 1.1.5 and earlier in Configuration#doTestConnection allowed attackers to connect to an attacker-specified URL using attacker-specified credentials. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-10331 |
CVE-2019-10332 | A missing permission check in Jenkins ElectricFlow Plugin 1.1.5 and earlier in Configuration#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-10332 |
CVE-2019-10333 | Missing permission checks in Jenkins ElectricFlow Plugin 1.1.5 and earlier in various HTTP endpoints allowed users with Overall/Read access to obtain information about the Jenkins ElectricFlow Plugin configuration and configuration of connected ElectricFlow instances. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-10333 |
CVE-2019-10342 | A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in various 'fillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-10342 |
CVE-2019-10354 | A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-10354 |
CVE-2019-10344 | Missing permission checks in Jenkins Configuration as Code Plugin 1.24 and earlier in various HTTP endpoints allowed users with Overall/Read access to access the generated schema and documentation for this plugin containing detailed information about installed plugins. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-10344 |
CVE-2019-10357 | A missing permission check in Jenkins Pipeline: Shared Groovy Libraries Plugin 2.14 and earlier allowed users with Overall/Read access to obtain limited information about the content of SCM repositories referenced by global libraries. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-10357 |
CVE-2019-10365 | Jenkins Google Kubernetes Engine Plugin 0.6.2 and earlier created a temporary file containing a temporary access token in the project workspace, where it could be accessed by users with Job/Read permission. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-10365 |
CVE-2019-10377 | A missing permission check in Jenkins Avatar Plugin 1.2 and earlier allows attackers with Overall/Read access to change the avatar of any user of Jenkins. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-10377 |
CVE-2019-10388 | A cross-site request forgery vulnerability in Jenkins Relution Enterprise Appstore Publisher Plugin 1.24 and earlier allows attackers to have Jenkins initiate an HTTP connection to an attacker-specified server. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-10388 |
CVE-2019-10389 | A missing permission check in Jenkins Relution Enterprise Appstore Publisher Plugin 1.24 and earlier allows attackers to have Jenkins initiate an HTTP connection to an attacker-specified server. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-10389 |
CVE-2019-10408 | A cross-site request forgery vulnerability in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers to trigger project generation from templates. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-10408 |
CVE-2019-10409 | A missing permission check in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers with Overall/Read permission to trigger project generation from templates. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-10409 |
CVE-2019-10421 | Jenkins Azure Event Grid Build Notifier Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-10421 |
CVE-2019-10439 | A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier in various 'doFillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-10439 |
CVE-2019-10441 | A cross-site request forgery vulnerability in Jenkins iceScrum Plugin 1.1.5 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-10441 |
CVE-2019-10442 | A missing permission check in Jenkins iceScrum Plugin 1.1.5 and earlier allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-10442 |
CVE-2019-10445 | A missing permission check in Jenkins Google Kubernetes Engine Plugin 0.7.0 and earlier allowed attackers with Overall/Read permission to obtain limited information about the scope of a credential with an attacker-specified credentials ID. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-10445 |
CVE-2019-10447 | Jenkins Sofy.AI Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-10447 |
CVE-2019-10451 | Jenkins SOASTA CloudTest Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-10451 |
CVE-2019-10452 | Jenkins View26 Test-Reporting Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-10452 |
CVE-2019-10454 | A cross-site request forgery vulnerability in Jenkins Rundeck Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-10454 |
CVE-2019-10455 | A missing permission check in Jenkins Rundeck Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-10455 |
CVE-2019-10456 | A cross-site request forgery vulnerability in Jenkins Oracle Cloud Infrastructure Compute Classic Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-10456 |
CVE-2019-10457 | A missing permission check in Jenkins Oracle Cloud Infrastructure Compute Classic Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-10457 |
CVE-2019-10465 | A missing permission check in Jenkins Deploy WebLogic Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials, or determine whether a file or directory with an attacker-specified path exists on the Jenkins master file system. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-10465 |
CVE-2019-10473 | A missing permission check in Jenkins Libvirt Slaves Plugin in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-10473 |
CVE-2019-10474 | A missing permission check in Jenkins Global Post Script Plugin in allowed users with Overall/Read access to list the scripts available to the plugin stored on the Jenkins master file system. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-10474 |
CVE-2019-16547 | Missing permission checks in various API endpoints in Jenkins Google Compute Engine Plugin 4.1.1 and earlier allow attackers with Overall/Read permission to obtain limited information about the plugin configuration and environment. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-16547 |
CVE-2019-16554 | A missing permission check in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers with Overall/Read permission to have Jenkins evaluate a computationally expensive regular expression. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-16554 |
CVE-2019-16567 | A missing permission check in Jenkins Team Concert Plugin 1.3.0 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-16567 |
CVE-2019-16569 | A cross-site request forgery vulnerability in Jenkins Mantis Plugin 0.26 and earlier allows attackers to connect to an attacker-specified web server using attacker-specified credentials. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-16569 |
CVE-2019-16571 | A missing permission check in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-16571 |
CVE-2020-2094 | A missing permission check in Jenkins Health Advisor by CloudBees Plugin 3.0 and earlier allows attackers with Overall/Read permission to send a fixed email to an attacker-specific recipient. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2094 |
CVE-2020-2095 | Jenkins Redgate SQL Change Automation Plugin 2.0.4 and earlier stored an API key unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2095 |
CVE-2020-2104 | Jenkins 2.218 and earlier, LTS 2.204.1 and earlier allowed users with Overall/Read access to view a JVM memory usage chart. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2104 |
CVE-2020-2107 | Jenkins Fortify Plugin 19.1.29 and earlier stores proxy server passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2107 |
CVE-2020-2117 | A missing permission check in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2117 |
CVE-2020-2118 | A missing permission check in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2118 |
CVE-2020-2124 | Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2124 |
CVE-2020-2125 | Jenkins Debian Package Builder Plugin 1.6.11 and earlier stores a GPG passphrase unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2125 |
CVE-2020-2126 | Jenkins DigitalOcean Plugin 1.1 and earlier stores a token unencrypted in the global config.xml file on the Jenkins master where it can be viewed by users with access to the master file system. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2126 |
CVE-2020-2127 | Jenkins BMC Release Package and Deployment Plugin 1.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2127 |
CVE-2020-2128 | Jenkins ECX Copy Data Management Plugin 1.9 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2128 |
CVE-2020-2141 | A cross-site request forgery vulnerability in Jenkins P4 Plugin 1.10.10 and earlier allows attackers to trigger builds or add a labels in Perforce. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2141 |
CVE-2020-2142 | A missing permission check in Jenkins P4 Plugin 1.10.10 and earlier allows attackers with Overall/Read permission to trigger builds. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2142 |
CVE-2020-2147 | A cross-site request forgery vulnerability in Jenkins Mac Plugin 1.1.0 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2147 |
CVE-2020-2148 | A missing permission check in Jenkins Mac Plugin 1.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2148 |
CVE-2020-2153 | Jenkins Backlog Plugin 2.4 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2153 |
CVE-2020-2156 | Jenkins DeployHub Plugin 8.0.14 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2156 |
CVE-2020-2157 | Jenkins Skytap Cloud CI Plugin 2.07 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2157 |
CVE-2020-2177 | Jenkins Copr Plugin 0.3 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2177 |
CVE-2020-2182 | Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets containing a `$` character in some circumstances. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2182 |
CVE-2020-2184 | A cross-site request forgery vulnerability in Jenkins CVS Plugin 2.15 and earlier allows attackers to create and manipulate tags, and to connect to an attacker-specified URL. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2184 |
CVE-2020-2186 | A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.50.1 and earlier allows attackers to provision instances. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2186 |
CVE-2020-2188 | A missing permission check in Jenkins Amazon EC2 Plugin 1.50.1 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2188 |
CVE-2020-2191 | Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier does not check permissions on API endpoints that allow adding and removing agent labels. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2191 |
CVE-2020-2197 | Jenkins Project Inheritance Plugin 19.08.02 and earlier does not require users to have Job/ExtendedRead permission to access Inheritance Project job configurations in XML format. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2197 |
CVE-2020-2202 | A missing permission check in Jenkins Fortify on Demand Plugin 6.0.0 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2202 |
CVE-2020-2203 | A cross-site request forgery vulnerability in Jenkins Fortify on Demand Plugin 5.0.1 and earlier allows attackers to connect to the globally configured Fortify on Demand endpoint using attacker-specified credentials IDs. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2203 |
CVE-2020-2208 | Jenkins Slack Upload Plugin 1.7 and earlier stores a secret unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2208 |
CVE-2020-2209 | Jenkins TestComplete support Plugin 2.4.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2209 |
CVE-2020-2210 | Jenkins Stash Branch Parameter Plugin 0.3.0 and earlier transmits configured passwords in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2210 |
CVE-2020-2212 | Jenkins GitHub Coverage Reporter Plugin 1.8 and earlier stores secrets unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system or read permissions on the system configuration. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2212 |
CVE-2020-2213 | Jenkins White Source Plugin 19.1.1 and earlier stores credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission (config.xml), or access to the master file system. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2213 |
CVE-2020-2215 | A cross-site request forgery vulnerability in Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified username and password. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2215 |
CVE-2020-2216 | A missing permission check in Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified username and password. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2216 |
CVE-2020-2237 | A cross-site request forgery (CSRF) vulnerability in Jenkins Flaky Test Handler Plugin 1.0.4 and earlier allows attackers to rebuild a project at a previous git revision. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2237 |
CVE-2020-2239 | Jenkins Parameterized Remote Trigger Plugin 3.1.3 and earlier stores a secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2239 |
CVE-2020-2251 | Jenkins SoapUI Pro Functional Testing Plugin 1.5 and earlier transmits project passwords in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2251 |
CVE-2020-2255 | A missing permission check in Jenkins Blue Ocean Plugin 1.23.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2255 |
CVE-2020-2258 | Jenkins Health Advisor by CloudBees Plugin 3.2.0 and earlier does not correctly perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to view that HTTP endpoint. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2258 |
CVE-2020-2260 | A missing permission check in Jenkins Perfecto Plugin 1.17 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2260 |
CVE-2020-2267 | A missing permission check in Jenkins MongoDB Plugin 1.3 and earlier allows attackers with Overall/Read permission to gain access to some metadata of any arbitrary files on the Jenkins controller. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2267 |
CVE-2020-2272 | A missing permission check in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2272 |
CVE-2020-2273 | A cross-site request forgery (CSRF) vulnerability in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2273 |
CVE-2020-2282 | Jenkins Implied Labels Plugin 0.6 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to configure the plugin. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2282 |
CVE-2020-2285 | A missing permission check in Jenkins Liquibase Runner Plugin 1.4.7 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2285 |
CVE-2020-2296 | A cross-site request forgery (CSRF) vulnerability in Jenkins Shared Objects Plugin 0.44 and earlier allows attackers to configure shared objects. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2296 |
CVE-2020-2302 | A missing permission check in Jenkins Active Directory Plugin 2.19 and earlier allows attackers with Overall/Read permission to access the domain health check diagnostic page. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2302 |
CVE-2020-2303 | A cross-site request forgery (CSRF) vulnerability in Jenkins Active Directory Plugin 2.19 and earlier allows attackers to perform connection tests, connecting to attacker-specified or previously configured Active Directory servers using attacker-specified credentials. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2303 |
CVE-2020-2306 | A missing permission check in Jenkins Mercurial Plugin 2.11 and earlier allows attackers with Overall/Read permission to obtain a list of names of configured Mercurial installations. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2306 |
CVE-2020-2307 | Jenkins Kubernetes Plugin 1.27.3 and earlier allows low-privilege users to access possibly sensitive Jenkins controller environment variables. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2307 |
CVE-2020-2308 | A missing permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to list global pod template names. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2308 |
CVE-2020-2309 | A missing/An incorrect permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2309 |
CVE-2020-2310 | Missing permission checks in Jenkins Ansible Plugin 1.0 and earlier allow attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2310 |
CVE-2020-2311 | A missing permission check in Jenkins AWS Global Configuration Plugin 1.5 and earlier allows attackers with Overall/Read permission to replace the global AWS configuration. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2311 |
CVE-2020-2313 | A missing permission check in Jenkins Azure Key Vault Plugin 2.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2313 |
CVE-2021-21606 | Jenkins 2.274 and earlier, LTS 2.263.1 and earlier improperly validates the format of a provided fingerprint ID when checking for its existence allowing an attacker to check for the existence of XML files with a short path. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-21606 |
CVE-2021-21620 | A cross-site request forgery (CSRF) vulnerability in Jenkins Claim Plugin 2.18.1 and earlier allows attackers to change claims. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-21620 |
CVE-2021-21624 | An incorrect permission check in Jenkins Role-based Authorization Strategy Plugin 3.1 and earlier allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read permission for parent folders. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-21624 |
CVE-2021-21625 | Jenkins CloudBees AWS Credentials Plugin 1.28 and earlier does not perform a permission check in a helper method for HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins in some circumstances. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-21625 |
CVE-2021-21626 | Jenkins Warnings Next Generation Plugin 8.4.4 and earlier does not perform a permission check in methods implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace contents. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-21626 |
CVE-2021-21631 | Jenkins Cloud Statistics Plugin 0.26 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission and knowledge of random activity IDs to view related provisioning exception error messages. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-21631 |
CVE-2021-21636 | A missing permission check in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-21636 |
CVE-2021-21639 | Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not validate the type of object created after loading the data submitted to the `config.xml` REST API endpoint of a node, allowing attackers with Computer/Configure permission to replace a node with one of a different type. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-21639 |
CVE-2021-21640 | Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not properly check that a newly created view has an allowed name, allowing attackers with View/Create permission to create views with invalid or already-used names. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-21640 |
CVE-2021-21641 | A cross-site request forgery (CSRF) vulnerability in Jenkins promoted builds Plugin 3.9 and earlier allows attackers to to promote builds. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-21641 |
CVE-2021-21645 | Jenkins Config File Provider Plugin 3.7.0 and earlier does not perform permission checks in several HTTP endpoints, attackers with Overall/Read permission to enumerate configuration file IDs. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-21645 |
CVE-2021-21647 | Jenkins CloudBees CD Plugin 1.1.21 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Item/Read permission to schedule builds of projects without having Item/Build permission. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-21647 |
CVE-2021-21650 | Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform Run/Artifacts permission checks in various HTTP endpoints and API models, allowing attackers with Item/Read permission to obtain information about artifacts uploaded to S3, if the optional Run/Artifacts permission is enabled. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-21650 |
CVE-2021-21651 | Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain the list of configured profiles. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-21651 |
CVE-2021-21653 | Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier does not perform a permission check in an HTTP endpoint, allowing with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-21653 |
CVE-2021-21654 | Jenkins P4 Plugin 1.11.4 and earlier does not perform permission checks in multiple HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified Perforce server using attacker-specified username and password. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-21654 |
CVE-2021-21661 | Jenkins Kubernetes CLI Plugin 1.10.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-21661 |
CVE-2021-21662 | A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-21662 |
CVE-2021-21663 | A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 7.5.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-21663 |
CVE-2021-21670 | Jenkins 2.299 and earlier, LTS 2.289.1 and earlier allows users to cancel queue items and abort builds of jobs for which they have Item/Cancel permission even when they do not have Item/Read permission. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-21670 |
CVE-2021-21672 | Jenkins Selenium HTML report Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-21672 |
CVE-2021-21674 | A missing permission check in Jenkins requests-plugin Plugin 2.2.6 and earlier allows attackers with Overall/Read permission to view the list of pending requests. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-21674 |
CVE-2021-21676 | Jenkins requests-plugin Plugin 2.2.7 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to send test emails to an attacker-specified email address. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-21676 |
CVE-2021-21682 | Jenkins 2.314 and earlier, LTS 2.303.1 and earlier accepts names of jobs and other entities with a trailing dot character, potentially replacing the configuration and data of other entities on Windows. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-21682 |
CVE-2022-20612 | A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build of job without parameters when no security realm is set. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-20612 |
CVE-2022-20613 | A cross-site request forgery (CSRF) vulnerability in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-20613 |
CVE-2022-20614 | A missing permission check in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers with Overall/Read access to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-20614 |
CVE-2022-20616 | Jenkins Credentials Binding Plugin 1.27 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read access to validate if a credential ID refers to a secret file credential and whether it's a zip file. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-20616 |
CVE-2022-20618 | A missing permission check in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-20618 |
CVE-2022-20620 | Missing permission checks in Jenkins SSH Agent Plugin 1.23 and earlier allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-20620 |
CVE-2022-23111 | A cross-site request forgery (CSRF) vulnerability in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-23111 |
CVE-2022-23113 | Jenkins Publish Over SSH Plugin 1.22 and earlier performs a validation of the file name specifying whether it is present or not, resulting in a path traversal vulnerability allowing attackers with Item/Configure permission to discover the name of the Jenkins controller files. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-23113 |
CVE-2022-25180 | Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier includes password parameters from the original build in replayed builds, allowing attackers with Run/Replay permission to obtain the values of password parameters passed to previous builds of a Pipeline. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-25180 |
CVE-2022-25188 | Jenkins Fortify Plugin 20.2.34 and earlier does not sanitize the appName and appVersion parameters of its Pipeline steps, allowing attackers with Item/Configure permission to write or overwrite .xml files on the Jenkins controller file system with content not controllable by the attacker. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-25188 |
CVE-2022-25190 | A missing permission check in Jenkins Conjur Secrets Plugin 1.0.11 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-25190 |
CVE-2022-25195 | A missing permission check in Jenkins autonomiq Plugin 1.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-25195 |
CVE-2022-25318 | An issue was discovered in Cerebrate through 1.4. An incorrect sharing group ACL allowed an unprivileged user to edit and modify sharing groups. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-25318 |
CVE-2022-27199 | A missing permission check in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-27199 |
CVE-2022-27205 | A missing permission check in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-27205 |
CVE-2022-27214 | A cross-site request forgery (CSRF) vulnerability in Jenkins Release Helper Plugin 1.3.3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-27214 |
CVE-2022-27215 | A missing permission check in Jenkins Release Helper Plugin 1.3.3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-27215 |
CVE-2022-27218 | Jenkins incapptic connect uploader Plugin 1.15 and earlier stores tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-27218 |
CVE-2022-28137 | A missing permission check in Jenkins JiraTestResultReporter Plugin 165.v817928553942 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-28137 |
CVE-2022-28138 | A cross-site request forgery (CSRF) vulnerability in Jenkins RocketChat Notifier Plugin 1.4.10 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credential. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-28138 |
CVE-2022-28139 | A missing permission check in Jenkins RocketChat Notifier Plugin 1.4.10 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-28139 |
CVE-2022-28147 | A missing permission check in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-28147 |
CVE-2022-28151 | A missing permission check in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers with Item/Read permission to change the owners and item-specific permissions of a job. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-28151 |
CVE-2022-28152 | A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to restore the default ownership of a job. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-28152 |
CVE-2022-29048 | A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Plugin 2.15.3 and earlier allows attackers to connect to an attacker-specified URL. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-29048 |
CVE-2022-29051 | Missing permission checks in Jenkins Publish Over FTP Plugin 1.16 and earlier allow attackers with Overall/Read permission to connect to an FTP server using attacker-specified credentials. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-29051 |
CVE-2022-29052 | Jenkins Google Compute Engine Plugin 4.3.8 and earlier stores private keys unencrypted in cloud agent config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-29052 |
CVE-2022-30946 | A cross-site request forgery (CSRF) vulnerability in Jenkins Script Security Plugin 1158.v7c1b_73a_69a_08 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-specified webserver. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-30946 |
CVE-2022-30957 | A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-30957 |
CVE-2022-34204 | A missing permission check in Jenkins EasyQA Plugin 1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-34204 |
CVE-2022-34206 | A missing permission check in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers with Overall/Read permission to send HTTP POST requests to an attacker-specified URL. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-34206 |
CVE-2022-34208 | A missing permission check in Jenkins Beaker builder Plugin 1.10 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-34208 |
CVE-2022-34782 | An incorrect permission check in Jenkins requests-plugin Plugin 2.2.16 and earlier allows attackers with Overall/Read permission to view the list of pending requests. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-34782 |
CVE-2022-34785 | Jenkins build-metrics Plugin 1.3 and earlier does not perform permission checks in multiple HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about jobs otherwise inaccessible to them. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-34785 |
CVE-2022-34796 | A missing permission check in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-34796 |
CVE-2022-34797 | A cross-site request forgery (CSRF) vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to connect to an attacker-specified HTTP URL using attacker-specified credentials. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-34797 |
CVE-2022-34798 | Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-34798 |
CVE-2022-34799 | Jenkins Deployment Dashboard Plugin 1.0.10 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-34799 |
CVE-2022-34800 | Jenkins Build Notifications Plugin 1.5.0 and earlier stores tokens unencrypted in its global configuration files on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-34800 |
CVE-2022-34801 | Jenkins Build Notifications Plugin 1.5.0 and earlier transmits tokens in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-34801 |
CVE-2022-34802 | Jenkins RocketChat Notifier Plugin 1.5.2 and earlier stores the login password and webhook token unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-34802 |
CVE-2022-34803 | Jenkins OpsGenie Plugin 1.9 and earlier stores API keys unencrypted in its global configuration file and in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission (config.xml), or access to the Jenkins controller file system. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-34803 |
CVE-2022-34804 | Jenkins OpsGenie Plugin 1.9 and earlier transmits API keys in plain text as part of the global Jenkins configuration form and job configuration forms, potentially resulting in their exposure. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-34804 |
CVE-2022-34808 | Jenkins Cisco Spark Plugin 1.1.1 and earlier stores bearer tokens unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-34808 |
CVE-2022-34811 | A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to access the XPath Configuration Viewer page. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-34811 |
CVE-2022-34812 | A cross-site request forgery (CSRF) vulnerability in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers to create and delete XPath expressions. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-34812 |
CVE-2022-34813 | A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to create and delete XPath expressions. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-34813 |
CVE-2022-34814 | Jenkins Request Rename Or Delete Plugin 1.1.0 and earlier does not correctly perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to view an administrative configuration page listing pending requests. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-34814 |
CVE-2022-34815 | A cross-site request forgery (CSRF) vulnerability in Jenkins Request Rename Or Delete Plugin 1.1.0 and earlier allows attackers to accept pending requests, thereby renaming or deleting jobs. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-34815 |
CVE-2022-34817 | A cross-site request forgery (CSRF) vulnerability in Jenkins Failed Job Deactivator Plugin 1.2.1 and earlier allows attackers to disable jobs. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-34817 |
CVE-2022-34818 | Jenkins Failed Job Deactivator Plugin 1.2.1 and earlier does not perform permission checks in several views and HTTP endpoints, allowing attackers with Overall/Read permission to disable jobs. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-34818 |
CVE-2022-36886 | A cross-site request forgery (CSRF) vulnerability in Jenkins External Monitor Job Type Plugin 191.v363d0d1efdf8 and earlier allows attackers to create runs of an external job. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-36886 |
CVE-2022-36887 | A cross-site request forgery (CSRF) vulnerability in Jenkins Job Configuration History Plugin 1155.v28a_46a_cc06a_5 and earlier allows attackers to delete entries from job, agent, and system configuration history, or restore older versions of job, agent, and system configurations. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-36887 |
CVE-2022-36890 | Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the name of files in methods implementing form validation, allowing attackers with Item/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-36890 |
CVE-2022-36891 | A missing permission check in Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier allows attackers with Item/Read permission but without Deploy Now/Deploy permission to read deployment logs. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-36891 |
CVE-2022-36892 | Jenkins rhnpush-plugin Plugin 0.5.1 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace contents. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-36892 |
CVE-2022-36893 | Jenkins rpmsign-plugin Plugin 0.5.0 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace contents. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-36893 |
CVE-2022-36895 | A missing permission check in Jenkins Compuware Topaz Utilities Plugin 1.0.8 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-36895 |
CVE-2022-36897 | A missing permission check in Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-36897 |
CVE-2022-36898 | A missing permission check in Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-36898 |
CVE-2022-36903 | A missing permission check in Jenkins Repository Connector Plugin 2.2.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-36903 |
CVE-2022-36904 | Jenkins Repository Connector Plugin 2.2.0 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-36904 |
CVE-2022-36912 | A missing permission check in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-36912 |
CVE-2022-36913 | Jenkins Openstack Heat Plugin 1.5 and earlier does not perform permission checks in methods implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-36913 |
CVE-2022-36914 | Jenkins Files Found Trigger Plugin 1.5 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-36914 |
CVE-2022-36915 | Jenkins Android Signing Plugin 2.2.5 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace contents. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-36915 |
CVE-2022-36917 | A missing permission check in Jenkins Google Cloud Backup Plugin 0.6 and earlier allows attackers with Overall/Read permission to request a manual backup. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-36917 |
CVE-2022-36918 | Jenkins Buckminster Plugin 1.1.1 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-36918 |
CVE-2022-36919 | A missing permission check in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-36919 |
CVE-2022-41230 | Jenkins Build-Publisher Plugin 1.22 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain names and URLs of Jenkins servers that the plugin is configured to publish builds to, as well as builds pending for publication to those Jenkins servers. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-41230 |
CVE-2022-41233 | Jenkins Rundeck Plugin 3.6.11 and earlier does not perform Run/Artifacts permission checks in multiple HTTP endpoints, allowing attackers with Item/Read permission to obtain information about build artifacts of a given job, if the optional Run/Artifacts permission is enabled. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-41233 |
CVE-2022-41247 | Jenkins BigPanda Notifier Plugin 1.4.0 and earlier stores the BigPanda API key unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-41247 |
CVE-2022-41251 | A missing permission check in Jenkins Apprenda Plugin 2.2.0 and earlier allows users with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-41251 |
CVE-2022-41252 | Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allows users with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-41252 |
CVE-2022-43413 | Jenkins Job Import Plugin 3.5 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-43413 |
CVE-2022-43417 | Jenkins Katalon Plugin 1.0.32 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-43417 |
CVE-2022-43418 | A cross-site request forgery (CSRF) vulnerability in Jenkins Katalon Plugin 1.0.33 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-43418 |
CVE-2022-43427 | Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-43427 |
CVE-2022-43431 | Jenkins Compuware Strobe Measurement Plugin 1.0.1 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-43431 |
CVE-2022-43432 | Jenkins XFramium Builder Plugin 1.0.22 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-43432 |
CVE-2022-43433 | Jenkins ScreenRecorder Plugin 0.7 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-43433 |
CVE-2022-45390 | A missing permission check in Jenkins loader.io Plugin 1.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-45390 |
CVE-2022-45394 | A missing permission check in Jenkins Delete log Plugin 1.0 and earlier allows attackers with Item/Read permission to delete build logs. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-45394 |
CVE-2022-45398 | A cross-site request forgery (CSRF) vulnerability in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-45398 |
CVE-2022-45399 | A missing permission check in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-45399 |
CVE-2023-24431 | A missing permission check in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-24431 |
CVE-2023-24436 | A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-24436 |
CVE-2023-22937 | In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the lookup table upload feature let a user upload lookup tables with unnecessary filename extensions. Lookup table file extensions may now be one of the following only: .csv, .csv.gz, .kmz, .kml, .mmdb, or .mmdb.gzl. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-22937 |
CVE-2023-22942 | In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a cross-site request forgery in the Splunk Secure Gateway (SSG) app in the ‘kvstore_client’ REST endpoint lets a potential attacker update SSG KV store collections using an HTTP GET request. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-22942 |
CVE-2023-25766 | A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-25766 |
CVE-2023-3622 | \n Access Control Bypass Vulnerability in the SolarWinds Platform that allows an underprivileged user to read arbitrary resource | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-3622 |
CVE-2021-28485 | In Ericsson Mobile Switching Center Server (MSC-S) before IS 3.1 CP22, the SIS web application allows relative path traversal via a specific parameter in the https request after authentication, which allows access to files on the system that are not intended to be accessible via the web application. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-28485 |
CVE-2023-45194 | Use of default credentials vulnerability in MR-GM2 firmware Ver. 3.00.03 and earlier, and MR-GM3 (-D/-K/-S/-DK/-DKS/-M/-W) firmware Ver. 1.03.45 and earlier allows a network-adjacent unauthenticated attacker to intercept wireless LAN communication, when the affected product performs the communication without changing the pre-shared key from the factory-default configuration. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-45194 |
CVE-2023-39999 | Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.13, from 6.0 through 6.0.5, from 5.9 through 5.9.7, from 5.8 through 5.8.7, from 5.7 through 5.7.9, from 5.6 through 5.6.11, from 5.5 through 5.5.12, from 5.4 through 5.4.13, from 5.3 through 5.3.15, from 5.2 through 5.2.18, from 5.1 through 5.1.16, from 5.0 through 5.0.19, from 4.9 through 4.9.23, from 4.8 through 4.8.22, from 4.7 through 4.7.26, from 4.6 through 4.6.26, from 4.5 through 4.5.29, from 4.4 through 4.4.30, from 4.3 through 4.3.31, from 4.2 through 4.2.35, from 4.1 through 4.1.38. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-39999 |
CVE-2023-3254 | The Widgets for Google Reviews plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 10.9. This is due to missing or incorrect nonce validation within setup_no_reg_header.php. This makes it possible for unauthenticated attackers to reset plugin settings and remove reviews via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-3254 |
CVE-2023-4938 | The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_apply_default_combination function. This makes it possible for authenticated attackers (subscriber or higher) to manipulate products. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-4938 |
CVE-2023-34050 | \n\n\n\n\n\n\n\n\n\nIn spring AMQP versions 1.0.0 to\n2.4.16 and 3.0.0 to 3.0.9 , allowed list patterns for deserializable class\nnames were added to Spring AMQP, allowing users to lock down deserialization of\ndata in messages from untrusted sources; however by default, when no allowed\nlist was provided, all classes could be deserialized.\n\n\n\nSpecifically, an application is\nvulnerable if\n\n\n\n\n * the\n SimpleMessageConverter or SerializerMessageConverter is used\n\n * the user\n does not configure allowed list patterns\n\n * untrusted\n message originators gain permissions to write messages to the RabbitMQ\n broker to send malicious content\n\n\n\n\n\n\n\n\n\n | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-34050 |
CVE-2023-4935 | The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the create_profile function. This makes it possible for unauthenticated attackers to create profiles via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-4935 |
CVE-2023-4937 | The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_apply_default_combination function. This makes it possible for unauthenticated attackers to manipulate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-4937 |
CVE-2023-4940 | The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_swap function. This makes it possible for unauthenticated attackers to manipulate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-4940 |
CVE-2023-4942 | The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_visibility function. This makes it possible for unauthenticated attackers to manipulate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-4942 |
CVE-2023-4943 | The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_visibility function. This makes it possible for authenticated attackers (subscriber or higher) to manipulate products. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-4943 |
CVE-2023-4947 | The WooCommerce EAN Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refresh_order_ean_data AJAX action in versions up to 6.1.0. This makes it possible for authenticated attackers with contributor-level access and above, to update EAN numbers for orders. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-4947 |
CVE-2023-4975 | The Website Builder by SeedProd plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.15.13.1. This is due to missing or incorrect nonce validation on functionality in the builder.php file. This makes it possible for unauthenticated attackers to change the stripe connect token via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-4975 |
CVE-2020-36751 | The Coupon Creator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1. This is due to missing or incorrect nonce validation on the save_meta() function. This makes it possible for unauthenticated attackers to save meta fields via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-36751 |
CVE-2020-36753 | The Hueman theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6.3. This is due to missing or incorrect nonce validation on the save_meta_box() function. This makes it possible for unauthenticated attackers to save metabox data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-36753 |
CVE-2020-36754 | The Paid Memberships Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.2. This is due to missing or incorrect nonce validation on the pmpro_page_save() function. This makes it possible for unauthenticated attackers to save pages via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-36754 |
CVE-2020-36755 | The Customizr theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.3.0. This is due to missing or incorrect nonce validation on the czr_fn_post_fields_save() function. This makes it possible for unauthenticated attackers to post fields via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-36755 |
CVE-2020-36758 | The RSS Aggregator by Feedzy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.2. This is due to missing or incorrect nonce validation on the save_feedzy_post_type_meta() function. This makes it possible for unauthenticated attackers to update post meta via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-36758 |
CVE-2020-36759 | The Woody code snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.9. This is due to missing or incorrect nonce validation on the runActions() function. This makes it possible for unauthenticated attackers to activate and deactivate snippets via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-36759 |
CVE-2021-4418 | The Custom CSS, JS & PHP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.7. This is due to missing or incorrect nonce validation on the save() function. This makes it possible for unauthenticated attackers to save code snippets via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-4418 |
CVE-2022-3622 | The Blog2Social plugin for WordPress is vulnerable to authorization bypass due to missing capability checks in versions up to, and including, 6.9.11. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change some plugin settings intended to be modifiable by admins only. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-3622 |
CVE-2023-4796 | The Booster for WooCommerce for WordPress is vulnerable to Information Disclosure via the 'wcj_wp_option' shortcode in versions up to, and including, 7.1.0 due to insufficient controls on the information retrievable via the shortcode. This makes it possible for authenticated attackers, with subscriber-level capabilities or above, to retrieve arbitrary sensitive site options. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-4796 |
CVE-2023-4923 | The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_delete function. This makes it possible for unauthenticated attackers to delete products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-4923 |
CVE-2023-4924 | The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to missing capability checks on the woobe_bulkoperations_delete function. This makes it possible for authenticated attackers, with subscriber access or higher, to delete products. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-4924 |
CVE-2023-4926 | The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulk_delete_products function. This makes it possible for unauthenticated attackers to delete products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-4926 |
CVE-2023-4941 | The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_swap function. This makes it possible for authenticated attackers (subscriber or higher) to manipulate products. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-4941 |
CVE-2023-5718 | The Vue.js Devtools extension was found to leak screenshot data back to a malicious web page via the standard `postMessage()` API. By creating a malicious web page with an iFrame targeting a sensitive resource (i.e. a locally accessible file or sensitive website), and registering a listener on the web page, the extension sent messages back to the listener, containing the base64 encoded screenshot data of the sensitive resource. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-5718 |
CVE-2023-37532 | HCL Commerce Remote Store server could allow a remote attacker, using a specially-crafted URL, to read arbitrary files on the system.\n | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-37532 |
CVE-2023-46288 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.4.0 to 2.7.0.\n\nSensitive configuration information has been exposed to authenticated users with the ability to read configuration via Airflow REST API for configuration even when the expose_config option is set to non-sensitive-only. The expose_config option is False by default. It is recommended to upgrade to a version that is not affected if you set expose_config to non-sensitive-only configuration. This is a different error than CVE-2023-45348 which allows authenticated user to retrieve individual configuration values in 2.7.* by specially crafting their request (solved in 2.7.2).\n\nUsers are recommended to upgrade to version 2.7.2, which fixes the issue and additionally fixes CVE-2023-45348.\n\n | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-46288 |
CVE-2023-34056 | vCenter Server contains a partial information disclosure vulnerability. A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-34056 |
CVE-2023-34085 | When an AWS DynamoDB table is used for user attribute storage, it is possible to retrieve the attributes of another user using a maliciously crafted request\n | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-34085 |
CVE-2019-10393 | A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of method names in method call expressions allowed attackers to execute arbitrary code in sandboxed scripts. | 4.2 | https://nvd.nist.gov/vuln/detail/CVE-2019-10393 |
CVE-2019-10394 | A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions on the left-hand side of assignment expressions allowed attackers to execute arbitrary code in sandboxed scripts. | 4.2 | https://nvd.nist.gov/vuln/detail/CVE-2019-10394 |
CVE-2019-10399 | A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions in increment and decrement expressions allowed attackers to execute arbitrary code in sandboxed scripts. | 4.2 | https://nvd.nist.gov/vuln/detail/CVE-2019-10399 |
CVE-2019-10400 | A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of subexpressions in increment and decrement expressions not involving actual assignment allowed attackers to execute arbitrary code in sandboxed scripts. | 4.2 | https://nvd.nist.gov/vuln/detail/CVE-2019-10400 |
CVE-2023-45803 | urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn't exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. Using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON) and 2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised. This issue has been addressed in versions 1.26.18 and 2.0.7 and users are advised to update to resolve this issue. Users unable to update should disable redirects for services that aren't expecting to respond with redirects with `redirects=False` and disable automatic redirects with `redirects=False` and handle 301, 302, and 303 redirects manually by stripping the HTTP request body.\n | 4.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-45803 |
CVE-2023-3863 | A use-after-free flaw was found in nfc_llcp_find_local in net/nfc/llcp_core.c in NFC in the Linux kernel. This flaw allows a local user with special privileges to impact a kernel information leak issue. | 4.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-3863 |
CVE-2022-25332 | The AES implementation in the Texas Instruments OMAP L138 (secure variants), present in mask ROM, suffers from a timing side channel which can be exploited by an adversary with non-secure supervisor privileges by managing cache contents and collecting timing information for different ciphertext inputs. Using this side channel, the SK_LOAD secure kernel routine can be used to recover the Customer Encryption Key (CEK). | 4.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-25332 |
CVE-2022-22935 | An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. A minion authentication denial of service can cause a MiTM attacker to force a minion process to stop by impersonating a master. | 3.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-22935 |
CVE-2023-31124 | c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand() as a fallback which could allow an attacker to take advantage of the lack of entropy by not using a CSPRNG. This issue was patched in version 1.19.1.\n | 3.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-31124 |
CVE-2023-22025 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u381-perf, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8 and 21. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). | 3.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-22025 |
CVE-2023-38546 | This flaw allows an attacker to insert cookies at will into a running program\nusing libcurl, if the specific series of conditions are met.\n\nlibcurl performs transfers. In its API, an application creates "easy handles"\nthat are the individual handles for single transfers.\n\nlibcurl provides a function call that duplicates en easy handle called\n[curl_easy_duphandle](https://curl.se/libcurl/c/curl_easy_duphandle.html).\n\nIf a transfer has cookies enabled when the handle is duplicated, the\ncookie-enable state is also cloned - but without cloning the actual\ncookies. If the source handle did not read any cookies from a specific file on\ndisk, the cloned version of the handle would instead store the file name as\n`none` (using the four ASCII letters, no quotes).\n\nSubsequent use of the cloned handle that does not explicitly set a source to\nload cookies from would then inadvertently load cookies from a file named\n`none` - if such a file exists and is readable in the current directory of the\nprogram using libcurl. And if using the correct file format of course.\n | 3.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-38546 |
CVE-2023-45145 | Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask(2) is used, this creates a race condition that enables, during a short period of time, another process to establish an otherwise unauthorized connection. This problem has existed since Redis 2.6.0-RC1. This issue has been addressed in Redis versions 7.2.2, 7.0.14 and 6.2.14. Users are advised to upgrade. For users unable to upgrade, it is possible to work around the problem by disabling Unix sockets, starting Redis with a restrictive umask, or storing the Unix socket file in a protected directory. | 3.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-45145 |
CVE-2022-45393 | A cross-site request forgery (CSRF) vulnerability in Jenkins Delete log Plugin 1.0 and earlier allows attackers to delete build logs. | 3.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-45393 |
CVE-2023-0919 | Missing Authentication for Critical Function in GitHub repository kareadita/kavita prior to 0.7.0.\n\n | 3.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0919 |
CVE-2023-33229 | The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject passive HTML. | 3.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-33229 |
CVE-2023-45143 | Undici is an HTTP/1.1 client written from scratch for Node.js. Prior to version 5.26.2, Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Cookie` headers. By design, `cookie` headers are forbidden request headers, disallowing them to be set in RequestInit.headers in browser environments. Since undici handles headers more liberally than the spec, there was a disconnect from the assumptions the spec made, and undici's implementation of fetch. As such this may lead to accidental leakage of cookie to a third-party site or a malicious attacker who can control the redirection target (ie. an open redirector) to leak the cookie to the third party site. This was patched in version 5.26.2. There are no known workarounds. | 3.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-45143 |
CVE-2019-10343 | Jenkins Configuration as Code Plugin 1.24 and earlier did not properly apply masking to values expected to be hidden when logging the configuration being applied. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-10343 |
CVE-2019-10433 | Jenkins Dingding[??] Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-10433 |
CVE-2019-10450 | Jenkins ElasticBox CI Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-10450 |
CVE-2020-2218 | Jenkins HP ALM Quality Center Plugin 1.6 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2218 |
CVE-2020-2249 | Jenkins Team Foundation Server Plugin 5.157.1 and earlier stores a webhook secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2249 |
CVE-2020-2291 | Jenkins couchdb-statistics Plugin 0.3 and earlier stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2291 |
CVE-2020-2297 | Jenkins SMS Notification Plugin 1.2 and earlier stores an access token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2297 |
CVE-2021-35991 | Adobe Bridge version 11.0.2 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-35991 |
CVE-2022-23114 | Jenkins Publish Over SSH Plugin 1.22 and earlier stores password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-23114 |
CVE-2023-40127 | In multiple locations, there is a possible way to access screenshots due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-40127 |
CVE-2023-40134 | In isFullScreen of FillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-40134 |
CVE-2023-40135 | In applyCustomDescription of SaveUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-40135 |
CVE-2023-40136 | In setHeader of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-40136 |
CVE-2023-40137 | In multiple functions of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-40137 |
CVE-2023-40138 | In FillUi of FillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-40138 |
CVE-2019-10397 | Jenkins Aqua Security Serverless Scanner Plugin 1.0.4 and earlier transmitted configured passwords in plain text as part of job configuration forms, potentially resulting in their exposure. | 3.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-10397 |
CVE-2023-22048 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N). | 3.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-22048 |
CVE-2023-45659 | Engelsystem is a shift planning system for chaos events. If a users' password is compromised and an attacker gained access to a users' account, i.e., logged in and obtained a session, an attackers' session is not terminated if the users' account password is reset. This vulnerability has been fixed in the commit `dbb089315ff3d`. Users are advised to update their installations. There are no known workarounds for this vulnerability. | 2.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45659 |
CVE-2023-22038 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N). | 2.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-22038 |
CVE-2023-22113 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N). | 2.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-22113 |
CVE-2023-45809 | Wagtail is an open source content management system built on Django. A user with a limited-permission editor account for the Wagtail admin can make a direct URL request to the admin view that handles bulk actions on user accounts. While authentication rules prevent the user from making any changes, the error message discloses the display names of user accounts, and by modifying URL parameters, the user can retrieve the display name for any user. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. Patched versions have been released as Wagtail 4.1.8 (LTS), 5.0.5 and 5.1.3. The fix is also included in Release Candidate 1 of the forthcoming Wagtail 5.2 release. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-45809 |
CVE-2023-22074 | Vulnerability in the Oracle Database Sharding component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows high privileged attacker having Create Session, Select Any Dictionary privilege with network access via Oracle Net to compromise Oracle Database Sharding. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Database Sharding. CVSS 3.1 Base Score 2.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:L). | 2.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-22074 |
CVE-2023-45152 | Engelsystem is a shift planning system for chaos events. A Blind SSRF in the "Import schedule" functionality makes it possible to perform a port scan against the local environment. This vulnerability has been fixed in commit ee7d30b33. If a patch cannot be deployed, operators should ensure that no HTTP(s) services listen on localhost and/or systems only reachable from the host running the engelsystem software. If such services are necessary, they should utilize additional authentication. | 2.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-45152 |
CVE-2023-23767 | Incorrect Permission Assignment for Critical Resource in GitHub Enterprise Server that allowed local operating system user accounts to read MySQL connection details including the MySQL password via configuration files. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.7.18, 3.8.11, 3.9.6, and 3.10.3.\n | 2.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-23767 |
CVE-2004-1027 | Directory traversal vulnerability in the -x (extract) command line option in unarj allows remote attackers to overwrite arbitrary files via an arj archive with filenames that contain .. (dot dot) sequences. | – | https://nvd.nist.gov/vuln/detail/CVE-2004-1027 |
CVE-2009-1955 | The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564. | – | https://nvd.nist.gov/vuln/detail/CVE-2009-1955 |
CVE-2011-2483 | crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash. | – | https://nvd.nist.gov/vuln/detail/CVE-2011-2483 |
CVE-2014-0231 | The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor. | – | https://nvd.nist.gov/vuln/detail/CVE-2014-0231 |
CVE-2014-3577 | org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "CN=" string in a field in the distinguished name (DN) of a certificate, as demonstrated by the "foo,CN=www.apache.org" string in the O field. | – | https://nvd.nist.gov/vuln/detail/CVE-2014-3577 |
CVE-2023-43622 | An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern.\nThis has been fixed in version 2.4.58, so that such connection are terminated properly after the configured connection timeout.\n\nThis issue affects Apache HTTP Server: from 2.4.55 through 2.4.57.\n\nUsers are recommended to upgrade to version 2.4.58, which fixes the issue.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43622 |
CVE-2023-45802 | When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing the memory footprint to keep on growing. On connection close, all resources were reclaimed, but the process might run out of memory before that.\n\nThis was found by the reporter during testing of CVE-2023-44487 (HTTP/2 Rapid Reset Exploit) with their own test client. During "normal" HTTP/2 use, the probability to hit this bug is very low. The kept memory would not become noticeable before the connection closes or times out.\n\nUsers are recommended to upgrade to version 2.4.58, which fixes the issue.\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45802 |
CVE-2023-26219 | The Hawk Console and Hawk Agent components of TIBCO Software Inc.'s TIBCO Hawk, TIBCO Hawk Distribution for TIBCO Silver Fabric, TIBCO Operational Intelligence Hawk RedTail, and TIBCO Runtime Agent contain a vulnerability that theoretically allows an attacker with access to the Hawk Console’s and Agent’s log to obtain credentials used to access associated EMS servers. Affected releases are TIBCO Software Inc.'s TIBCO Hawk: versions 6.2.2 and below, TIBCO Hawk Distribution for TIBCO Silver Fabric: versions 6.2.2 and below, TIBCO Operational Intelligence Hawk RedTail: versions 7.2.1 and below, and TIBCO Runtime Agent: versions 5.12.2 and below.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26219 |
CVE-2023-37913 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 3.5-milestone-1 and prior to versions 14.10.8 and 15.3-rc-1, triggering the office converter with a specially crafted file name allows writing the attachment's content to an attacker-controlled location on the server as long as the Java process has write access to that location. In particular in the combination with attachment moving, a feature introduced in XWiki 14.0, this is easy to reproduce but it also possible to reproduce in versions as old as XWiki 3.5 by uploading the attachment through the REST API which doesn't remove `/` or `\\` from the filename. As the mime type of the attachment doesn't matter for the exploitation, this could e.g., be used to replace the `jar`-file of an extension which would allow executing arbitrary Java code and thus impact the confidentiality, integrity and availability of the XWiki installation. This vulnerability has been patched in XWiki 14.10.8 and 15.3RC1. There are no known workarounds apart from disabling the office converter. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-37913 |
CVE-2023-41255 | The vulnerability allows an unprivileged user with access to the subnet of the TPC-110W device to gain a root shell on the device itself abusing the lack of authentication \r\nof the ‘su’ binary file installed on the device that can be accessed through the ADB (Android Debug Bridge) protocol exposed on the network. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-41255 |
CVE-2023-41372 | The vulnerability allows an unprivileged (untrusted) third- party application to arbitrary modify the server settings of the Android Client application, inducing it to connect to an attacker - controlled malicious server.This is possible by forging a valid broadcast intent encrypted with a hardcoded RSA key pair | – | https://nvd.nist.gov/vuln/detail/CVE-2023-41372 |
CVE-2023-41960 | The vulnerability allows an unprivileged(untrusted) third-party application to interact with a content-provider unsafely exposed by the Android Agent application, potentially modifying sensitive settings of the Android Client application itself. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-41960 |
CVE-2023-42488 | EisBaer Scada - CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42488 |
CVE-2023-42489 | EisBaer Scada - CWE-732: Incorrect Permission Assignment for Critical Resource | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42489 |
CVE-2023-42490 | \n\nEisBaer Scada - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42490 |
CVE-2023-42491 | EisBaer Scada - CWE-285: Improper Authorization | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42491 |
CVE-2023-42492 | EisBaer Scada - CWE-321: Use of Hard-coded Cryptographic Key | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42492 |
CVE-2023-42493 | EisBaer Scada - CWE-256: Plaintext Storage of a Password | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42493 |
CVE-2023-42494 | EisBaer Scada - CWE-749: Exposed Dangerous Method or Function | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42494 |
CVE-2023-43488 | The vulnerability allows a low privileged (untrusted) application to\r\nmodify a critical system property that should be denied, in order to enable the ADB (Android Debug Bridge) protocol to be exposed on the network, exploiting it to gain a privileged shell on the device without requiring the physical access through USB. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43488 |
CVE-2023-43506 | A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges to those of a higher role. A successful exploit allows malicious users to execute arbitrary code with root level privileges on the Linux instance. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43506 |
CVE-2023-43507 | A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43507 |
CVE-2023-43508 | Vulnerabilities in the web-based management interface of ClearPass Policy Manager allow an attacker with read-only privileges to perform actions that change the state of the ClearPass Policy Manager instance. Successful exploitation of these vulnerabilities allow an attacker to complete state-changing actions in the web-based management interface that should not be allowed by their current level of authorization on the platform. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43508 |
CVE-2023-43509 | A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an unauthenticated remote attacker to send notifications to computers that are running ClearPass OnGuard. These notifications can then be used to phish users or trick them into downloading malicious software. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43509 |
CVE-2023-43510 | A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a non-privileged user on the underlying operating system leading to partial system compromise. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43510 |
CVE-2023-43795 | GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service (WPS) specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request Forgery. This vulnerability has been patched in version 2.22.5 and 2.23.2. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43795 |
CVE-2023-43961 | An issue in Dromara SaToken version 1.3.50RC and before when using Spring dynamic controllers, a specially crafted request may cause an authentication bypass. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43961 |
CVE-2023-44767 | A File upload vulnerability in RiteCMS 3.0 allows a local attacker to upload a SVG file with XSS content. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44767 |
CVE-2023-44769 | A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows a local attacker to execute arbitrary code via a crafted script to the Spare aliases from Alias. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44769 |
CVE-2023-45220 | The Android Client application, when enrolled with the define method 1(the user manually inserts the server ip address), use HTTP protocol to retrieve sensitive information (ip address and credentials to connect to a remote MQTT broker entity) instead of HTTPS and this feature is not configurable by the user. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45220 |
CVE-2023-45321 | The Android Client application, when enrolled with the define method 1 (the user manually inserts the server ip address), use HTTP protocol to retrieve sensitive information (ip address and credentials to connect to a remote MQTT broker entity) instead of HTTPS and this feature is not configurable by the user. Due to the lack of encryption of HTTP,this issue allows an attacker placed in the same subnet network of the HMI device to intercept username and password necessary to authenticate to the MQTT server responsible to implement the remote management protocol. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45321 |
CVE-2023-45640 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in TechnoWich WP ULike – Most Advanced WordPress Marketing Toolkit plugin <= 4.6.8 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45640 |
CVE-2023-45759 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Peter Keung Peter’s Custom Anti-Spam plugin <= 3.2.2 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45759 |
CVE-2023-45832 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Martin Gibson WP GoToWebinar plugin <= 14.45 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45832 |
CVE-2023-45833 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in LeadSquared Suite plugin <= 0.7.4 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45833 |
CVE-2023-45835 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Libsyn Libsyn Publisher Hub plugin <= 1.4.4 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45835 |
CVE-2023-45837 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in XYDAC Ultimate Taxonomy Manager plugin <= 2.0 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45837 |
CVE-2023-45844 | The vulnerability allows a low privileged user that have access to the device when locked in Kiosk mode to install an arbitrary Android application and leverage it to have access to critical device settings such as the device power management or eventually the device secure settings (ADB debug). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45844 |
CVE-2023-45851 | The Android Client application, when enrolled to the AppHub server,connects to an MQTT broker without enforcing any server authentication. \r\n\r\n\r\nThis issue allows an attacker to force the Android Client application to connect to a malicious MQTT broker, enabling it to send fake messages to the HMI device | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45851 |
CVE-2023-45990 | Insecure Permissions vulnerability in WenwenaiCMS v.1.0 allows a remote attacker to escalate privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45990 |
CVE-2023-46010 | An issue in SeaCMS v.12.9 allows an attacker to execute arbitrary commands via the admin_safe.php component. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46010 |
CVE-2023-46068 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in XQueue GmbH Maileon for WordPress plugin <= 2.16.0 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46068 |
CVE-2023-46069 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Osmansorkar Ajax Archive Calendar plugin <= 2.6.7 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46069 |
CVE-2023-46070 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Emmanuel GEORJON EG-Attachments plugin <= 2.1.3 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46070 |
CVE-2023-46071 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ClickDatos Protección de Datos RGPD plugin <= 3.1.0 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46071 |
CVE-2023-46102 | The Android Client application, when enrolled to the AppHub server, connects to an MQTT\r\nbroker to exchange messages and receive commands to execute on the HMI device.\r\nThe protocol builds on top of MQTT to implement the remote management of the device is encrypted with a hard-coded DES symmetric key, that can be retrieved reversing both the Android Client application and the server-side web application.\r\n\r\n\r\nThis issue allows an attacker able to control a malicious MQTT broker on the same subnet\r\nnetwork of the device, to craft malicious messages and send them to the HMI device, executing arbitrary commands on the device itself. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46102 |
CVE-2023-46118 | RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service (DoS) attacks with very large messages. An authenticated user with sufficient credentials can publish a very large messages over the HTTP API and cause target node to be terminated by an "out-of-memory killer"-like mechanism. This vulnerability has been patched in versions 3.11.24 and 3.12.7. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46118 |
CVE-2023-46119 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server crashes when uploading a file without extension. This vulnerability has been patched in versions 5.5.6 and 6.3.1.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46119 |
CVE-2023-46120 | The RabbitMQ Java client library allows Java and JVM-based applications to connect to and interact with RabbitMQ nodes. `maxBodyLebgth` was not used when receiving Message objects. Attackers could send a very large Message causing a memory overflow and triggering an OOM Error. Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer. This vulnerability was patched in version 5.18.0. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46120 |
CVE-2023-46123 | jumpserver is an open source bastion machine, professional operation and maintenance security audit system that complies with 4A specifications. A flaw in the Core API allows attackers to bypass password brute-force protections by spoofing arbitrary IP addresses. By exploiting this vulnerability, attackers can effectively make unlimited password attempts by altering their apparent IP address for each request. This vulnerability has been patched in version 3.8.0.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46123 |
CVE-2023-46124 | Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in runtime environments, and the enforcement of privacy regulations in code. The Fides web application allows a custom integration to be uploaded as a ZIP file containing configuration and dataset definitions in YAML format. It was discovered that specially crafted YAML dataset and config files allow a malicious user to perform arbitrary requests to internal systems and exfiltrate data outside the environment (also known as a Server-Side Request Forgery). The application does not perform proper validation to block attempts to connect to internal (including localhost) resources. The vulnerability has been patched in Fides version `2.22.1`. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46124 |
CVE-2023-46125 | Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides webserver API allows users to retrieve its configuration using the `GET api/v1/config` endpoint. The configuration data is filtered to suppress most sensitive configuration information before it is returned to the user, but even the filtered data contains information about the internals and the backend infrastructure, such as various settings, servers’ addresses and ports and database username. This information is useful for administrative users as well as attackers, thus it should not be revealed to low-privileged users. This vulnerability allows Admin UI users with roles lower than the owner role e.g. the viewer role to retrieve the config information using the API. The vulnerability has been patched in Fides version `2.22.1`. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46125 |
CVE-2023-46126 | Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in runtime environments, helping enforce privacy regulations in code. The Fides web application allows users to edit consent and privacy notices such as cookie banners. The vulnerability makes it possible to craft a payload in the privacy policy URL which triggers JavaScript execution when the privacy notice is served by an integrated website. The domain scope of the executed JavaScript is that of the integrated website. Exploitation is limited to Admin UI users with the contributor role or higher. The vulnerability has been patched in Fides version `2.22.1`. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46126 |
CVE-2023-46128 | Nautobot is a Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 2.0.x, certain REST API endpoints, in combination with the `?depth=<N>` query parameter, can expose hashed user passwords as stored in the database to any authenticated user with access to these endpoints. The passwords are not exposed in plaintext. This vulnerability has been patched in version 2.0.3.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46128 |
CVE-2023-46135 | rs-stellar-strkey is a Rust lib for encode/decode of Stellar Strkeys. A panic vulnerability occurs when a specially crafted payload is used.`inner_payload_len` should not above 64. This vulnerability has been patched in version 0.0.8. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46135 |
CVE-2023-46136 | Werkzeug is a comprehensive WSGI web application library. If an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk by chunk into internal bytearray and lookup for boundary is performed on growing buffer. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. This vulnerability has been patched in version 3.0.1. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46136 |
CVE-2023-46150 | Cross-Site Request Forgery (CSRF) vulnerability in WP Military WP Radio plugin <= 3.1.9 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46150 |
CVE-2023-46151 | Cross-Site Request Forgery (CSRF) vulnerability in AWESOME TOGI Product Category Tree plugin <= 2.5 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46151 |
CVE-2023-46152 | Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin <= 1.0.7.1 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46152 |
CVE-2023-46158 | IBM WebSphere Application Server Liberty 23.0.0.9 through 23.0.0.10 could provide weaker than expected security due to improper resource expiration handling. IBM X-Force ID: 268775. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46158 |
CVE-2023-46189 | Cross-Site Request Forgery (CSRF) vulnerability in Simple Calendar – Google Calendar Plugin <= 3.2.5 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46189 |
CVE-2023-46190 | Cross-Site Request Forgery (CSRF) vulnerability in Novo-media Novo-Map : your WP posts on custom google maps plugin <= 1.1.2 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46190 |
CVE-2023-46191 | Cross-Site Request Forgery (CSRF) vulnerability in Niels van Renselaar Open Graph Metabox plugin <= 1.4.4 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46191 |
CVE-2023-46193 | Cross-Site Request Forgery (CSRF) vulnerability in Internet Marketing Ninjas Internal Link Building plugin <= 1.2.3 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46193 |
CVE-2023-46198 | Cross-Site Request Forgery (CSRF) vulnerability in Scientech It Solution Appointment Calendar plugin <= 2.9.6 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46198 |
CVE-2023-46202 | Cross-Site Request Forgery (CSRF) vulnerability in Jeff Sherk Auto Login New User After Registration plugin <= 1.9.6 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46202 |
CVE-2023-46204 | Cross-Site Request Forgery (CSRF) vulnerability in Muller Digital Inc. Duplicate Theme plugin <= 0.1.6 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46204 |
CVE-2023-46316 | In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scripts do not properly parse command lines. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46316 |
CVE-2023-46346 | In the module "Product Catalog (CSV, Excel, XML) Export PRO" (exportproducts) in versions up to 4.1.1 from MyPrestaModules for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack. Due to a lack of permissions control and a lack of control in the path name construction, a guest can perform a path traversal to view all files on the information system. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46346 |
CVE-2023-46347 | In the module "Step by Step products Pack" (ndk_steppingpack) version 1.5.6 and before from NDK Design for PrestaShop, a guest can perform SQL injection. The method `NdkSpack::getPacks()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46347 |
CVE-2023-46358 | In the module "Referral and Affiliation Program" (referralbyphone) version 3.5.1 and before from Snegurka for PrestaShop, a guest can perform SQL injection. Method `ReferralByPhoneDefaultModuleFrontController::ajaxProcessCartRuleValidate` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46358 |
CVE-2023-46369 | Tenda W18E V16.01.0.8(1576) contains a stack overflow vulnerability via the portMirrorMirroredPorts parameter in the formSetNetCheckTools function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46369 |
CVE-2023-46370 | Tenda W18E V16.01.0.8(1576) has a command injection vulnerability via the hostName parameter in the formSetNetCheckTools function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46370 |
CVE-2023-46371 | TP-Link device TL-WDR7660 2.0.30 has a stack overflow vulnerability via the function upgradeInfoJsonToBin. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46371 |
CVE-2023-46373 | TP-Link TL-WDR7660 2.0.30 has a stack overflow vulnerability via the function deviceInfoJsonToBincauses. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46373 |
CVE-2023-46396 | Audimex 15.0.0 is vulnerable to Cross Site Scripting (XSS) in /audimex/cgi-bin/wal.fcgi via company parameter search filters. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46396 |
CVE-2023-46518 | Mercury A15 V1.0 20230818_1.0.3 was discovered to contain a command execution vulnerability via the component cloudDeviceTokenSuccCB. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46518 |
CVE-2023-46540 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formNtp. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46540 |
CVE-2023-46541 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formIpv6Setup. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46541 |
CVE-2023-46542 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMeshUploadConfig. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46542 |
CVE-2023-46543 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWlSiteSurvey. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46543 |
CVE-2023-46544 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWirelessTbl. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46544 |
CVE-2023-46545 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWsc. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46545 |
CVE-2023-46546 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formStats. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46546 |
CVE-2023-46547 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formSysLog. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46547 |
CVE-2023-46548 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWlanRedirect. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46548 |
CVE-2023-46549 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formSetLg. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46549 |
CVE-2023-46550 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMapDelDevice. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46550 |
CVE-2023-46551 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formReflashClientTbl. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46551 |
CVE-2023-46552 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMultiAP. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46552 |
CVE-2023-46553 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formParentControl. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46553 |
CVE-2023-46650 | Jenkins GitHub Plugin 1.37.3 and earlier does not escape the GitHub project URL on the build page when showing changes, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46650 |
CVE-2023-46651 | Jenkins Warnings Plugin 10.5.0 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. This fix has been backported to 10.4.1. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46651 |
CVE-2023-46652 | A missing permission check in Jenkins lambdatest-automation Plugin 1.20.9 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of LAMBDATEST credentials stored in Jenkins. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46652 |
CVE-2023-46653 | Jenkins lambdatest-automation Plugin 1.20.10 and earlier logs LAMBDATEST Credentials access token at the INFO level, potentially resulting in its exposure. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46653 |
CVE-2023-46654 | Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the expected directory during the cleanup process of the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to delete arbitrary files on the Jenkins controller file system. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46654 |
CVE-2023-46655 | Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the directory from which artifacts are published during the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to publish arbitrary files from the Jenkins controller file system to the previously configured CloudBees CD server. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46655 |
CVE-2023-46656 | Jenkins Multibranch Scan Webhook Trigger Plugin 1.0.9 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46656 |
CVE-2023-46657 | Jenkins Gogs Plugin 1.0.15 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46657 |
CVE-2023-46658 | Jenkins MSTeams Webhook Trigger Plugin 0.1.1 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46658 |
CVE-2023-46659 | Jenkins Edgewall Trac Plugin 1.13 and earlier does not escape the Trac website URL on the build page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46659 |
CVE-2023-46660 | Jenkins Zanata Plugin 0.6 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token hashes are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46660 |
CVE-2023-4606 | An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command. \n\nThis affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4606 |
CVE-2023-4607 | An authenticated XCC user can change permissions for any user through a crafted API command. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4607 |
CVE-2023-4608 | An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command. \n\nThis affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4608 |
CVE-2023-4692 | An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4692 |
CVE-2023-4693 | An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to be leaked, presenting a high Confidentiality risk. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4693 |
CVE-2023-5085 | The Advanced Menu Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'advMenu' shortcode in versions up to, and including, 0.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5085 |
CVE-2023-5110 | The BSK PDF Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'bsk-pdfm-category-dropdown' shortcode in versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5110 |
CVE-2023-5126 | The Delete Me plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'plugin_delete_me' shortcode in versions up to, and including, 3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The shortcode is not displayed to administrators, so it cannot be used against administrator users. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5126 |
CVE-2023-5127 | The WP Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping on 'icon' user supplied attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5127 |
CVE-2023-5311 | The WP EXtra plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the register() function in versions up to, and including, 6.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to modify the contents of the .htaccess files located in a site's root directory or /wp-content and /wp-includes folders and achieve remote code execution. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5311 |
CVE-2023-5363 | Issue summary: A bug has been identified in the processing of key and\ninitialisation vector (IV) lengths. This can lead to potential truncation\nor overruns during the initialisation of some symmetric ciphers.\n\nImpact summary: A truncation in the IV can result in non-uniqueness,\nwhich could result in loss of confidentiality for some cipher modes.\n\nWhen calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or\nEVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after\nthe key and IV have been established. Any alterations to the key length,\nvia the "keylen" parameter or the IV length, via the "ivlen" parameter,\nwithin the OSSL_PARAM array will not take effect as intended, potentially\ncausing truncation or overreading of these values. The following ciphers\nand cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.\n\nFor the CCM, GCM and OCB cipher modes, truncation of the IV can result in\nloss of confidentiality. For example, when following NIST's SP 800-38D\nsection 8.2.1 guidance for constructing a deterministic IV for AES in\nGCM mode, truncation of the counter portion could lead to IV reuse.\n\nBoth truncations and overruns of the key and overruns of the IV will\nproduce incorrect results and could, in some cases, trigger a memory\nexception. However, these issues are not currently assessed as security\ncritical.\n\nChanging the key and/or IV lengths is not considered to be a common operation\nand the vulnerable API was recently introduced. Furthermore it is likely that\napplication developers will have spotted this problem during testing since\ndecryption would fail unless both peers in the communication were similarly\nvulnerable. For these reasons we expect the probability of an application being\nvulnerable to this to be quite low. However if an application is vulnerable then\nthis issue is considered very serious. For these reasons we have assessed this\nissue as Moderate severity overall.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because\nthe issue lies outside of the FIPS provider boundary.\n\nOpenSSL 3.1 and 3.0 are vulnerable to this issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5363 |
CVE-2023-5472 | Use after free in Profiles in Google Chrome prior to 118.0.5993.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5472 |
CVE-2023-5568 | A heap-based Buffer Overflow flaw was discovered in Samba. It could allow a remote, authenticated attacker to exploit this vulnerability to cause a denial of service. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5568 |
CVE-2023-5671 | HP Print and Scan Doctor for Windows may potentially be vulnerable to escalation of privilege. HP is releasing software updates to mitigate the potential vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5671 |
CVE-2023-5717 | A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation.\n\nIf perf_read_group() is called while an event's sibling_list is smaller than its child's sibling_list, it can increment or write to memory locations outside of the allocated buffer.\n\nWe recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5717 |
CVE-2023-5721 | It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5721 |
CVE-2023-5722 | Using iterative requests an attacker was able to learn the size of an opaque response, as well as the contents of a server-supplied Vary header. This vulnerability affects Firefox < 119. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5722 |
CVE-2023-5723 | An attacker with temporary script access to a site could have set a cookie containing invalid characters using `document.cookie` that could have led to unknown errors. This vulnerability affects Firefox < 119. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5723 |
CVE-2023-5724 | Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5724 |
CVE-2023-5725 | A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5725 |
CVE-2023-5726 | A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. \n*Note: This issue only affected macOS operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5726 |
CVE-2023-5727 | The executable file warning was not presented when downloading .msix, .msixbundle, .appx, and .appxbundle files, which can run commands on a user's computer. \n*Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5727 |
CVE-2023-5728 | During garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5728 |
CVE-2023-5729 | A malicious web site can enter fullscreen mode while simultaneously triggering a WebAuthn prompt. This could have obscured the fullscreen notification and could have been leveraged in a spoofing attack. This vulnerability affects Firefox < 119. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5729 |
CVE-2023-5730 | Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5730 |
CVE-2023-5731 | Memory safety bugs present in Firefox 118. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 119. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5731 |
CVE-2023-5732 | An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited. This vulnerability affects Firefox < 117, Firefox ESR < 115.4, and Thunderbird < 115.4.1. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5732 |
CVE-2023-5740 | The Live Chat with Facebook Messenger plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'messenger' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5740 |
CVE-2023-5744 | The Very Simple Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vsgmap' shortcode in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5744 |
CVE-2023-5745 | The Reusable Text Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'text-blocks' shortcode in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with author-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5745 |
CVE-2023-5746 | A vulnerability regarding use of externally-controlled format string is found in the cgi component. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.5-0185 may be affected: BC500 and TC500. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5746 |
CVE-2023-5752 | When installing a package from a Mercurial VCS URL (ie "pip install \nhg+...") with pip prior to v23.3, the specified Mercurial revision could\n be used to inject arbitrary configuration options to the "hg clone" \ncall (ie "--config"). Controlling the Mercurial configuration can modify\n how and which repository is installed. This vulnerability does not \naffect users who aren't installing from Mercurial.\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5752 |
CVE-2023-5753 | Potential buffer overflows in the Bluetooth subsystem due to asserts being disabled in /subsys/bluetooth/host/hci_core.c\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5753 |
CVE-2023-5758 | When opening a page in reader mode, the redirect URL could have caused attacker-controlled script to execute in a reflected Cross-Site Scripting (XSS) attack. This vulnerability affects Firefox for iOS < 119. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5758 |
CVE-2023-32359 | This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2. A user's password may be read aloud by VoiceOver. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-32359 |
CVE-2023-40401 | The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.6.1. An attacker may be able to access passkeys without authentication. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40401 |
CVE-2023-40404 | A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Sonoma 14.1. An app may be able to execute arbitrary code with kernel privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40404 |
CVE-2023-40405 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1. An app may be able to read sensitive location information. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40405 |
CVE-2023-40408 | An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Hide My Email may be deactivated unexpectedly. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40408 |
CVE-2023-40413 | The issue was addressed with improved handling of caches. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to read sensitive location information. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40413 |
CVE-2023-40416 | The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. Processing an image may result in disclosure of process memory. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40416 |
CVE-2023-40421 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to access sensitive user data. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40421 |
CVE-2023-40423 | The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to execute arbitrary code with kernel privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40423 |
CVE-2023-40425 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Monterey 12.7.1. An app with root privileges may be able to access private information. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40425 |
CVE-2023-40444 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.1. An app may be able to access user-sensitive data. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40444 |
CVE-2023-40445 | The issue was addressed with improved UI handling. This issue is fixed in iOS 17.1 and iPadOS 17.1. A device may persistently fail to lock. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40445 |
CVE-2023-40447 | The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40447 |
CVE-2023-40449 | The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to cause a denial-of-service. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40449 |
CVE-2023-41072 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-41072 |
CVE-2023-41077 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.1. An app may be able to access protected user data. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-41077 |
CVE-2023-41254 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to access sensitive user data. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-41254 |
CVE-2023-41975 | This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. A website may be able to access the microphone without the microphone use indicator being shown. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-41975 |
CVE-2023-41976 | A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-41976 |
CVE-2023-41977 | The issue was addressed with improved handling of caches. This issue is fixed in macOS Sonoma 14.1, iOS 16.7.2 and iPadOS 16.7.2. Visiting a malicious website may reveal browsing history. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-41977 |
CVE-2023-41982 | This issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. An attacker with physical access may be able to use Siri to access sensitive user data. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-41982 |
CVE-2023-41983 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, Safari 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Processing web content may lead to a denial-of-service. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-41983 |
CVE-2023-41988 | This issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 17.1 and iPadOS 17.1. An attacker with physical access may be able to use Siri to access sensitive user data. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-41988 |
CVE-2023-41989 | The issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1. An attacker may be able to execute arbitrary code as root from the Lock Screen. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-41989 |
CVE-2023-41997 | This issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. An attacker with physical access may be able to use Siri to access sensitive user data. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-41997 |
CVE-2023-42438 | An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1. Visiting a malicious website may lead to user interface spoofing. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42438 |
CVE-2023-42841 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1. An app may be able to execute arbitrary code with kernel privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42841 |
CVE-2023-42842 | The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1. An app may be able to access sensitive user data. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42842 |
CVE-2023-42844 | This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. A website may be able to access sensitive user data when resolving symlinks. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42844 |
CVE-2023-42845 | An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. Photos in the Hidden Photos Album may be viewed without authentication. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42845 |
CVE-2023-42846 | This issue was addressed by removing the vulnerable code. This issue is fixed in watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, tvOS 17.1, iOS 17.1 and iPadOS 17.1. A device may be passively tracked by its Wi-Fi MAC address. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42846 |
CVE-2023-42847 | A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An attacker may be able to access passkeys without authentication. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42847 |
CVE-2023-42849 | The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42849 |
CVE-2023-42850 | The issue was addressed with improved permissions logic. This issue is fixed in macOS Sonoma 14.1. An app may be able to access sensitive user data. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42850 |
CVE-2023-42852 | A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42852 |
CVE-2023-42854 | This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to cause a denial-of-service to Endpoint Security clients. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42854 |
CVE-2023-42856 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. Processing a file may lead to unexpected app termination or arbitrary code execution. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42856 |
CVE-2023-42857 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42857 |
CVE-2023-42861 | A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1. An attacker with knowledge of a standard user's credentials can unlock another standard user's locked screen on the same Mac. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42861 |
CVE-2022-4886 | Ingress-nginx `path` sanitization can be bypassed with `log_format` directive.\n | – | https://nvd.nist.gov/vuln/detail/CVE-2022-4886 |
CVE-2023-45134 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. `org.xwiki.platform:xwiki-platform-web` starting in version 3.1-milestone-1 and prior to 13.4-rc-1, `org.xwiki.platform:xwiki-platform-web-templates` prior to versions 14.10.2 and 15.5-rc-1, and `org.xwiki.platform:xwiki-web-standard` starting in version 2.4-milestone-2 and prior to version 3.1-milestone-1 are vulnerable to cross-site scripting. An attacker can create a template provider on any document that is part of the wiki (could be the attacker's user profile) that contains malicious code. This code is executed when this template provider is selected during document creation which can be triggered by sending the user to a URL. For the attacker, the only requirement is to have an account as by default the own user profile is editable. This allows an attacker to execute arbitrary actions with the rights of the user opening the malicious link. Depending on the rights of the user, this may allow remote code execution and full read and write access to the whole XWiki installation. This has been patched in `org.xwiki.platform:xwiki-platform-web` 13.4-rc-1, `org.xwiki.platform:xwiki-platform-web-templates` 14.10.2 and 15.5-rc-1, and `org.xwiki.platform:xwiki-web-standard` 3.1-milestone-1 by adding the appropriate escaping. The vulnerable template file createinline.vm is part of XWiki's WAR and can be patched by manually applying the changes from the fix. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45134 |
CVE-2023-45135 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In `org.xwiki.platform:xwiki-platform-web` versions 7.2-milestone-2 until 14.10.12 and `org.xwiki.platform:xwiki-platform-web-templates` prior to versions 14.10.12 and 15.5-rc-1, it is possible to pass a title to the page creation action that isn't displayed at first but then executed in the second step. This can be used by an attacker to trick a victim to execute code, allowing script execution if the victim has script right or remote code execution including full access to the XWiki instance if the victim has programming right.\n\nFor the attack to work, the attacker needs to convince the victim to visit a link like `<xwiki-host>/xwiki/bin/create/NonExistingSpace/WebHome?title=$services.logging.getLogger(%22foo%22).error(%22Script%20executed!%22)` where `<xwiki-host>` is the URL of the Wiki installation and to then click on the "Create" button on that page. The page looks like a regular XWiki page that the victim would also see when clicking the button to create a page that doesn't exist yet, the malicious code is not displayed anywhere on that page. After clicking the "Create" button, the malicious title would be displayed but at this point, the code has already been executed and the attacker could use this code also to hide the attack, e.g., by redirecting the victim again to the same page with an innocent title. It thus seems plausible that this attack could work if the attacker can place a fake "create page" button on a page which is possible with edit right.\n\nThis has been patched in `org.xwiki.platform:xwiki-platform-web` version 14.10.12 and `org.xwiki.platform:xwiki-platform-web-templates` versions 14.10.12 and 15.5-rc-1 by displaying the title already in the first step such that the victim can notice the attack before continuing. It is possible to manually patch the modified files from the patch in an existing installation. For the JavaScript change, the minified JavaScript file would need to be obtained from a build of XWiki and replaced accordingly. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45135 |
CVE-2023-45136 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When document names are validated according to a name strategy (disabled by default), XWiki starting in version 12.0-rc-1 and prior to versions 12.10.12 and 15.5-rc-1 is vulnerable to a reflected cross-site scripting attack in the page creation form. This allows an attacker to execute arbitrary actions with the rights of the user opening the malicious link. Depending on the rights of the user, this may allow remote code execution and full read and write access to the whole XWiki installation. This has been patched in XWiki 14.10.12 and 15.5-rc-1 by adding appropriate escaping. The vulnerable template file `createinline.vm` is part of XWiki's WAR and can be patched by manually applying the changes from the fix. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45136 |
CVE-2023-46408 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ The 41DD80 function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46408 |
CVE-2023-46409 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ 41CC04 function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46409 |
CVE-2023-46410 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ The 416F60 function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46410 |
CVE-2023-46411 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_415258 function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46411 |
CVE-2023-46412 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_41D998 function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46412 |
CVE-2023-46413 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_4155DC function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46413 |
CVE-2023-46414 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_ 41D494 function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46414 |
CVE-2023-46415 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_41E588 function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46415 |
CVE-2023-46416 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_ The 41A414 function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46416 |
CVE-2023-46417 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_415498 function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46417 |
CVE-2023-46418 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_412688 function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46418 |
CVE-2023-46419 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_415730 function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46419 |
CVE-2023-46420 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_41590C function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46420 |
CVE-2023-46421 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_411D00 function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46421 |
CVE-2023-46422 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_411994 function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46422 |
CVE-2023-46423 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_417094 function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46423 |
CVE-2023-46424 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_422BD4 function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46424 |
CVE-2023-5043 | Ingress nginx annotation injection causes arbitrary command execution.\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5043 |
CVE-2023-5044 | Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation.\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5044 |
CVE-2023-5367 | A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5367 |
CVE-2023-5380 | A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5380 |
CVE-2023-5574 | A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue occurs in Xvfb with a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode). If the pointer is warped from a screen 1 to a screen 0, a use-after-free issue may be triggered during shutdown or reset of the Xvfb server, allowing for possible escalation of privileges or denial of service. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5574 |
CVE-2023-45137 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. `org.xwiki.platform:xwiki-platform-web` starting in version 3.1-milestone-2 and prior to version 13.4-rc-1, as well as `org.xwiki.platform:xwiki-platform-web-templates` prior to versions 14.10.12 and 15.5-rc-1, are vulnerable to cross-site scripting. When trying to create a document that already exists, XWiki displays an error message in the form for creating it. Due to missing escaping, this error message is vulnerable to raw HTML injection and thus XSS. The injected code is the document reference of the existing document so this requires that the attacker first creates a non-empty document whose name contains the attack code. This has been patched in `org.xwiki.platform:xwiki-platform-web` version 13.4-rc-1 and `org.xwiki.platform:xwiki-platform-web-templates` versions 14.10.12 and 15.5-rc-1 by adding the appropriate escaping. The vulnerable template file `createinline.vm` is part of XWiki's WAR and can be patched by manually applying the changes from the fix. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45137 |
CVE-2023-46133 | CryptoES is a cryptography algorithms library compatible with ES6 and TypeScript. Prior to version 2.1.0, CryptoES PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm considered insecure since at least 2005, and defaults to one single iteration, a 'strength' or 'difficulty' value specified at 1,000 when specified in 1993. PBKDF2 relies on iteration count as a countermeasure to preimage and collision attacks. If used to protect passwords, the impact is high. If used to generate signatures, the impact is high. Version 2.1.0 contains a patch for this issue. As a workaround, configure CryptoES to use SHA256 with at least 250,000 iterations. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46133 |
CVE-2023-46134 | D-Tale is the combination of a Flask back-end and a React front-end to view & analyze Pandas data structures. Prior to version 3.7.0, users hosting D-Tale publicly can be vulnerable to remote code execution, allowing attackers to run malicious code on the server. This issue has been patched in version 3.7.0 by turning off "Custom Filter" input by default. The only workaround for versions earlier than 3.7.0 is to only host D-Tale to trusted users.\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46134 |
CVE-2023-46137 | Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled by an attacker, the attacker can delay the response on purpose to manipulate the response of the second request when a victim launched two requests using HTTP pipeline. Version 23.10.0rc1 contains a patch for this issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46137 |
CVE-2023-46233 | crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm considered insecure since at least 2005, and defaults to one single iteration, a 'strength' or 'difficulty' value specified at 1,000 when specified in 1993. PBKDF2 relies on iteration count as a countermeasure to preimage and collision attacks. If used to protect passwords, the impact is high. If used to generate signatures, the impact is high. Version 4.2.0 contains a patch for this issue. As a workaround, configure crypto-js to use SHA256 with at least 250,000 iterations. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46233 |
CVE-2023-38845 | An issue in Anglaise Company Anglaise.Company v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-38845 |
CVE-2023-38846 | An issue in Marbre Lapin Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-38846 |
CVE-2023-38847 | An issue in CHRISTINA JAPAN Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-38847 |
CVE-2023-38848 | An issue in rmc R Beauty CLINIC Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-38848 |
CVE-2023-38849 | An issue in tire-sales Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-38849 |
CVE-2023-46232 | era-compiler-vyper is the EraVM Vyper compiler for zkSync Era, a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. Prior to era-compiler-vype version 1.3.10, a bug prevented the initialization of the first immutable variable for Vyper contracts meeting certain criteria. The problem arises when there is a String or Array with more 256-bit words allocated than initialized. It results in the second word’s index unset, that is effectively set to 0, so the first immutable value with the actual 0 index is overwritten in the ImmutableSimulator. Version 1.3.10 fixes this issue by setting all indexes in advance. The problem will go away, but it will get more expensive if the user allocates a lot of uninitialized space, e.g. `String[4096]`. Upgrading and redeploying affected contracts is the only way of working around the issue.\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46232 |
CVE-2023-46583 | Cross-Site Scripting (XSS) vulnerability in PHPGurukul Nipah virus (NiV) " Testing Management System v.1.0 allows attackers to execute arbitrary code via a crafted payload injected into the State field. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46583 |
CVE-2023-46584 | SQL Injection vulnerability in PHPGurukul Nipah virus (NiV) " Testing Management System v.1.0 allows a remote attacker to escalate privileges via a crafted request to the new-user-testing.php endpoint. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46584 |
CVE-2023-30967 | Gotham Orbital-Simulator service prior to 0.692.0 was found to be vulnerable to a Path traversal issue allowing an unauthenticated user to read arbitrary files on the file system. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30967 |
CVE-2023-30969 | The Palantir Tiles1 service was found to be vulnerable to an API wide issue where the service was not performing authentication/authorization on all the endpoints.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30969 |
CVE-2023-43905 | Incorrect access control in writercms v1.1.0 allows attackers to directly obtain backend account passwords via unspecified vectors. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43905 |
CVE-2023-43906 | Xolo CMS v0.11 was discovered to contain a reflected cross-site scripting (XSS) vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43906 |
CVE-2023-46345 | Catdoc v0.95 was discovered to contain a NULL pointer dereference via the component xls2csv at src/xlsparse.c. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46345 |
CVE-2023-46668 | If Elastic Endpoint (v7.9.0 - v8.10.3) is configured to use a non-default option in which the logging level is explicitly set to debug, and when Elastic Agent is simultaneously configured to collect and send those logs to Elasticsearch, then Elastic Agent API keys can be viewed in Elasticsearch in plaintext. These API keys could be used to write arbitrary data and read Elastic Endpoint user artifacts. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46668 |
CVE-2023-46667 | An issue was discovered in Fleet Server >= v8.10.0 and < v8.10.3 where Agent enrolment tokens are being inserted into the Fleet Server’s log file in plain text. These enrolment tokens could allow someone to enrol an agent into an agent policy, and potentially use that to retrieve other secrets in the policy including for Elasticsearch and third-party services. Alternatively a threat actor could potentially enrol agents to the clusters and send arbitrary events to Elasticsearch. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46667 |
CVE-2023-31422 | An issue was discovered by Elastic whereby sensitive information is recorded in Kibana logs in the event of an error. The issue impacts only Kibana version 8.10.0 when logging in the JSON layout or when the pattern layout is configured to log the %meta pattern. Elastic has released Kibana 8.10.1 which resolves this issue. The error object recorded in the log contains request information, which can include sensitive data, such as authentication credentials, cookies, authorization headers, query params, request paths, and other metadata. Some examples of sensitive data which can be included in the logs are account credentials for kibana_system, kibana-metricbeat, or Kibana end-users. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31422 |
CVE-2023-31421 | It was discovered that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet Server did not verify whether the server certificate is valid for the target IP address; however, certificate signature validation is still performed. More specifically, when the client is configured to connect to an IP address (instead of a hostname) it does not validate the server certificate's IP SAN values against that IP address and certificate validation fails, and therefore the connection is not blocked as expected. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31421 |
CVE-2023-46752 | An issue was discovered in FRRouting FRR through 9.0.1. It mishandles malformed MP_REACH_NLRI data, leading to a crash. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46752 |
CVE-2023-46753 | An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP UPDATE message without mandatory attributes, e.g., one with only an unknown transit attribute. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46753 |
CVE-2023-46754 | The admin panel for Obl.ong before 1.1.2 allows authorization bypass because the email OTP feature accepts arbitrary numerical values. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46754 |
CVE-2023-5139 | Potential buffer overflow vulnerability at the following location in the Zephyr STM32 Crypto driver | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5139 |
CVE-2023-5798 | The Assistant WordPress plugin before 1.4.4 does not validate a parameter before making a request to it via wp_remote_get(), which could allow users with a role as low as Editor to perform SSRF attacks | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5798 |
CVE-2023-46072 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Michael Simpson Add Shortcodes Actions And Filters plugin <= 2.0.9 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46072 |
CVE-2020-17477 | Incorrect LDAP ACLs in ucs-school-ldap-acls-master in UCS@school before 4.4v5-errata allow remote teachers, staff, and school administrators to read LDAP password hashes (sambaNTPassword, krb5Key, sambaPasswordHistory, and pwhistory) via LDAP search requests. For example, a teacher can gain administrator access via an NTLM hash. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-17477 |
CVE-2023-46075 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wpdevart Contact Form Builder, Contact Widget plugin <= 2.1.6 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46075 |
CVE-2023-46088 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mammothology WP Full Stripe Free plugin <= 1.6.1 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46088 |
CVE-2023-46094 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Conversios Track Google Analytics 4, Facebook Pixel & Conversions API via Google Tag Manager for WooCommerce plugin <= 6.5.3 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46094 |
CVE-2023-5780 | A vulnerability classified as critical was found in Tongda OA 2017 11.10. This vulnerability affects unknown code of the file general/system/approve_center/flow_guide/flow_type/set_print/delete.php. The manipulation of the argument DELETE_STR leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-243586 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5780 |
CVE-2023-5781 | A vulnerability, which was classified as critical, has been found in Tongda OA 2017 11.10. This issue affects the function DELETE_STR of the file general/system/res_manage/monitor/delete_webmail.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243587. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5781 |
CVE-2023-41095 | Missing Encryption of Security Keys vulnerability in Silicon Labs OpenThread SDK on 32 bit, ARM (SecureVault High modules) allows potential modification or extraction of network credentials stored in flash.\nThis issue affects Silicon Labs OpenThread SDK: 2.3.1 and earlier.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-41095 |
CVE-2023-41096 | Missing Encryption of Security Keys vulnerability in Silicon Labs Ember ZNet SDK on 32 bit, ARM (SecureVault High modules)\n allows potential modification or extraction of network credentials stored in flash.\n\n\nThis issue affects Silicon Labs Ember ZNet SDK: 7.3.1 and earlier.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-41096 |
CVE-2023-46090 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WebDorado WDSocialWidgets plugin <= 1.0.15 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46090 |
CVE-2023-5782 | A vulnerability, which was classified as critical, was found in Tongda OA 2017 up to 11.10. Affected is an unknown function of the file /manage/delete_query.php of the component General News. The manipulation of the argument NEWS_ID leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243588. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5782 |
CVE-2023-5783 | A vulnerability has been found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this vulnerability is an unknown functionality of the file general/system/approve_center/flow_sort/flow/delete.php. The manipulation of the argument id/sort_parent leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-243589 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5783 |
CVE-2023-45867 | ILIAS (2013-09-12 release) contains a medium-criticality Directory Traversal local file inclusion vulnerability in the ScormAicc module. An attacker with a privileged account, typically holding the tutor role, can exploit this to gain unauthorized access to and potentially retrieve confidential files stored on the web server. The attacker can access files that are readable by the web server user www-data; this may include sensitive configuration files and documents located outside the documentRoot. The vulnerability is exploited by an attacker who manipulates the file parameter in a URL, inserting directory traversal sequences in order to access unauthorized files. This manipulation allows the attacker to retrieve sensitive files, such as /etc/passwd, potentially compromising the system's security. This issue poses a significant risk to confidentiality and is remotely exploitable over the internet. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45867 |
CVE-2023-45868 | The Learning Module in ILIAS 7.25 (2023-09-12 release) allows an attacker (with basic user privileges) to achieve a high-impact Directory Traversal attack on confidentiality and availability. By exploiting this network-based vulnerability, the attacker can move specified directories, normally outside the documentRoot, to a publicly accessible location via the PHP function rename(). This results in a total loss of confidentiality, exposing sensitive resources, and potentially denying access to the affected component and the operating system's components. To exploit this, an attacker must manipulate a POST request during the creation of an exercise unit, by modifying the old_name and new_name parameters via directory traversal. However, it's essential to note that, when exploiting this vulnerability, the specified directory will be relocated from its original location, rendering all files obtained from there unavailable. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45868 |
CVE-2023-45869 | ILIAS 7.25 (2023-09-12) allows any authenticated user to execute arbitrary operating system commands remotely, when a highly privileged account accesses an XSS payload. The injected commands are executed via the exec() function in the execQuoted() method of the ilUtil class (/Services/Utilities/classes/class.ilUtil.php) This allows attackers to inject malicious commands into the system, potentially compromising the integrity, confidentiality, and availability of the ILIAS installation and the underlying operating system. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45869 |
CVE-2023-46234 | browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in `dsaVerify` function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack. All places in this project that involve DSA verification of user-input signatures will be affected by this vulnerability. This issue has been patched in version 4.2.2.\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46234 |
CVE-2023-46238 | ZITADEL is an identity infrastructure management system. ZITADEL users can upload their own avatar image using various image types including SVG. SVG can include scripts, such as javascript, which can be executed during rendering. Due to a missing security header, an attacker could inject code to an SVG to gain access to the victim’s account in certain scenarios. A victim would need to directly open the malicious image in the browser, where a single session in ZITADEL needs to be active for this exploit to work. If the possible victim had multiple or no active sessions in ZITADEL, the attack would not succeed. This issue has been patched in version 2.39.2 and 2.38.2. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46238 |
CVE-2023-5784 | A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. Affected by this issue is some unknown functionality of the file /protocol/firewall/uploadfirewall.php. The manipulation of the argument messagecontent leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-243590 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5784 |
CVE-2023-5785 | A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been classified as critical. This affects an unknown part of the file /protocol/firewall/addaddress_interpret.php. The manipulation of the argument messagecontent leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243591. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5785 |
CVE-2023-5786 | A vulnerability was found in GeoServer GeoWebCache up to 1.15.1. It has been declared as problematic. This vulnerability affects unknown code of the file /geoserver/gwc/rest.html. The manipulation leads to direct request. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243592. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5786 |
CVE-2023-5787 | A vulnerability was found in Shaanxi Chanming Education Technology Score Query System 5.0. It has been rated as critical. This issue affects some unknown processing. The manipulation of the argument stuIdCard leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243593 was assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5787 |
CVE-2023-41966 | \n\n\nThe application suffers from a privilege escalation vulnerability. A \nuser with read permissions can elevate privileges by sending a HTTP POST\n to set a parameter.\n\n\n\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-41966 |
CVE-2023-42769 | The cookie session ID is of insufficient length and can be exploited by \nbrute force, which may allow a remote attacker to obtain a valid \nsession, bypass authentication, and manipulate the transmitter.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42769 |
CVE-2023-43208 | NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that this vulnerability is caused by the incomplete patch of CVE-2023-37679. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43208 |
CVE-2023-45228 | \n\nThe application suffers from improper access control when editing users.\n A user with read permissions can manipulate users, passwords, and \npermissions by sending a single HTTP POST request with modified \nparameters.\n\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45228 |
CVE-2023-45317 | \nThe application interface allows users to perform certain actions via \nHTTP requests without performing any validity checks to verify the \nrequests. This can be exploited to perform certain actions with \nadministrative privileges if a logged-in user visits a malicious web \nsite.\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45317 |
CVE-2023-46666 | An issue was discovered when using Document Level Security and the SPO "Limited Access" functionality in Elastic Sharepoint Online Python Connector. If a user is assigned limited access permissions to an item on a Sharepoint site then that user would have read permissions to all content on the Sharepoint site through Elasticsearch. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46666 |
CVE-2023-5622 | \nUnder certain conditions, Nessus Network Monitor could allow a low privileged user to escalate privileges to NT AUTHORITY\\SYSTEM on Windows hosts by replacing a specially crafted file. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5622 |
CVE-2023-5623 | \nNNM failed to properly set ACLs on its installation directory, which could allow a low privileged user to run arbitrary code with SYSTEM privileges where NNM is installed to a non-standard location\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5623 |
CVE-2023-5624 | \nUnder certain conditions, Nessus Network Monitor was found to not properly enforce input validation. This could allow an admin user to alter parameters that could potentially allow a blindSQL injection.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5624 |
CVE-2023-5789 | A vulnerability classified as problematic has been found in Dragon Path 707GR1 up to 20231022. Affected is an unknown function of the component Ping Diagnostics. The manipulation of the argument Host Address with the input >><img/src/onerror=alert(1)> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-243594 is the identifier assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5789 |
CVE-2023-31417 | Elasticsearch generally filters out sensitive information and credentials before logging to the audit log. It was found that this filtering was not applied when requests to Elasticsearch use certain deprecated URIs for APIs. The impact of this flaw is that sensitive information such as passwords and tokens might be printed in cleartext in Elasticsearch audit logs. Note that audit logging is disabled by default and needs to be explicitly enabled and even when audit logging is enabled, request bodies that could contain sensitive information are not printed to the audit log unless explicitly configured.\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31417 |
CVE-2023-31418 | An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenticated user could force an Elasticsearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests. The issue was identified by Elastic Engineering and we have no indication that the issue is known or that it is being exploited in the wild. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31418 |
CVE-2023-31419 | A flaw was discovered in Elasticsearch, affecting the _search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service.\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31419 |
CVE-2023-5793 | A vulnerability was found in flusity CMS and classified as problematic. This issue affects the function loadCustomBlocCreateForm of the file /core/tools/customblock.php of the component Dashboard. The manipulation of the argument customblock_place leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named 81252bc764e1de2422e79e36194bba1289e7a0a5. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-243599. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5793 |
CVE-2023-5794 | A vulnerability was found in PHPGurukul Online Railway Catering System 1.0. It has been classified as critical. Affected is an unknown function of the file index.php of the component Login. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-243600. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5794 |
CVE-2023-5795 | A vulnerability was found in CodeAstro POS System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /profil of the component Profile Picture Handler. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243601 was assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5795 |
CVE-2023-5796 | A vulnerability was found in CodeAstro POS System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /setting of the component Logo Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-243602 is the identifier assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5796 |
CVE-2023-31416 | Secret token configuration is never applied when using ECK <2.8 with APM Server >=8.0. This could lead to anonymous requests to an APM Server being accepted and the data ingested into this APM deployment. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31416 |
CVE-2023-0897 | \nSielco PolyEco1000 is vulnerable to a session hijack vulnerability due to the cookie being vulnerable to a brute force attack, lack of SSL, and the session being visible in requests.\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0897 |
CVE-2023-39427 | \nIn Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share v12 SP0 Build (1204.77), the affected applications lack proper validation of user-supplied data when parsing XE files. This could lead to an out-of-bounds write. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-39427 |
CVE-2023-39936 | \n\n\nIn Ashlar-Vellum Graphite v13.0.48, the affected application lacks proper validation of user-supplied data when parsing VC6 files. This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-39936 |
CVE-2023-46661 | \nSielco PolyEco1000 is vulnerable to an attacker escalating their privileges by modifying passwords in POST requests.\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46661 |
CVE-2023-46662 | \n\n\n\n\nSielco PolyEco1000 is vulnerable to an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this via a specially crafted request to gain access to sensitive information.\n\n\n\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46662 |
CVE-2023-5754 | \n\n\n\n\nSielco PolyEco1000 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system.\n\n\n\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5754 |
CVE-2023-5804 | A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0 and classified as critical. This issue affects some unknown processing of the file login.php. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The identifier VDB-243617 was assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5804 |
CVE-2023-33558 | An information disclosure vulnerability in the component users-grid-data.php of Ocomon before v4.0.1 allows attackers to obtain sensitive information such as e-mails and usernames. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-33558 |
CVE-2023-33559 | A local file inclusion vulnerability via the lang parameter in OcoMon before v4.0.1 allows attackers to execute arbitrary code by supplying a crafted PHP file. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-33559 |
CVE-2023-39726 | An issue in Mintty v.3.6.4 and before allows a remote attacker to execute arbitrary code via crafted commands to the terminal. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-39726 |
CVE-2023-46663 | \n\n\n\n\n\n\n\n\nSielco PolyEco1000 is vulnerable to an attacker bypassing authorization and accessing resources behind protected pages. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests.\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46663 |
CVE-2023-46664 | \n\n\n\n\n\n\n\n\n\n\n\n\nSielco PolyEco1000 is vulnerable to an improper access control vulnerability when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources behind protected pages.\n\n\n\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46664 |
CVE-2023-46665 | \n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nSielco PolyEco1000 is vulnerable to an authentication bypass vulnerability due to an attacker modifying passwords in a POST request and gain unauthorized access to the affected device with administrative privileges.\n\n\n\n\n\n\n\n\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46665 |
CVE-2018-16739 | An issue was discovered on certain ABUS TVIP devices. Due to a path traversal in /opt/cgi/admin/filewrite, an attacker can write to files, and thus execute code arbitrarily with root privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2018-16739 |
CVE-2018-17558 | Hardcoded manufacturer credentials and an OS command injection vulnerability in the /cgi-bin/mft/ directory on ABUS TVIP TVIP20050 LM.1.6.18, TVIP10051 LM.1.6.18, TVIP11050 MG.1.6.03.05, TVIP20550 LM.1.6.18, TVIP10050 LM.1.6.18, TVIP11550 MG.1.6.03, TVIP21050 MG.1.6.03, and TVIP51550 MG.1.6.03 cameras allow remote attackers to execute code as root. | – | https://nvd.nist.gov/vuln/detail/CVE-2018-17558 |
CVE-2018-17559 | Due to incorrect access control, unauthenticated remote attackers can view the /video.mjpg video stream of certain ABUS TVIP cameras. | – | https://nvd.nist.gov/vuln/detail/CVE-2018-17559 |
CVE-2018-17878 | Buffer Overflow vulnerability in certain ABUS TVIP cameras allows attackers to gain control of the program via crafted string sent to sprintf() function. | – | https://nvd.nist.gov/vuln/detail/CVE-2018-17878 |
CVE-2018-17879 | An issue was discovered on certain ABUS TVIP cameras. The CGI scripts allow remote attackers to execute code via system() as root. There are several injection points in various scripts. | – | https://nvd.nist.gov/vuln/detail/CVE-2018-17879 |
CVE-2023-38328 | An issue was discovered in eGroupWare 17.1.20190111. An Improper Password Storage vulnerability affects the setup panel of under setup/manageheader.php, which allows authenticated remote attackers with administrator credentials to read a cleartext database password. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-38328 |
CVE-2023-42406 | SQL injection vulnerability in D-Link Online behavior audit gateway DAR-7000 V31R02B1413C allows a remote attacker to obtain sensitive information and execute arbitrary code via the editrole.php component. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42406 |
CVE-2023-43352 | An issue in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload to the Content Manager Menu component. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43352 |
CVE-2023-5805 | A vulnerability was found in SourceCodester Simple Real Estate Portal System 1.0. It has been classified as critical. Affected is an unknown function of the file view_estate.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-243618 is the identifier assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5805 |
CVE-2023-27170 | Xpand IT Write-back manager v2.3.1 allows attackers to perform a directory traversal via modification of the siteName parameter. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27170 |
CVE-2023-42188 | IceCMS v2.0.1 is vulnerable to Cross Site Request Forgery (CSRF). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42188 |
CVE-2023-46374 | ZenTao Enterprise Edition version 4.1.3 and before is vulnerable to Cross Site Scripting (XSS). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46374 |
CVE-2023-46491 | ZenTao Biz version 4.1.3 and before has a Cross Site Scripting (XSS) vulnerability in the Version Library. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46491 |
CVE-2023-46375 | ZenTao Biz version 4.1.3 and before is vulnerable to Cross Site Request Forgery (CSRF). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46375 |
CVE-2023-46376 | Zentao Biz version 8.7 and before is vulnerable to Information Disclosure. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46376 |
CVE-2023-46505 | Cross Site Scripting vulnerability in FanCMS v.1.0.0 allows an attacker to execute arbitrary code via the content1 parameter in the demo.php file. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46505 |
CVE-2023-5810 | A vulnerability, which was classified as problematic, has been found in flusity CMS. This issue affects the function loadPostAddForm of the file core/tools/posts.php. The manipulation of the argument edit_post_id leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The identifier of the patch is 6943991c62ed87c7a57989a0cb7077316127def8. It is recommended to apply a patch to fix this issue. The identifier VDB-243641 was assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5810 |
CVE-2023-5811 | A vulnerability, which was classified as problematic, was found in flusity CMS. Affected is the function loadPostAddForm of the file core/tools/posts.php. The manipulation of the argument menu_id leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as 6943991c62ed87c7a57989a0cb7077316127def8. It is recommended to apply a patch to fix this issue. VDB-243642 is the identifier assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5811 |
CVE-2023-5812 | A vulnerability has been found in flusity CMS and classified as critical. Affected by this vulnerability is the function handleFileUpload of the file core/tools/upload.php. The manipulation of the argument uploaded_file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-243643. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5812 |
CVE-2023-5813 | A vulnerability was found in SourceCodester Task Reminder System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /classes/Master.php?f=delete_reminder. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-243644. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5813 |
CVE-2023-5814 | A vulnerability was found in SourceCodester Task Reminder System 1.0. It has been classified as critical. This affects an unknown part of the file /classes/Master.php?f=save_reminder. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-243645 was assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5814 |
CVE-2023-46813 | An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access to MMIO registers. Incorrect access checking in the #VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses could lead to arbitrary write access to kernel memory (and thus privilege escalation). This depends on a race condition through which userspace can replace an instruction before the #VC handler reads it. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46813 |
CVE-2023-45498 | VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain a command injection vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45498 |
CVE-2023-45499 | VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain hardcoded credentials. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45499 |
CVE-2023-46503 | Cross Site Scripting (XSS) vulnerability in PwnCYN YXBOOKCMS v.1.0.2 allows a remote attacker to execute arbitrary code via the reader management and book input modules. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46503 |
CVE-2023-46504 | Cross Site Scripting (XSS) vulnerability in PwnCYN YXBOOKCMS v.1.0.2 allows a physically proximate attacker to execute arbitrary code via the library name function in the general settings component. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46504 |
CVE-2023-46815 | An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using a crafted request, custom PHP code can be injected via the Notes module because of missing input validation. An attacker with regular user privileges can exploit this. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46815 |
CVE-2023-46816 | An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. A Server Site Template Injection (SSTI) vulnerability has been identified in the GecControl action. By using a crafted request, custom PHP code can be injected via the GetControl action because of missing input validation. An attacker with regular user privileges can exploit this. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46816 |
CVE-2023-46818 | An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if admin_allow_langedit is enabled. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46818 |
CVE-2023-5051 | The CallRail Phone Call Tracking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'callrail_form' shortcode in versions up to, and including, 0.5.2 due to insufficient input sanitization and output escaping on the 'form_id' user supplied attribute. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5051 |
CVE-2023-34057 | VMware Tools contains a local privilege escalation vulnerability. A malicious actor with local user access to a guest virtual machine may elevate privileges within the virtual machine.\n\n\n\n\n\n\n\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-34057 |
CVE-2023-34058 | VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html . | – | https://nvd.nist.gov/vuln/detail/CVE-2023-34058 |
CVE-2023-34059 | open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the \n/dev/uinput file descriptor allowing them to simulate user inputs. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-34059 |
CVE-2023-44219 | A local privilege escalation vulnerability in SonicWall Directory Services Connector Windows MSI client 4.1.21 and earlier versions allows a local low-privileged user to gain system privileges through running the recovery feature. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44219 |
CVE-2023-44220 | SonicWall NetExtender Windows (32-bit and 64-bit) client 10.2.336 and earlier versions have a DLL Search Order Hijacking vulnerability in the start-up DLL component. Successful exploitation via a local attacker could result in command execution in the target system. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44220 |
CVE-2023-46091 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bala Krishna, Sergey Yakovlev Category SEO Meta Tags plugin <= 2.5 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46091 |
CVE-2023-46093 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in LionScripts.Com Webmaster Tools plugin <= 2.0 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46093 |
CVE-2023-46153 | Unauth. Stored Cross-Site Scripting (XSS) vulnerability in UserFeedback Team User Feedback plugin <= 1.0.9 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46153 |
CVE-2023-46192 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Internet Marketing Ninjas Internal Link Building plugin <= 1.2.3 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46192 |
CVE-2023-46194 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Eric Teubert Archivist – Custom Archive Templates plugin <= 1.7.5 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46194 |
CVE-2023-46199 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Triberr plugin <= 4.1.1 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46199 |
CVE-2023-5774 | The Animated Counters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5774 |
CVE-2023-5817 | The Neon text plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's neontext_box shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes (color). This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5817 |
CVE-2023-5705 | The VK Filter Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vk_filter_search' shortcode in all versions up to, and including, 2.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5705 |
CVE-2023-5820 | The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the addedit functionality. This makes it possible for unauthenticated attackers to upload arbitrary files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5820 |
CVE-2023-5821 | The Thumbnail carousel slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing nonce validation on the deleteselected function. This makes it possible for unauthenticated attackers to delete sliders in bulk via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5821 |
CVE-2023-46393 | gougucms v4.08.18 was discovered to contain a password reset poisoning vulnerability which allows attackers to arbitrarily reset users' passwords via a crafted packet. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46393 |
CVE-2023-46394 | A stored cross-site scripting (XSS) vulnerability in /home/user/edit_submit of gougucms v4.08.18 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the headimgurl parameter. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46394 |
CVE-2023-46604 | Apache ActiveMQ is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker with network access to a broker to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath. \n\nUsers are recommended to upgrade to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3, which fixes this issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46604 |
CVE-2023-5826 | A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/list_onlineuser.php. The manipulation of the argument SessionId leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243716. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5826 |
CVE-2023-5827 | A vulnerability was found in Shanghai CTI Navigation CTI Monitoring and Early Warning System 2.2. It has been classified as critical. This affects an unknown part of the file /Web/SysManage/UserEdit.aspx. The manipulation of the argument ID leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-243717 was assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5827 |
CVE-2022-34886 | A remote code execution vulnerability was found in the firmware used in some Lenovo printers, which can be caused by a remote user pushing an illegal string to the server-side interface via a script, resulting in a stack overflow. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34886 |
CVE-2022-34887 | Standard users can directly operate and set printer configuration information , such as IP, in some Lenovo Printers without having to authenticate with the administrator password. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34887 |
CVE-2022-3429 | A denial-of-service vulnerability was found in the firmware used in Lenovo printers, where users send illegal or malformed strings to an open port, triggering a denial of service that causes a display error and prevents the printer from functioning properly. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-3429 |
CVE-2023-27854 | \nAn arbitrary code execution vulnerability was reported to Rockwell Automation in Arena Simulation that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow. The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availability of the product. The user would need to open a malicious file provided to them by the attacker for the code to execute.\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27854 |
CVE-2023-27858 | \nRockwell Automation Arena Simulation contains an arbitrary code execution vulnerability that could potentially allow a malicious user to commit unauthorized code to the software by using an uninitialized pointer in the application. The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availability of the product. The user would need to open a malicious file provided to them by the attacker for the code to execute.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27858 |
CVE-2023-46246 | Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46246 |
CVE-2023-46289 | \nRockwell Automation FactoryTalk View Site Edition insufficiently validates user input, which could potentially allow threat actors to send malicious data bringing the product offline. If exploited, the product would become unavailable and require a restart to recover resulting in a denial-of-service condition.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46289 |
CVE-2023-46290 | \nDue to inadequate code logic, a previously unauthenticated threat actor could potentially obtain a local Windows OS user token through the FactoryTalk® Services Platform web service and then use the token to log in into FactoryTalk® Services Platform . This vulnerability can only be exploited if the authorized user did not previously log in into the FactoryTalk® Services Platform web service.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46290 |
CVE-2023-4967 | Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA Virtual Server | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4967 |
CVE-2022-3611 | An information disclosure vulnerability has been identified in the Lenovo App Store which may allow some applications to gain unauthorized access to sensitive user data used by other unrelated applications. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-3611 |
CVE-2022-3681 | A vulnerability has been identified in the MR2600 router v1.0.18 and earlier that could allow an attacker within range of the wireless network to successfully brute force the WPS pin, potentially allowing them unauthorized access to a wireless network.\n | – | https://nvd.nist.gov/vuln/detail/CVE-2022-3681 |
CVE-2022-3700 | A Time of Check Time of Use (TOCTOU) vulnerability was reported in the Lenovo Vantage SystemUpdate Plugin version 2.0.0.212 and earlier that could allow a local attacker to delete arbitrary files. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-3700 |
CVE-2022-3701 | \nA privilege elevation vulnerability was reported in the Lenovo Vantage SystemUpdate plugin version 2.0.0.212 and earlier that could allow a local attacker to execute arbitrary code with elevated privileges.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2022-3701 |
CVE-2022-3702 | \nA denial of service vulnerability was reported in Lenovo Vantage HardwareScan Plugin version 1.3.0.5 and earlier that could allow a local attacker to delete contents of an arbitrary directory under certain conditions.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2022-3702 |
CVE-2023-29009 | baserCMS is a website development framework with WebAPI that runs on PHP8 and CakePHP4. There is a XSS Vulnerability in Favorites Feature to baserCMS. This issue has been patched in version 4.8.0.\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29009 |
CVE-2023-46407 | FFmpeg prior to commit bf814 was discovered to contain an out of bounds read via the dist->alphabet_size variable in the read_vlc_prefix() function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46407 |
CVE-2023-46852 | In Memcached before 1.6.22, a buffer overflow exists when processing multiget requests in proxy mode, if there are many spaces after the "get" substring. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46852 |
CVE-2023-46853 | In Memcached before 1.6.22, an off-by-one error exists when processing proxy requests in proxy mode, if \\n is used instead of \\r\\n. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46853 |
CVE-2023-5828 | A vulnerability was found in Nanning Ontall Longxing Industrial Development Zone Project Construction and Installation Management System up to 20231026. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.aspx. The manipulation of the argument tbxUserName leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243727. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5828 |
CVE-2023-5829 | A vulnerability was found in code-projects Admission Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file student_avatar.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243728. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5829 |
CVE-2022-34832 | An issue was discovered in VERMEG AgileReporter 21.3. XXE can occur via an XML document to the Analysis component. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34832 |
CVE-2022-34833 | An issue was discovered in VERMEG AgileReporter 21.3. An admin can enter an XSS payload in the Analysis component. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34833 |
CVE-2022-34834 | An issue was discovered in VERMEG AgileReporter 21.3. Attackers can gain privileges via an XSS payload in an Add Comment action to the Activity log. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34834 |
CVE-2023-32738 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alkaweb Eonet Manual User Approve plugin <= 2.1.3 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-32738 |
CVE-2023-35794 | An issue was discovered in Cassia Access Controller 2.1.1.2303271039. The Web SSH terminal endpoint (spawned console) can be accessed without authentication. Specifically, there is no session cookie validation on the Access Controller; instead, there is only Basic Authentication to the SSH console. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-35794 |
CVE-2023-40139 | In FillUi of FillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40139 |
CVE-2023-40140 | In android_view_InputDevice_create of android_view_InputDevice.cpp, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40140 |
CVE-2023-46510 | An issue in ZIONCOM (Hong Kong) Technology Limited A7000R v.4.1cu.4154 allows an attacker to execute arbitrary code via the cig-bin/cstecgi.cgi to the settings/setPasswordCfg function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46510 |
CVE-2023-5830 | A vulnerability classified as critical has been found in ColumbiaSoft Document Locator. This affects an unknown part of the file /api/authentication/login of the component WebTools. The manipulation of the argument Server leads to improper authentication. It is possible to initiate the attack remotely. Upgrading to version 7.2 SP4 and 2021.1 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-243729 was assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5830 |
CVE-2023-46490 | SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the form_actions() function in the managers.php function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46490 |
CVE-2023-5834 | HashiCorp Vagrant's Windows installer targeted a custom location with a non-protected path that could be junctioned, introducing potential for unauthorized file system writes. Fixed in Vagrant 2.4.0. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5834 |
CVE-2023-46587 | Buffer Overflow vulnerability in XnView Classic v.2.51.5 allows a local attacker to execute arbitrary code via a crafted TIF file. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46587 |
CVE-2023-43322 | ZPE Systems, Inc Nodegrid OS v5.0.0 to v5.0.17, v5.2.0 to v5.2.19, v5.4.0 to v5.4.16, v5.6.0 to v5.6.13, v5.8.0 to v5.8.10, and v5.10.0 to v5.10.3 was discovered to contain a command injection vulnerability via the endpoint /v1/system/toolkit/files/. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43322 |
CVE-2023-46467 | Cross Site Scripting vulnerability in juzawebCMS v.3.4 and before allows a remote attacker to execute arbitrary code via a crafted payload to the username parameter of the registration page. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46467 |
CVE-2023-46215 | Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow.\n\nSensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend\nNote: the vulnerability is about the information exposed in the logs not about accessing the logs.\n\nThis issue affects Apache Airflow Celery provider: from 3.3.0 through 3.4.0; Apache Airflow: from 1.10.0 through 2.6.3.\n\nUsers are recommended to upgrade Airflow Celery provider to version 3.4.1 and Apache Airlfow to version 2.7.0 which fixes the issue.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46215 |
CVE-2023-5425 | The Post Meta Data Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdm_wp_change_user_meta and pmdm_wp_change_post_meta functions in versions up to, and including, 1.2.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to gain elevated (e.g., administrator) privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5425 |
CVE-2023-5426 | The Post Meta Data Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdm_wp_delete_user_meta, pmdm_wp_delete_term_meta, and pmdm_wp_ajax_delete_meta functions in versions up to, and including, 1.2.0. This makes it possible for unauthenticated attackers to delete user, term, and post meta belonging to arbitrary users. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5426 |
CVE-2023-5835 | A vulnerability classified as problematic was found in hu60t hu60wap6. Affected by this vulnerability is the function markdown of the file src/class/ubbparser.php. The manipulation leads to cross site scripting. The attack can be launched remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named a1cd9f12d7687243bfcb7ce295665acb83b9174e. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-243775. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5835 |
CVE-2023-45897 | exfatprogs before 1.2.2 allows out-of-bounds memory access, such as in read_file_dentry_set. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45897 |
CVE-2023-46854 | Proxmox proxmox-widget-toolkit before 4.0.9, as used in multiple Proxmox products, allows XSS via the edit notes feature. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46854 |
CVE-2023-5836 | A vulnerability was found in SourceCodester Task Reminder System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file classes/Users.php?f=delete. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-243800. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5836 |
CVE-2023-5837 | A vulnerability classified as problematic was found in AlexanderLivanov FotosCMS2 up to 2.4.3. This vulnerability affects unknown code of the file profile.php of the component Cookie Handler. The manipulation of the argument username leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-243802 is the identifier assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5837 |
CVE-2023-40686 | Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator contains a local privilege escalation vulnerability. A malicious actor with command line access to the operating system can exploit this vulnerability to elevate privileges to gain component access to the operating system. IBM X-Force ID: 264114. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40686 |
CVE-2023-43041 | IBM QRadar SIEM 7.5 is vulnerable to information exposure allowing a delegated Admin tenant user with a specific domain security profile assigned to see data from other domains. This vulnerability is due to an incomplete fix for CVE-2022-34352. IBM X-Force ID: 266808. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43041 |
CVE-2023-5838 | Insufficient Session Expiration in GitHub repository linkstackorg/linkstack prior to v4.2.9. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5838 |
CVE-2023-5839 | Privilege Chaining in GitHub repository hestiacp/hestiacp prior to 1.8.9. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5839 |
CVE-2023-5840 | Weak Password Recovery Mechanism for Forgotten Password in GitHub repository linkstackorg/linkstack prior to v4.2.9. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5840 |
CVE-2023-40685 | Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator contains a local privilege escalation vulnerability. A malicious actor with command line access to the operating system can exploit this vulnerability to elevate privileges to gain root access to the operating system. IBM X-Force ID: 264116. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40685 |
CVE-2023-46862 | An issue was discovered in the Linux kernel through 6.5.9. During a race with SQ thread exit, an io_uring/fdinfo.c io_uring_show_fdinfo NULL pointer dereference can occur. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46862 |
CVE-2021-33634 | iSulad uses the lcr+lxc runtime (default) to run malicious images, which can cause DOS.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2021-33634 |
CVE-2021-33635 | When malicious images are pulled by isula pull, attackers can execute arbitrary code. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-33635 |
CVE-2021-33636 | \nWhen the isula load command is used to load malicious images, attackers can execute arbitrary code.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2021-33636 |
CVE-2021-33637 | \nWhen the isula export command is used to export a container to an image and the container is controlled by an attacker, the attacker can escape the container.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2021-33637 |
CVE-2021-33638 | \nWhen the isula cp command is used to copy files from a container to a host machine and the container is controlled by an attacker, the attacker can escape the container.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2021-33638 |
CVE-2005-10002 | A vulnerability, which was classified as critical, was found in almosteffortless secure-files Plugin up to 1.1 on WordPress. Affected is the function sf_downloads of the file secure-files.php. The manipulation of the argument downloadfile leads to path traversal. Upgrading to version 1.2 is able to address this issue. The name of the patch is cab025e5fc2bcdad8032d833ebc38e6bd2a13c92. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-243804. | – | https://nvd.nist.gov/vuln/detail/CVE-2005-10002 |
CVE-2007-10003 | A vulnerability, which was classified as critical, has been found in The Hackers Diet Plugin up to 0.9.6b on WordPress. This issue affects some unknown processing of the file ajax_blurb.php of the component HTTP POST Request Handler. The manipulation of the argument user leads to sql injection. The attack may be initiated remotely. Upgrading to version 0.9.7b is able to address this issue. The patch is named 7dd8acf7cd8442609840037121074425d363b694. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-243803. | – | https://nvd.nist.gov/vuln/detail/CVE-2007-10003 |
CVE-2023-46863 | Peppermint Ticket Management before 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/users/file/download?filepath=./../ POST request. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46863 |
CVE-2023-46864 | Peppermint Ticket Management through 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/ticket/1/file/download?filepath=../ POST request. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46864 |
CVE-2023-4393 | HTML and SMTP injections on the registration page of LiquidFiles versions 3.7.13 and below, allow an attacker to perform more advanced phishing attacks against an organization. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4393 |
CVE-2023-46865 | /api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to execute arbitrary PHP code by placing this code into an image/png IDAT chunk of a Company Logo image. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46865 |
CVE-2023-5842 | Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0.5. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5842 |
CVE-2021-25736 | Kube-proxy\n on Windows can unintentionally forward traffic to local processes \nlistening on the same port (“spec.ports[*].port”) as a LoadBalancer \nService when the LoadBalancer controller\n does not set the “status.loadBalancer.ingress[].ip” field. Clusters \nwhere the LoadBalancer controller sets the \n“status.loadBalancer.ingress[].ip” field are unaffected.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2021-25736 |
CVE-2023-46866 | In International Color Consortium DemoIccMAX 79ecb74, CIccCLUT::Interp3d in IccProfLib/IccTagLut.cpp in libSampleICC.a attempts to access array elements at out-of-bounds indexes. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46866 |
CVE-2023-46867 | In International Color Consortium DemoIccMAX 79ecb74, CIccXformMatrixTRC::GetCurve in IccCmm.cpp in libSampleICC.a has a NULL pointer dereference. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46867 |
CVE-2023-44141 | Inkdrop prior to v5.6.0 allows a local attacker to conduct a code injection attack by having a legitimate user open a specially crafted markdown file. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44141 |
CVE-2023-45746 | Cross-site scripting vulnerability in Movable Type series allows a remote authenticated attacker to inject an arbitrary script. Affected products/versions are as follows: Movable Type 7 r.5405 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5405 and earlier (Movable Type 7 Series), Movable Type Premium 1.58 and earlier, Movable Type Premium Advanced 1.58 and earlier, Movable Type Cloud Edition (Version 7) r.5405 and earlier, and Movable Type Premium Cloud Edition 1.58 and earlier. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45746 |
CVE-2023-45797 | A Buffer overflow vulnerability in DreamSecurity MagicLine4NX versions 1.0.0.1 to 1.0.0.26 allows an attacker to remotely execute code. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45797 |
CVE-2023-45798 | In Yettiesoft VestCert versions 2.36 to 2.5.29, a vulnerability exists due to improper validation of third-party modules. This allows malicious actors to load arbitrary third-party modules, leading to remote code execution. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45798 |
CVE-2023-45799 | In MLSoft TCO!stream versions 8.0.22.1115 and below, a vulnerability exists due to insufficient permission validation. This allows an attacker to make the victim download and execute arbitrary files.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45799 |
CVE-2023-42431 | Cross-site Scripting (XSS) vulnerability in BlueSpiceAvatars extension of BlueSpice allows logged in user to inject arbitrary HTML into the profile image dialog on Special:Preferences. This only applies to the genuine user context. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42431 |
CVE-2023-5844 | Unverified Password Change in GitHub repository pimcore/admin-ui-classic-bundle prior to 1.2.0. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5844 |
CVE-2023-5832 | Improper Input Validation in GitHub repository mintplex-labs/anything-llm prior to 0.1.0. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5832 |
CVE-2023-5833 | Improper Access Control in GitHub repository mintplex-labs/anything-llm prior to 0.1.0. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5833 |
CVE-2023-5049 | The Giveaways and Contests by RafflePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rafflepress' and 'rafflepress_gutenberg' shortcode in versions up to, and including, 1.12.0 due to insufficient input sanitization and output escaping on 'giframe' user supplied attribute. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5049 |
CVE-2023-5164 | The Bellows Accordion Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5164 |
CVE-2023-5199 | The PHP to Page plugin for WordPress is vulnerable Local File Inclusion to Remote Code Execution in versions up to, and including, 0.3 via the 'php-to-page' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to include local file and potentially execute code on the server. While subscribers may need to poison log files or otherwise get a file installed in order to achieve remote code execution, author and above users can upload files by default and achieve remote code execution easily. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5199 |
CVE-2023-5250 | The Grid Plus plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.3.2 via a shortcode attribute. This allows subscriber-level, and above, attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files with arbitrary content can be uploaded and included. This is limited to .php files. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5250 |
CVE-2023-5251 | The Grid Plus plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'grid_plus_save_layout_callback' and 'grid_plus_delete_callback' functions in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with subscriber privileges or above, to add, update or delete grid layout. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5251 |
CVE-2023-5252 | The FareHarbor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.6.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5252 |
CVE-2023-5315 | The Google Maps made Simple plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 0.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5315 |
CVE-2023-5335 | The Buzzsprout Podcasting plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'buzzsprout' shortcode in versions up to, and including, 1.8.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5335 |
CVE-2023-5362 | The Carousel, Recent Post Slider and Banner Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'spice_post_slider' shortcode in versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5362 |
CVE-2023-5565 | The Shortcode Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'shortmenu' shortcode in versions up to, and including, 3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5565 |
CVE-2023-5566 | The Simple Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.0.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5566 |
CVE-2023-5583 | The WP Simple Galleries plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.34 via deserialization of untrusted input from the 'wpsimplegallery_gallery' post meta via 'wpsgallery' shortcode. This allows authenticated attackers, with contributor-level permissions and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5583 |
CVE-2023-5666 | The Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tcpaccordion' shortcode in all versions up to, and including, 2.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5666 |
CVE-2023-5843 | The Ads by datafeedr.com plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 1.1.3 via the 'dfads_ajax_load_ads' function. This allows unauthenticated attackers to execute code on the server. The parameters of the callable function are limited, they cannot be specified arbitrarily. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5843 |
CVE-2022-48189 | An SMM driver input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48189 |
CVE-2022-4573 | \nAn SMI handler input validation vulnerability in the ThinkPad X1 Fold Gen 1 could allow an attacker with local access and elevated privileges to execute arbitrary code.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2022-4573 |
CVE-2022-4574 | \nAn SMI handler input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code. \n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2022-4574 |
CVE-2022-4575 | \nA vulnerability due to improper write protection of UEFI variables was reported in the BIOS of some ThinkPad models could allow an attacker with physical or local access and elevated privileges the ability to bypass Secure Boot.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2022-4575 |
CVE-2023-4964 | Potential open redirect vulnerability\nin opentext Service Management Automation X\n(SMAX) versions 2020.05, 2020.08,\n2020.11, 2021.02, 2021.05, 2021.08, 2021.11, 2022.05, 2022.11 and opentext Asset\nManagement X (AMX) versions 2021.08, 2021.11, 2022.05, 2022.11. The\nvulnerability could allow attackers to redirect a user to\nmalicious websites.\n\n\n\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4964 |
CVE-2021-39810 | In NFC, there is a possible way to setup a default contactless payment app without user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-39810 |
CVE-2022-20264 | In Usage Stats Service, there is a possible way to determine whether an app is installed, without query permissions due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-20264 |
CVE-2023-21293 | In PackageManagerNative, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21293 |
CVE-2023-21294 | In Slice, there is a possible disclosure of installed packages due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21294 |
CVE-2023-21295 | In SliceManagerService, there is a possible way to check if a content provider is installed due to a missing null check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21295 |
CVE-2023-21296 | In Permission, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21296 |
CVE-2023-21297 | In SEPolicy, there is a possible way to access the factory MAC address due to a permissions bypass. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21297 |
CVE-2023-21298 | In Slice, there is a possible disclosure of installed applications due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21298 |
CVE-2023-21299 | In Package Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21299 |
CVE-2023-21300 | In PackageManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21300 |
CVE-2023-21301 | In ActivityManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21301 |
CVE-2023-21302 | In Package Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21302 |
CVE-2023-21303 | In Content, here is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21303 |
CVE-2023-21304 | In Content Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21304 |
CVE-2023-21305 | In Content, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21305 |
CVE-2023-21306 | In ContentService, there is a possible way to read installed sync content providers due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21306 |
CVE-2023-21307 | In Bluetooth, there is a possible way for a paired Bluetooth device to access a long term identifier for an Android device due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21307 |
CVE-2023-21308 | In Composer, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21308 |
CVE-2023-21309 | In libcore, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21309 |
CVE-2023-21310 | In Bluetooth, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21310 |
CVE-2023-21311 | In Settings, there is a possible way to control private DNS settings from a secondary user due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21311 |
CVE-2023-21312 | In IntentResolver, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21312 |
CVE-2023-21313 | In Core, there is a possible way to forward calls without user knowledge due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21313 |
CVE-2023-21314 | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21314 |
CVE-2023-21315 | In Bluetooth, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21315 |
CVE-2023-21316 | In Content, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21316 |
CVE-2023-21317 | In ContentService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21317 |
CVE-2023-21318 | In Content, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21318 |
CVE-2023-21319 | In UsageStatsService, there is a possible way to read installed 3rd party apps due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21319 |
CVE-2023-21320 | In Device Policy, there is a possible way to verify if a particular admin app is registered on the device due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21320 |
CVE-2023-21321 | In Package Manager, there is a possible cross-user settings disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21321 |
CVE-2023-21323 | In Activity Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21323 |
CVE-2023-21324 | In Package Installer, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21324 |
CVE-2023-21325 | In Settings, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21325 |
CVE-2023-21326 | In Package Manager Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21326 |
CVE-2023-21327 | In Permission Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21327 |
CVE-2023-21328 | In Package Installer, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21328 |
CVE-2023-21329 | In Activity Manager, there is a possible way to determine whether an app is installed due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21329 |
CVE-2023-21330 | In Overlay Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21330 |
CVE-2023-21331 | In InputMethod, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21331 |
CVE-2023-21332 | In Text Services, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21332 |
CVE-2023-21333 | In Text Services, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21333 |
CVE-2023-21334 | In App Ops Service, there is a possible disclosure of information about installed packages due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21334 |
CVE-2023-21335 | In Settings, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21335 |
CVE-2023-21336 | In Input Method, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21336 |
CVE-2023-21337 | In InputMethod, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21337 |
CVE-2023-21338 | In Input Method, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21338 |
CVE-2023-21339 | In Minikin, there is a possible way to trigger ANR by showing a malicious message due to resource exhaustion. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21339 |
CVE-2023-21340 | In Telecomm, there is a possible way to get the call state due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21340 |
CVE-2023-21341 | In Permission Manager, there is a possible way to bypass required permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21341 |
CVE-2023-21342 | In Speech, there is a possible way to bypass background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21342 |
CVE-2023-21343 | In ActivityStarter, there is a possible background activity launch due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21343 |
CVE-2023-21344 | In Job Scheduler, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21344 |
CVE-2023-21345 | In Game Manager Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21345 |
CVE-2023-21346 | In the Device Idle Controller, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21346 |
CVE-2023-21347 | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21347 |
CVE-2023-21348 | In Window Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21348 |
CVE-2023-21349 | In Package Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21349 |
CVE-2023-21350 | In Media Projection, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21350 |
CVE-2023-21351 | In Activity Manager, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21351 |
CVE-2023-21352 | In NFA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21352 |
CVE-2023-21353 | In NFA, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21353 |
CVE-2023-21354 | In Package Manager Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21354 |
CVE-2023-21355 | In libaudioclient, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21355 |
CVE-2023-21356 | In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21356 |
CVE-2023-21357 | In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21357 |
CVE-2023-21358 | In UWB Google, there is a possible way for a malicious app to masquerade as system app com.android.uwb.resources due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21358 |
CVE-2023-21359 | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21359 |
CVE-2023-21360 | In Bluetooth, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21360 |
CVE-2023-21361 | In Bluetooth, there is a possibility of code-execution due to a use after free. This could lead to paired device escalation of privilege in the privileged Bluetooth process with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21361 |
CVE-2023-21362 | In Usage, there is a possible permanent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21362 |
CVE-2023-21364 | In ContactsProvider, there is a possible crash loop due to resource exhaustion. This could lead to local persistent denial of service in the Phone app with User execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21364 |
CVE-2023-21365 | In Contacts, there is a possible crash loop due to resource exhaustion. This could lead to local denial of service in the Phone app with User execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21365 |
CVE-2023-21366 | In Scudo, there is a possible way for an attacker to predict heap allocation patterns due to insecure implementation/design. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21366 |
CVE-2023-21367 | In Scudo, there is a possible way to exploit certain heap OOB read/write issues due to an insecure implementation/design. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21367 |
CVE-2023-21368 | In Audio, there is a possible out of bounds read due to missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21368 |
CVE-2023-21369 | In Usage Access, there is a possible way to display a Settings usage access restriction toggle screen due to a permissions bypass. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21369 |
CVE-2023-21370 | In the Security Element API, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21370 |
CVE-2023-21371 | In Secure Element, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21371 |
CVE-2023-36920 | In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the X-FRAME-OPTIONS response header is not implemented, allowing an unauthenticated attacker to attempt clickjacking, which could result in disclosure or modification of information.\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-36920 |
CVE-2023-47090 | NATS nats-server before 2.9.23 and 2.10.x before 2.10.2 has an authentication bypass. An implicit $G user in an authorization block can sometimes be used for unauthenticated access, even when the intention of the configuration was for each user to have an account. The earliest affected version is 2.2.0. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-47090 |
CVE-2023-21372 | In libdexfile, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21372 |
CVE-2023-21373 | In Telephony, there is a possible way for a guest user to change the preferred SIM due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21373 |
CVE-2023-21374 | In System UI, there is a possible factory reset protection bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21374 |
CVE-2023-21375 | In Sysproxy, there is a possible out of bounds write due to an integer underflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21375 |
CVE-2023-21376 | In Telephony, there is a possible way to retrieve the ICCID due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21376 |
CVE-2023-21377 | In SELinux Policy, there is a possible restriction bypass due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21377 |
CVE-2023-21378 | In Telecomm, there is a possible way to silence the ring for calls of secondary users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21378 |
CVE-2023-21379 | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21379 |
CVE-2023-21380 | In Bluetooth, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21380 |
CVE-2023-21381 | In Media Resource Manager, there is a possible local arbitrary code execution due to use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21381 |
CVE-2023-21382 | In Content Resolver, there is a possible method to access metadata about existing content providers on the device due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21382 |
CVE-2023-21383 | In Settings, there is a possible way for the user to unintentionally send extra data due to an unclear prompt. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21383 |
CVE-2023-21384 | In Package Manager, there is a possible possible permissions bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21384 |
CVE-2023-21385 | In Whitechapel, there is a possible out of bounds read due to memory corruption. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21385 |
CVE-2023-21387 | In User Backup Manager, there is a possible way to leak a token to bypass user confirmation for backup due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21387 |
CVE-2023-21388 | In Settings, there is a possible restriction bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21388 |
CVE-2023-21389 | In Settings, there is a possible bypass of profile owner restrictions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21389 |
CVE-2023-21390 | In Sim, there is a possible way to evade mobile preference restrictions due to a permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21390 |
CVE-2023-21391 | In Messaging, there is a possible way to disable the messaging application due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21391 |
CVE-2023-21392 | In Bluetooth, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege when connecting to a Bluetooth device with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21392 |
CVE-2023-21393 | In Settings, there is a possible way for the user to change SIM due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21393 |
CVE-2023-21394 | In Telecomm, there is a possible bypass of a multi user security boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21394 |
CVE-2023-21395 | In Bluetooth, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21395 |
CVE-2023-21396 | In Activity Manager, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21396 |
CVE-2023-21397 | In Setup Wizard, there is a possible way to save a WiFi network due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21397 |
CVE-2023-21398 | In sdksandbox, there is a possible strandhogg style overlay attack due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21398 |
CVE-2023-40101 | In collapse of canonicalize_md.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40101 |
CVE-2023-45780 | In Print Service, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45780 |
CVE-2023-47101 | The installer (aka openvpn-client-installer) in Securepoint SSL VPN Client before 2.0.40 allows local privilege escalation during installation or repair. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-47101 |
CVE-2020-36767 | tinyfiledialogs (aka tiny file dialogs) before 3.8.0 allows shell metacharacters in titles, messages, and other input data. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-36767 |
CVE-2023-41891 | FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. Prior to version 1.1.124, list endpoints on FlyteAdmin have a SQL vulnerability where a malicious user can send a REST request with custom SQL statements as list filters. The attacker needs to have access to the FlyteAdmin installation, typically either behind a VPN or authentication. Version 1.1.124 contains a patch for this issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-41891 |
CVE-2023-42803 | BigBlueButton is an open-source virtual classroom. BigBlueButton prior to version 2.6.0-beta.2 is vulnerable to unrestricted file upload, where the insertDocument API call does not validate the given file extension before saving the file, and does not remove it in case of validation failures. BigBlueButton 2.6.0-beta.2 contains a patch. There are no known workarounds. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42803 |
CVE-2023-42804 | BigBlueButton is an open-source virtual classroom. BigBlueButton prior to version 2.6.0-beta.1 has a path traversal vulnerability that allows an attacker with a valid starting folder path, to traverse and read other files without authentication, assuming the files have certain extensions (txt, swf, svg, png). In version 2.6.0-beta.1, input validation was added on the parameters being passed and dangerous characters are stripped. There are no known workarounds. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42804 |
CVE-2023-43647 | baserCMS is a website development framework. Prior to version 4.8.0, there is a cross-site scripting vulnerability in the file upload feature of baserCMS. Version 4.8.0 contains a patch for this issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43647 |
CVE-2023-43648 | baserCMS is a website development framework. Prior to version 4.8.0, there is a Directory Traversal Vulnerability in the form submission data management feature of baserCMS. Version 4.8.0 contains a patch for this issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43648 |
CVE-2023-43649 | baserCMS is a website development framework. Prior to version 4.8.0, there is a cross site request forgery vulnerability in the content preview feature of baserCMS. Version 4.8.0 contains a patch for this issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43649 |
CVE-2023-47104 | tinyfiledialogs (aka tiny file dialogs) before 3.15.0 allows shell metacharacters (such as a backquote or a dollar sign) in titles, messages, and other input data. NOTE: this issue exists because of an incomplete fix for CVE-2020-36767, which only considered single and double quote characters. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-47104 |
CVE-2023-43792 | baserCMS is a website development framework. In versions 4.6.0 through 4.7.6, there is a Code Injection vulnerability in the mail form of baserCMS. As of time of publication, no known patched versions are available. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43792 |
CVE-2023-5349 | A memory leak flaw was found in ruby-magick, an interface between Ruby and ImageMagick. This issue can lead to a denial of service (DOS) by memory exhaustion. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5349 |
CVE-2022-39172 | A stored XSS in the process overview (bersicht zugewiesener Vorgaenge) in mbsupport openVIVA c2 20220101 allows a remote, authenticated, low-privileged attacker to execute arbitrary code in the victim's browser via name field of a process. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-39172 |
CVE-2023-42323 | Cross Site Request Forgery (CSRF) vulnerability in DouHaocms v.3.3 allows a remote attacker to execute arbitrary code via the adminAction.class.php file. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42323 |
CVE-2023-45956 | An issue discovered in Govee LED Strip v3.00.42 allows attackers to cause a denial of service via crafted Move and MoveWithOnoff commands. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45956 |
CVE-2023-43797 | BigBlueButton is an open-source virtual classroom. Prior to versions 2.6.11 and 2.7.0-beta.3, Guest Lobby was vulnerable to cross-site scripting when users wait to enter the meeting due to inserting unsanitized messages to the element using unsafe innerHTML. Text sanitizing was added for lobby messages starting in versions 2.6.11 and 2.7.0-beta.3. There are no known workarounds. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43797 |
CVE-2023-43798 | BigBlueButton is an open-source virtual classroom. BigBlueButton prior to versions 2.6.12 and 2.7.0-rc.1 is vulnerable to Server-Side Request Forgery (SSRF). This issue is a bypass of CVE-2023-33176. A patch in versions 2.6.12 and 2.7.0-rc.1 disabled follow redirect at `httpclient.execute` since the software no longer has to follow it when using `finalUrl`. There are no known workarounds. We recommend upgrading to a patched version of BigBlueButton. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43798 |
CVE-2023-44397 | CloudExplorer Lite is an open source, lightweight cloud management platform. Prior to version 1.4.1, the gateway filter of CloudExplorer Lite uses a controller with path starting with `matching/API/`, which can cause a permission bypass. Version 1.4.1 contains a patch for this issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44397 |
CVE-2023-45670 | Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, the `config/save` and `config/set` endpoints of Frigate do not implement any CSRF protection. This makes it possible for a request sourced from another site to update the configuration of the Frigate server (e.g. via "drive-by" attack). Exploiting this vulnerability requires the attacker to both know very specific information about a user's Frigate server and requires an authenticated user to be tricked into clicking a specially crafted link to their Frigate instance. This vulnerability could exploited by an attacker under the following circumstances: Frigate publicly exposed to the internet (even with authentication); attacker knows the address of a user's Frigate instance; attacker crafts a specialized page which links to the user's Frigate instance; attacker finds a way to get an authenticated user to visit their specialized page and click the button/link. This issue can lead to arbitrary configuration updates for the Frigate server, resulting in denial of service and possible data exfiltration. Version 0.13.0 Beta 3 contains a patch. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45670 |
CVE-2023-45671 | Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, there is a reflected cross-site scripting vulnerability in any API endpoints reliant on the `/<camera_name>` base path as values provided for the path are not sanitized. Exploiting this vulnerability requires the attacker to both know very specific information about a user's Frigate server and requires an authenticated user to be tricked into clicking a specially crafted link to their Frigate instance. This vulnerability could exploited by an attacker under the following circumstances: Frigate publicly exposed to the internet (even with authentication); attacker knows the address of a user's Frigate instance; attacker crafts a specialized page which links to the user's Frigate instance; attacker finds a way to get an authenticated user to visit their specialized page and click the button/link. As the reflected values included in the URL are not sanitized or escaped, this permits execution arbitrary Javascript payloads. Version 0.13.0 Beta 3 contains a patch for this issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45671 |
CVE-2023-45672 | Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, an unsafe deserialization vulnerability was identified in the endpoints used to save configurations for Frigate. This can lead to unauthenticated remote code execution. This can be performed through the UI at `/config` or through a direct call to `/api/config/save`. Exploiting this vulnerability requires the attacker to both know very specific information about a user's Frigate server and requires an authenticated user to be tricked into clicking a specially crafted link to their Frigate instance. This vulnerability could exploited by an attacker under the following circumstances: Frigate publicly exposed to the internet (even with authentication); attacker knows the address of a user's Frigate instance; attacker crafts a specialized page which links to the user's Frigate instance; attacker finds a way to get an authenticated user to visit their specialized page and click the button/link. Input is initially accepted through `http.py`. The user-provided input is then parsed and loaded by `load_config_with_no_duplicates`. However, `load_config_with_no_duplicates` does not sanitize this input by merit of using `yaml.loader.Loader` which can instantiate custom constructors. A provided payload will be executed directly at `frigate/util/builtin.py:110`. This issue may lead to pre-authenticated Remote Code Execution. Version 0.13.0 Beta 3 contains a patch. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45672 |
CVE-2023-46478 | An issue in minCal v.1.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the customer_data parameter. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46478 |
CVE-2023-46502 | An issue in OpenCRX v.5.2.2 allows a remote attacker to execute arbitrary code via a crafted request. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46502 |
CVE-2023-46129 | NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The cryptographic key handling library, nkeys, recently gained support for encryption, not just for signing/authentication. This is used in nats-server 2.10 (Sep 2023) and newer for authentication callouts. In nkeys versions 0.4.0 through 0.4.5, corresponding with NATS server versions 2.10.0 through 2.10.3, the nkeys library's `xkeys` encryption handling logic mistakenly passed an array by value into an internal function, where the function mutated that buffer to populate the encryption key to use. As a result, all encryption was actually to an all-zeros key. This affects encryption only, not signing. \nFIXME: FILL IN IMPACT ON NATS-SERVER AUTH CALLOUT SECURITY. nkeys Go library 0.4.6, corresponding with NATS Server 2.10.4, has a patch for this issue. No known workarounds are available. For any application handling auth callouts in Go, if using the nkeys library, update the dependency, recompile and deploy that in lockstep. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46129 |
CVE-2023-46138 | JumpServer is an open source bastion host and maintenance security audit system that complies with 4A specifications. Prior to version 3.8.0, the default email for initial user admin is `admin[@]mycompany[.]com`, and users reset their passwords by sending an email. Currently, the domain `mycompany.com` has not been registered. However, if it is registered in the future, it may affect the password reset functionality. This issue has been patched in version 3.8.0 by changing the default email domain to `example.com`. Those who cannot upgrade may change the default email domain to `example.com` manually. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46138 |
CVE-2023-46139 | KernelSU is a Kernel based root solution for Android. Starting in version 0.6.1 and prior to version 0.7.0, if a KernelSU installed device is infected with a malware whose app signing block specially constructed, it can take over root privileges on the device. The vulnerable verification logic actually obtains the signature of the last block with an id of `0x7109871a`, while the verification logic during Android installation is to obtain the first one. In addition to the actual signature upgrade that has been fixed (KSU thought it was V2 but was actually V3), there is also the problem of actual signature downgrading (KSU thought it was V2 but was actually V1). Find a condition in the signature verification logic that will cause the signature not to be found error, and KernelSU does not implement the same conditions, so KSU thinks there is a V2 signature, but the APK signature verification actually uses the V1 signature. This issue is fixed in version 0.7.0. As workarounds, keep the KernelSU manager installed and avoid installing unknown apps. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46139 |
CVE-2023-31794 | MuPDF v1.21.1 was discovered to contain an infinite recursion in the component pdf_mark_list_push. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31794 |
CVE-2023-5861 | Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5861 |
CVE-2023-5862 | Missing Authorization in GitHub repository hamza417/inure prior to Build95. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5862 |
CVE-2023-5863 | Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.2. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5863 |
CVE-2023-5864 | Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.1. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5864 |
CVE-2023-5865 | Insufficient Session Expiration in GitHub repository thorsten/phpmyfaq prior to 3.2.2. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5865 |
CVE-2023-5866 | Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.2.1. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5866 |
CVE-2023-5867 | Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.2. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5867 |
CVE-2023-45899 | An issue in the component SuperUserSetuserModuleFrontController:init() of idnovate superuser before v2.4.2 allows attackers to bypass authentication via a crafted HTTP call. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45899 |
CVE-2023-46040 | Cross Site Scripting vulnerability in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via the a crafted payload to the components.php function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46040 |
CVE-2015-20110 | JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. Attackers can guess tokens by brute forcing one character at a time and observing the timing. This of course drastically reduces the search space to a linear amount of guesses based on the token length times the possible characters. | – | https://nvd.nist.gov/vuln/detail/CVE-2015-20110 |
CVE-2023-27846 | SQL injection vulnerability found in PrestaShop themevolty v.4.0.8 and before allow a remote attacker to gain privileges via the tvcmsblog, tvcmsvideotab, tvcmswishlist, tvcmsbrandlist, tvcmscategorychainslider, tvcmscategoryproduct, tvcmscategoryslider, tvcmspaymenticon, tvcmstestimonial components. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27846 |
CVE-2023-45378 | In the module "PrestaBlog" (prestablog) version 4.4.7 and before from HDclic for PrestaShop, a guest can perform SQL injection. The script ajax slider_positions.php has a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45378 |
CVE-2023-46356 | In the module "CSV Feeds PRO" (csvfeeds) before 2.6.1 from Bl Modules for PrestaShop, a guest can perform SQL injection. The method `SearchApiCsv::getProducts()` has sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46356 |
CVE-2023-47174 | Thorn SFTP gateway 3.4.x before 3.4.4 uses Pivotal Spring Framework for Java deserialization of untrusted data, which is not supported by Pivotal, a related issue to CVE-2016-1000027. Also, within the specific context of Thorn SFTP gateway, this leads to remote code execution. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-47174 |
CVE-2023-36263 | Prestashop opartlimitquantity 1.4.5 and before is vulnerable to SQL Injection. OpartlimitquantityAlertlimitModuleFrontController::displayAjaxPushAlertMessage()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-36263 |
CVE-2023-43139 | An issue in franfinance before v.2.0.27 allows a remote attacker to execute arbitrary code via the validation.php, and controllers/front/validation.php components. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43139 |
CVE-2023-45996 | SQL injection vulnerability in Senayan Library Management Systems Slims v.9 and Bulian v.9.6.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the reborrowLimit parameter in the member_type.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45996 |
CVE-2023-46361 | Artifex Software jbig2dec v0.20 was discovered to contain a SEGV vulnerability via jbig2_error at /jbig2dec/jbig2.c. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46361 |
CVE-2023-46451 | Best Courier Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in the change username field. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46451 |
CVE-2023-46210 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WebCource WC Captcha plugin <= 1.4 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46210 |
CVE-2023-5412 | The Image horizontal reel scroll slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 13.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5412 |
CVE-2023-5428 | The Image vertical reel scroll slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 9.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5428 |
CVE-2023-5429 | The Information Reel plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5429 |
CVE-2023-5430 | The Jquery news ticker plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5430 |
CVE-2023-5431 | The Left right image slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5431 |
CVE-2023-5433 | The Message ticker plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 9.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5433 |
CVE-2023-5434 | The Superb slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 13.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5434 |
CVE-2023-5435 | The Up down image slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5435 |
CVE-2023-5436 | The Vertical marquee plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5436 |
CVE-2023-5437 | The WP fade in text news plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5437 |
CVE-2023-5438 | The wp image slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5438 |
CVE-2023-5439 | The Wp photo text slider 50 plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 8.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5439 |
CVE-2023-5464 | The Jquery accordion slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5464 |
CVE-2023-5873 | Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 11.1.0. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5873 |
CVE-2015-0897 | LINE for Android version 5.0.2 and earlier and LINE for iOS version 5.0.0 and earlier are vulnerable to MITM (man-in-the-middle) attack since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM (man-in-the-middle) attacker. | – | https://nvd.nist.gov/vuln/detail/CVE-2015-0897 |
CVE-2015-2968 | LINE@ for Android version 1.0.0 and LINE@ for iOS version 1.0.0 are vulnerable to MITM (man-in-the-middle) attack since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM (man-in-the-middle) attacker. | – | https://nvd.nist.gov/vuln/detail/CVE-2015-2968 |
CVE-2023-40681 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Groundhogg Inc. Groundhogg plugin <= 2.7.11.10 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40681 |
CVE-2023-46312 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Zaytech Smart Online Order for Clover plugin <= 1.5.4 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46312 |
CVE-2023-46313 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Katie Seaborn Zotpress plugin <= 7.3.4 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46313 |
CVE-2023-46622 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ollybach WPPizza – A Restaurant Plugin plugin <= 3.18.2 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46622 |
CVE-2023-38994 | An issue in Univention UCS v.5.0 allows a local attacker to execute arbitrary code and gain privileges via the check_univention_joinstatus function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-38994 |
CVE-2023-5073 | The iframe forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'iframe' shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5073 |
CVE-2023-5099 | The HTML filter and csv-file search plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.7 via the 'src' attribute of the 'csvsearch' shortcode. This allows authenticated attackers, with contributor-level permissions and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5099 |
CVE-2023-5114 | The idbbee plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'idbbee' shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5114 |
CVE-2016-1203 | Improper file verification vulnerability in SaAT Netizen installer ver.1.2.0.424 and earlier, and SaAT Netizen ver.1.2.0.8 (Build427) and earlier allows a remote unauthenticated attacker to conduct a man-in-the-middle attack. A successful exploitation may result in a malicious file being downloaded and executed. | – | https://nvd.nist.gov/vuln/detail/CVE-2016-1203 |
CVE-2023-5116 | The Live updates from Excel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ipushpull_page' shortcode in versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5116 |
CVE-2023-24000 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GamiPress gamipress allows SQL Injection.This issue affects GamiPress: from n/a through 2.5.7.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24000 |
CVE-2023-25045 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 9.9.3.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25045 |
CVE-2023-25047 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker rsvpmaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 9.9.3.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25047 |
CVE-2023-28777 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LearnDash LearnDash LMS allows SQL Injection.This issue affects LearnDash LMS: from n/a through 4.5.3.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28777 |
CVE-2023-46976 | TOTOLINK A3300R 17.0.0cu.557_B20221024 contains a command injection via the file_name parameter in the UploadFirmwareFile function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46976 |
CVE-2023-46977 | TOTOLINK LR1200GB V9.1.0u.6619_B20230130 was discovered to contain a stack overflow via the password parameter in the function loginAuth. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46977 |
CVE-2023-46978 | TOTOLINK X6000R V9.4.0cu.852_B20230719 is vulnerable to Incorrect Access Control.Attackers can reset login password & WIFI passwords without authentication. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46978 |
CVE-2023-46979 | TOTOLINK X6000R V9.4.0cu.852_B20230719 was discovered to contain a command injection vulnerability via the enable parameter in the setLedCfg function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46979 |
CVE-2023-4250 | The EventPrime WordPress plugin before 3.2.0 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4250 |
CVE-2023-4251 | The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks when creating bookings, which could allow attackers to make logged in users create unwanted bookings via CSRF attacks. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4251 |
CVE-2023-4390 | The Popup box WordPress plugin before 3.7.2 does not sanitize and escape some Popup fields, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfiltered_html capability is disallowed (for example in a multisite setup). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4390 |
CVE-2023-4823 | The WP Meta and Date Remover WordPress plugin before 2.2.0 provides an AJAX endpoint for configuring the plugin settings. This endpoint has no capability checks and does not sanitize the user input, which is then later output unescaped. Allowing any authenticated users, such as subscriber change them and perform Stored Cross-Site Scripting. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4823 |
CVE-2023-4836 | The WordPress File Sharing Plugin WordPress plugin before 2.0.5 does not check authorization before displaying files and folders, allowing users to gain access to those filed by manipulating IDs which can easily be brute forced | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4836 |
CVE-2023-5098 | The Campaign Monitor Forms by Optin Cat WordPress plugin before 2.5.6 does not prevent users with low privileges (like subscribers) from overwriting any options on a site with the string "true", which could lead to a variety of outcomes, including DoS. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5098 |
CVE-2023-5211 | The Fattura24 WordPress plugin before 6.2.8 does not sanitize or escape the 'id' parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5211 |
CVE-2023-5229 | The E2Pdf WordPress plugin before 1.20.20 does not sanitize and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5229 |
CVE-2023-5237 | The Memberlite Shortcodes WordPress plugin before 1.3.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5237 |
CVE-2023-5238 | The EventPrime WordPress plugin before 3.2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to an HTML Injection on the plugin in the search area of the website. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5238 |
CVE-2023-5243 | The Login Screen Manager WordPress plugin through 3.5.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5243 |
CVE-2023-5307 | The Photos and Files Contest Gallery WordPress plugin before 21.2.8.1 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks via certain headers. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5307 |
CVE-2023-5360 | The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5360 |
CVE-2023-5458 | The CITS Support svg, webp Media and TTF,OTF File Upload WordPress plugin before 3.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5458 |
CVE-2023-5519 | The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks when creating bookings, which could allow attackers to make logged in users create unwanted bookings via CSRF attacks. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5519 |
CVE-2023-22518 | All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. There is no impact to confidentiality as an attacker cannot exfiltrate any instance data.\n\nAtlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22518 |
CVE-2023-24410 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Contact Form - WPManageNinja LLC Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms fluentform allows SQL Injection.This issue affects Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms: from n/a through 4.3.25.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24410 |
CVE-2023-31212 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CRM Perks Database for Contact Form 7, WPforms, Elementor forms contact-form-entries allows SQL Injection.This issue affects Database for Contact Form 7, WPforms, Elementor forms: from n/a through 1.3.0.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31212 |
CVE-2023-33927 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeisle Multiple Page Generator Plugin – MPG multiple-pages-generator-by-porthas allows SQL Injection.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.3.19.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-33927 |
CVE-2023-35879 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce Product Vendors allows SQL Injection.This issue affects Product Vendors: from n/a through 2.1.78.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-35879 |
CVE-2023-36508 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BestWebSoft Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress contact-form-to-db allows SQL Injection.This issue affects Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress: from n/a through 1.7.1.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-36508 |
CVE-2023-37243 | The C:\\Windows\\Temp\\Agent.Package.Availability\\Agent.Package.Availability.exe file is automatically launched as SYSTEM when the system reboots. Since the C:\\Windows\\Temp\\Agent.Package.Availability folder inherits permissions from C:\\Windows\\Temp and Agent.Package.Availability.exe is susceptible to DLL hijacking, standard users can write a malicious DLL to it and elevate their privileges.\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-37243 |
CVE-2023-37966 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Solwin Infotech User Activity Log user-activity-log allows SQL Injection.This issue affects User Activity Log: from n/a through 1.6.2.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-37966 |
CVE-2023-40050 | Upload profile either\nthrough API or user interface in Chef Automate prior to and including version 4.10.29 using InSpec\ncheck command with maliciously crafted profile allows remote code execution. \n\n\n\n\n\n\n\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40050 |
CVE-2023-42425 | An issue in Turing Video Turing Edge+ EVC5FD v.1.38.6 allows remote attacker to execute arbitrary code and obtain sensitive information via the cloud connection components. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42425 |
CVE-2023-42658 | \nArchive command in Chef InSpec prior to 4.56.58 and 5.22.29 allow local command execution via maliciously crafted profile. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42658 |
CVE-2023-46235 | FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10.15, due to a lack of request sanitization in the logs, a malicious request containing XSS would be stored in a log file. When an administrator of the FOG server logged in and viewed the logs, they would be parsed as HTML and displayed accordingly. Version 1.5.10.15 contains a patch. As a workaround, view logs from an external text editor rather than the dashboard. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46235 |
CVE-2023-46236 | FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10, a server-side-request-forgery (SSRF) vulnerability allowed an unauthenticated user to trigger a GET request as the server to an arbitrary endpoint and URL scheme. This also allows remote access to files visible to the Apache user group. Other impacts vary based on server configuration. Version 1.5.10 contains a patch. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46236 |
CVE-2023-46237 | FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10, an endpoint intended to offer limited enumeration abilities to authenticated users was accessible to unauthenticated users. This enabled unauthenticated users to discover files and their respective paths that were visible to the Apache user group. Version 1.5.10 contains a patch for this issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46237 |
CVE-2023-46992 | TOTOLINK A3300R V17.0.0cu.557_B20221024 is vulnerable to Incorrect Access Control. Attackers are able to reset serveral critical passwords without authentication by visiting specific pages. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46992 |
CVE-2023-46993 | In TOTOLINK A3300R V17.0.0cu.557_B20221024 when dealing with setLedCfg request, there is no verification for the enable parameter, which can lead to command injection. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46993 |
CVE-2023-46239 | quic-go is an implementation of the QUIC protocol in Go. Starting in version 0.37.0 and prior to version 0.37.3, by serializing an ACK frame after the CRYTPO that allows a node to complete the handshake, a remote node could trigger a nil pointer dereference (leading to a panic) when the node attempted to drop the Handshake packet number space. An attacker can bring down a quic-go node with very minimal effort. Completing the QUIC handshake only requires sending and receiving a few packets. Version 0.37.3 contains a patch. Versions before 0.37.0 are not affected. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46239 |
CVE-2023-46240 | CodeIgniter is a PHP full-stack web framework. Prior to CodeIgniter4 version 4.4.3, if an error or exception occurs, a detailed error report is displayed even if in the production environment. As a result, confidential information may be leaked. Version 4.4.3 contains a patch. As a workaround, replace `ini_set('display_errors', '0')` with `ini_set('display_errors', 'Off')` in `app/Config/Boot/production.php`. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46240 |
CVE-2023-46245 | Kimai is a web-based multi-user time-tracking application. Versions 2.1.0 and prior are vulnerable to a Server-Side Template Injection (SSTI) which can be escalated to Remote Code Execution (RCE). The vulnerability arises when a malicious user uploads a specially crafted Twig file, exploiting the software's PDF and HTML rendering functionalities. As of time of publication, no patches or known workarounds are available. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46245 |
CVE-2023-46248 | Cody is an artificial intelligence (AI) coding assistant. The Cody AI VSCode extension versions 0.10.0 through 0.14.0 are vulnerable to Remote Code Execution under certain conditions. An attacker in control of a malicious repository could modify the Cody configuration file `.vscode/cody.json` and overwrite Cody commands. If a user with the extension installed opens this malicious repository and runs a Cody command such as /explain or /doc, this could allow arbitrary code execution on the user's machine. The vulnerability is rated as critical severity, but with low exploitability. It requires the user to have a malicious repository loaded and execute the overwritten command in VS Code. The issue is exploitable regardless of the user blocking code execution on a repository through VS Code Workspace Trust. The issue was found during a regular 3rd party penetration test. The maintainers of Cody do not have evidence of open source repositories having malicious `.vscode/cody.json` files to exploit this vulnerability. The issue is fixed in version 0.14.1 of the Cody VSCode extension. In case users can't promptly upgrade, they should not open any untrusted repositories with the Cody extension loaded. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46248 |
CVE-2023-46249 | authentik is an open-source Identity Provider. Prior to versions 2023.8.4 and 2023.10.2, when the default admin user has been deleted, it is potentially possible for an attacker to set the password of the default admin user without any authentication. authentik uses a blueprint to create the default admin user, which can also optionally set the default admin users' password from an environment variable. When the user is deleted, the `initial-setup` flow used to configure authentik after the first installation becomes available again. authentik 2023.8.4 and 2023.10.2 fix this issue. As a workaround, ensure the default admin user (Username `akadmin`) exists and has a password set. It is recommended to use a very strong password for this user, and store it in a secure location like a password manager. It is also possible to deactivate the user to prevent any logins as akadmin. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46249 |
CVE-2023-46250 | pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions 3.7.0 through 3.16.4 can craft a PDF which leads to an infinite loop. This infinite loop blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. That is, for example, the case when the pypdf-user manipulates an incoming malicious PDF e.g. by merging it with another PDF or by adding annotations. The issue was fixed in version 3.17.0. As a workaround, apply the patch manually by modifying `pypdf/generic/_data_structures.py`. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46250 |
CVE-2023-46255 | SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Prior to version 1.27.0, when the provided datastore URI is malformed (e.g. by having a password which contains `:`) the full URI (including the provided password) is printed, so that the password is shown in the logs. Version 1.27.0 patches this issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46255 |
CVE-2023-46256 | PX4-Autopilot provides PX4 flight control solution for drones. In versions 1.14.0-rc1 and prior, PX4-Autopilot has a heap buffer overflow vulnerability in the parser function due to the absence of `parserbuf_index` value checking. A malfunction of the sensor device can cause a heap buffer overflow with leading unexpected drone behavior. Malicious applications can exploit the vulnerability even if device sensor malfunction does not occur. Up to the maximum value of an `unsigned int`, bytes sized data can be written to the heap memory area. As of time of publication, no fixed version is available. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46256 |
CVE-2023-46722 | The Pimcore Admin Classic Bundle provides a backend UI for Pimcore. Prior to version 1.2.0, a cross-site scripting vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Users should upgrade to version 1.2.0 to receive a patch or, as a workaround, apply the patch manually. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46722 |
CVE-2023-46723 | lte-pic32-writer is a writer for PIC32 devices. In versions 0.0.1 and prior, those who use `sendto.txt` are vulnerable to attackers who known the IMEI reading the sendto.txt. The sendto.txt file can contain the SNS(such as slack and zulip) URL and API key. As of time of publication, a patch is not yet available. As workarounds, avoid using `sendto.txt` or use `.htaccess` to block access to `sendto.txt`. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46723 |
CVE-2023-5739 | Certain versions of HP PC Hardware Diagnostics Windows are potentially vulnerable to elevation of privilege. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5739 |
CVE-2023-43796 | Synapse is an open-source Matrix homeserver Prior to versions 1.95.1 and 1.96.0rc1, cached device information of remote users can be queried from Synapse. This can be used to enumerate the remote users known to a homeserver. System administrators are encouraged to upgrade to Synapse 1.95.1 or 1.96.0rc1 to receive a patch. As a workaround, the `federation_domain_whitelist` can be used to limit federation traffic with a homeserver.\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43796 |
CVE-2023-37831 | An issue discovered in Elenos ETG150 FM transmitter v3.12 allows attackers to enumerate user accounts based on server responses when credentials are submitted. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-37831 |
CVE-2023-37832 | A lack of rate limiting in Elenos ETG150 FM transmitter v3.12 allows attackers to obtain user credentials via brute force and cause other unspecified impacts. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-37832 |
CVE-2023-45955 | An issue discovered in Nanoleaf Light strip v3.5.10 allows attackers to cause a denial of service via crafted write binding attribute commands. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45955 |
CVE-2023-20886 | VMware Workspace ONE UEM console contains an open redirect vulnerability.\n\n\nA malicious actor may be able to redirect a victim to an attacker and retrieve their SAML response to login as the victim user.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20886 |
CVE-2023-39610 | An issue in TP-Link Tapo C100 v1.1.15 Build 211130 Rel.15378n(4555) and before allows attackers to cause a Denial of Service (DoS) via supplying a crafted web request. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-39610 |
CVE-2023-3676 | A security issue was discovered in Kubernetes where a user\n that can create pods on Windows nodes may be able to escalate to admin \nprivileges on those nodes. Kubernetes clusters are only affected if they\n include Windows nodes.\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-3676 |
CVE-2023-3955 | A security issue was discovered in Kubernetes where a user\n that can create pods on Windows nodes may be able to escalate to admin \nprivileges on those nodes. Kubernetes clusters are only affected if they\n include Windows nodes.\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-3955 |
CVE-2023-43295 | Cross Site Request Forgery vulnerability in Click Studios (SA) Pty Ltd Passwordstate v.Build 9785 and before allows a local attacker to execute arbitrary code via a crafted request. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43295 |
CVE-2023-46484 | An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setLedCfg function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46484 |
CVE-2023-46485 | An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setTracerouteCfg function of the stecgi.cgi component. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46485 |
CVE-2023-37833 | Improper access control in Elenos ETG150 FM transmitter v3.12 allows attackers to make arbitrary configuration edits that are only accessed by privileged users. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-37833 |
CVE-2023-39695 | Insufficient session expiration in Elenos ETG150 FM Transmitter v3.12 allows attackers to arbitrarily change transmitter configuration and data after logging out. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-39695 |
CVE-2023-46378 | Stored Cross Site Scripting (XSS) vulnerability in MiniCMS 1.1.1 allows attackers to run arbitrary code via crafted string appended to /mc-admin/conf.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46378 |