Published on 01 Nov 2023
SingCERT's Security Bulletin summarises the list of vulnerabilities collated from the National Institute of Standards and Technology (NIST)'s National Vulnerability Database (NVD) in the past week.
The vulnerabilities are tabled based on severity, in accordance to their CVSSv3 base scores:
Critical | vulnerabilities with a base score of 9.0 to 10.0 |
High | vulnerabilities with a base score of 7.0 to 8.9 |
Medium | vulnerabilities with a base score of 4.0 to 6.9 |
Low | vulnerabilities with a base score of 0.1 to 3.9 |
None | vulnerabilities with a base score of 0.0 |
For those vulnerabilities without assigned CVSS scores, please visit NVD for the updated CVSS vulnerability entries.
CVE Number | Description | Base Score | Reference |
---|---|---|---|
CVE-2022-30123 | A sequence injection vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack. | 10 | https://nvd.nist.gov/vuln/detail/CVE-2022-30123 |
CVE-2023-2564 | OS Command Injection in GitHub repository sbs20/scanservjs prior to v2.27.0. | 10 | https://nvd.nist.gov/vuln/detail/CVE-2023-2564 |
CVE-2023-20198 | Cisco is aware of active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks. This vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access. The attacker can then use that account to gain control of the affected system. For steps to close the attack vector for this vulnerability, see the Recommendations section of this advisory. Cisco will provide updates on the status of this investigation and when a software patch is available. | 10 | https://nvd.nist.gov/vuln/detail/CVE-2023-20198 |
CVE-2023-45146 | XXL-RPC is a high performance, distributed RPC framework. With it, a TCP server can be set up using the Netty framework and the Hessian serialization mechanism. When such a configuration is used, attackers may be able to connect to the server and provide malicious serialized objects that, once deserialized, force it to execute arbitrary code. This can be abused to take control of the machine the server is running by way of remote code execution. This issue has not been fixed. | 10 | https://nvd.nist.gov/vuln/detail/CVE-2023-45146 |
CVE-2022-42150 | TinyLab linux-lab v1.1-rc1 and cloud-labv0.8-rc2, v1.1-rc1 are vulnerable to insecure permissions. The default configuration could cause Container Escape. | 10 | https://nvd.nist.gov/vuln/detail/CVE-2022-42150 |
CVE-2019-1003029 | A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java, src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM. | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003029 |
CVE-2019-1003030 | A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShell.java that allows attackers able to control pipeline scripts to execute arbitrary code on the Jenkins master JVM. | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003030 |
CVE-2019-1003031 | A sandbox bypass vulnerability exists in Jenkins Matrix Project Plugin 1.13 and earlier in pom.xml, src/main/java/hudson/matrix/FilterScript.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM. | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003031 |
CVE-2019-1003032 | A sandbox bypass vulnerability exists in Jenkins Email Extension Plugin 2.64 and earlier in pom.xml, src/main/java/hudson/plugins/emailext/ExtendedEmailPublisher.java, src/main/java/hudson/plugins/emailext/plugins/content/EmailExtScript.java, src/main/java/hudson/plugins/emailext/plugins/content/ScriptContent.java, src/main/java/hudson/plugins/emailext/plugins/trigger/AbstractScriptTrigger.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM. | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003032 |
CVE-2019-1003034 | A sandbox bypass vulnerability exists in Jenkins Job DSL Plugin 1.71 and earlier in job-dsl-core/src/main/groovy/javaposse/jobdsl/dsl/AbstractDslScriptLoader.groovy, job-dsl-plugin/build.gradle, job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/JobDslWhitelist.groovy, job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/SandboxDslScriptLoader.groovy that allows attackers with control over Job DSL definitions to execute arbitrary code on the Jenkins master JVM. | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003034 |
CVE-2019-10306 | A sandbox bypass vulnerability in Jenkins ontrack Plugin 3.4 and earlier allowed attackers with control over ontrack DSL definitions to execute arbitrary code on the Jenkins master JVM. | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2019-10306 |
CVE-2019-10328 | Jenkins Pipeline Remote Loader Plugin 1.4 and earlier provided a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection. | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2019-10328 |
CVE-2019-10417 | Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection. | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2019-10417 |
CVE-2019-10418 | Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection. | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2019-10418 |
CVE-2019-10431 | A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.64 and earlier related to the handling of default parameter expressions in constructors allowed attackers to execute arbitrary code in sandboxed scripts. | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2019-10431 |
CVE-2019-10458 | Jenkins Puppet Enterprise Pipeline 1.3.1 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code. | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2019-10458 |
CVE-2019-16541 | Jenkins JIRA Plugin 3.0.10 and earlier does not declare the correct (folder) scope for per-folder Jira site definitions, allowing users to select and use credentials with System scope. | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2019-16541 |
CVE-2020-2279 | A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.74 and earlier allows attackers with permission to define sandboxed scripts to provide crafted return values or script binding content that can result in arbitrary code execution on the Jenkins controller JVM. | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2020-2279 |
CVE-2022-43401 | A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2022-43401 |
CVE-2022-43402 | A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Pipeline: Groovy Plugin 2802.v5ea_628154b_c2 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2022-43402 |
CVE-2022-43403 | A sandbox bypass vulnerability involving casting an array-like value to an array type in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2022-43403 |
CVE-2022-43404 | A sandbox bypass vulnerability involving crafted constructor bodies and calls to sandbox-generated synthetic constructors in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2022-43404 |
CVE-2022-43405 | A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Libraries Plugin 612.v84da_9c54906d and earlier allows attackers with permission to define untrusted Pipeline libraries and to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2022-43405 |
CVE-2022-43406 | A sandbox bypass vulnerability in Jenkins Pipeline: Deprecated Groovy Libraries Plugin 583.vf3b_454e43966 and earlier allows attackers with permission to define untrusted Pipeline libraries and to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2022-43406 |
CVE-2022-36786 | DLINK - DSL-224 Post-auth RCE.\nDLINK router version 3.0.8 has an interface where you can configure NTP servers (Network Time Protocol) via jsonrpc API.\nIt is possible to inject a command through this interface that will run with ROOT permissions on the router.\n\n | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2022-36786 |
CVE-2023-25765 | In Jenkins Email Extension Plugin 2.93 and earlier, templates defined inside a folder were not subject to Script Security protection, allowing attackers able to define email templates in folders to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-25765 |
CVE-2019-1003040 | A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003040 |
CVE-2019-1003041 | A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2.64 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003041 |
CVE-2019-13990 | initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-13990 |
CVE-2020-2299 | Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user if a magic constant is used as the password. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2299 |
CVE-2020-2300 | Jenkins Active Directory Plugin 2.19 and earlier does not prohibit the use of an empty password in Windows/ADSI mode, which allows attackers to log in to Jenkins as any user depending on the configuration of the Active Directory server. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2300 |
CVE-2020-2301 | Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user with any password while a successful authentication of that user is still in the optional cache when using Windows/ADSI mode. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2301 |
CVE-2020-2320 | Jenkins Plugin Installation Manager Tool 2.1.3 and earlier does not verify plugin downloads. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2320 |
CVE-2020-29583 | Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin privileges. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-29583 |
CVE-2021-25281 | An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-25281 |
CVE-2021-25283 | An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-25283 |
CVE-2021-3148 | An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-3148 |
CVE-2021-3197 | An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-3197 |
CVE-2021-21669 | Jenkins Generic Webhook Trigger Plugin 1.72 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21669 |
CVE-2021-41116 | Composer is an open source dependency manager for the PHP language. In affected versions windows users running Composer to install untrusted dependencies are subject to command injection and should upgrade their composer version. Other OSs and WSL are not affected. The issue has been resolved in composer versions 1.10.23 and 2.1.9. There are no workarounds for this issue. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-41116 |
CVE-2021-21690 | Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21690 |
CVE-2021-21691 | Creating symbolic links is possible without the 'symlink' agent-to-controller access control permission in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21691 |
CVE-2021-21692 | FilePath#renameTo and FilePath#moveAllChildrenTo in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier only check 'read' agent-to-controller access permission on the source path, instead of 'delete'. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21692 |
CVE-2021-21693 | When creating temporary files, agent-to-controller access to create those files is only checked after they've been created in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21693 |
CVE-2021-21694 | FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21694 |
CVE-2021-21696 | Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not limit agent read/write access to the libs/ directory inside build directories when using the FilePath APIs, allowing attackers in control of agent processes to replace the code of a trusted library with a modified variant. This results in unsandboxed code execution in the Jenkins controller process. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21696 |
CVE-2022-23631 | superjson is a program to allow JavaScript expressions to be serialized to a superset of JSON. In versions prior to 1.8.1 superjson allows input to run arbitrary code on any server using superjson input without prior authentication or knowledge. The only requirement is that the server implements at least one endpoint which uses superjson during request processing. This has been patched in superjson 1.8.1. Users are advised to update. There are no known workarounds for this issue.\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-23631 |
CVE-2022-29528 | An issue was discovered in MISP before 2.4.158. PHAR deserialization can occur. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-29528 |
CVE-2022-28890 | A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved. This issue affects Apache Jena version 4.4.0 and prior versions. Apache Jena 4.2.x and 4.3.x do not allow external entities. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-28890 |
CVE-2022-34132 | Benjamin BALET Jorani v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at application/controllers/Leaves.php. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-34132 |
CVE-2022-32292 | In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in received_data to execute code. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-32292 |
CVE-2022-41226 | Jenkins Compuware Common Configuration Plugin 1.0.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-41226 |
CVE-2022-41237 | Jenkins DotCi Plugin 2.40.00 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-41237 |
CVE-2022-41238 | A missing permission check in Jenkins DotCi Plugin 2.40.00 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository for attacker-specified commits. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-41238 |
CVE-2022-40293 | \nThe application was vulnerable to a session fixation that could be used hijack accounts.\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-40293 |
CVE-2022-40296 | \nThe application was vulnerable to a Server-Side Request Forgery attacks, allowing the backend server to interact with unexpected endpoints, potentially including internal and local services, leading to attacks in other downstream systems.\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-40296 |
CVE-2022-33321 | Cleartext Transmission of Sensitive Information vulnerability due to the use of Basic Authentication for HTTP connections in Mitsubishi Electric consumer electronics products (PHOTOVOLTAIC COLOR MONITOR ECO-GUIDE, HEMS adapter, Wi-Fi Interface, Air Conditioning, Induction hob, Mitsubishi Electric HEMS Energy Measurement Unit, Refrigerator, Remote control with Wi-Fi Interface, BATHROOM THERMO VENTILATOR, Rice cooker, Mitsubishi Electric HEMS control adapter, Energy Recovery Ventilator, Smart Switch, Ventilating Fan, Range hood fan, Energy Measurement Unit and Air Purifier) allows a remote unauthenticated attacker to disclose information in the products or cause a denial of service (DoS) condition as a result by sniffing credential information (username and password).\nThe wide range of models/versions of Mitsubishi Electric consumer electronics products are affected by this vulnerability.\nAs for the affected product models/versions, see the Mitsubishi Electric's advisory which is listed in [References] section.\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-33321 |
CVE-2022-45395 | Jenkins CCCC Plugin 0.6 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-45395 |
CVE-2022-45396 | Jenkins SourceMonitor Plugin 0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-45396 |
CVE-2022-45397 | Jenkins OSF Builder Suite : : XML Linter Plugin 1.0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-45397 |
CVE-2022-45400 | Jenkins JAPEX Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-45400 |
CVE-2022-36784 | \nElsight – Elsight Halo Remote Code Execution (RCE)\nElsight Halo web panel allows us to perform connection validation.\nthrough the POST request :\n/api/v1/nics/wifi/wlan0/ping\nwe can abuse DESTINATION parameter and leverage it to remote code execution.\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-36784 |
CVE-2022-36787 | \nwebvendome - webvendome SQL Injection.\nSQL Injection in the Parameter " DocNumber"\nRequest :\nGet Request :\n/webvendome/showfiles.aspx?jobnumber=nullDoc Number=HERE.\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-36787 |
CVE-2022-39180 | \nCollege Management System v1.0 - SQL Injection (SQLi).\nBy inserting SQL commands to the username and password fields in the login.php page\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-39180 |
CVE-2022-4170 | The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-4170 |
CVE-2022-4860 | A vulnerability was found in KBase Metrics. It has been classified as critical. This affects the function upload_user_data of the file source/daily_cron_jobs/methods_upload_user_stats.py. The manipulation leads to sql injection. The patch is named 959dfb6b05991e30b0fa972a1ecdcaae8e1dae6d. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217059. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-4860 |
CVE-2019-25098 | A vulnerability was found in soerennb eXtplorer up to 2.1.12. It has been classified as critical. This affects an unknown part of the file include/archive.php of the component Archive Handler. The manipulation leads to path traversal. Upgrading to version 2.1.13 is able to address this issue. The identifier of the patch is b8fcb888f4ff5e171c16797a4b075c6c6f50bf46. It is recommended to upgrade the affected component. The identifier VDB-217437 was assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-25098 |
CVE-2018-25066 | A vulnerability was found in PeterMu nodebatis up to 2.1.x. It has been classified as critical. Affected is an unknown function. The manipulation leads to sql injection. Upgrading to version 2.2.0 is able to address this issue. The patch is identified as 6629ff5b7e3d62ad8319007a54589ec1f62c7c35. It is recommended to upgrade the affected component. VDB-217554 is the identifier assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-25066 |
CVE-2018-25068 | A vulnerability has been found in devent globalpom-utils up to 4.5.0 and classified as critical. This vulnerability affects the function createTmpDir of the file globalpomutils-fileresources/src/main/java/com/anrisoftware/globalpom/fileresourcemanager/FileResourceManagerProvider.java. The manipulation leads to insecure temporary file. The attack can be initiated remotely. Upgrading to version 4.5.1 is able to address this issue. The patch is identified as 77a820bac2f68e662ce261ecb050c643bd7ee560. It is recommended to upgrade the affected component. VDB-217570 is the identifier assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-25068 |
CVE-2018-25070 | A vulnerability has been found in polterguy Phosphorus Five up to 8.2 and classified as critical. This vulnerability affects the function csv.Read of the file plugins/extras/p5.mysql/NonQuery.cs of the component CSV Import. The manipulation leads to sql injection. Upgrading to version 8.3 is able to address this issue. The patch is identified as c179a3d0703db55cfe0cb939b89593f2e7a87246. It is recommended to upgrade the affected component. VDB-217606 is the identifier assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-25070 |
CVE-2018-25071 | A vulnerability was found in roxlukas LMeve up to 0.1.58. It has been rated as critical. Affected by this issue is the function insert_log of the file wwwroot/ccpwgl/proxy.php. The manipulation of the argument fetch leads to sql injection. Upgrading to version 0.1.59-beta is able to address this issue. The patch is identified as c25ff7fe83a2cda1fcb365b182365adc3ffae332. It is recommended to upgrade the affected component. VDB-217610 is the identifier assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-25071 |
CVE-2022-4880 | A vulnerability was found in stakira OpenUtau. It has been classified as critical. This affects the function VoicebankInstaller of the file OpenUtau.Core/Classic/VoicebankInstaller.cs of the component ZIP Archive Handler. The manipulation leads to path traversal. Upgrading to version 0.0.991 is able to address this issue. The identifier of the patch is 849a0a6912aac8b1c28cc32aa1132a3140caff4a. It is recommended to upgrade the affected component. The identifier VDB-217617 was assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-4880 |
CVE-2021-4301 | A vulnerability was found in slackero phpwcms up to 1.9.26 and classified as critical. Affected by this issue is some unknown functionality. The manipulation of the argument $phpwcms['db_prepend'] leads to sql injection. The attack may be launched remotely. Upgrading to version 1.9.27 is able to address this issue. The patch is identified as 77dafb6a8cc1015f0777daeb5792f43beef77a9d. It is recommended to upgrade the affected component. VDB-217418 is the identifier assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-4301 |
CVE-2020-36648 | A vulnerability, which was classified as critical, was found in pouetnet pouet 2.0. This affects an unknown part. The manipulation of the argument howmany leads to sql injection. The identifier of the patch is 11d615931352066fb2f6dcb07428277c2cd99baf. It is recommended to apply a patch to fix this issue. The identifier VDB-217641 was assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-36648 |
CVE-2021-4308 | A vulnerability was found in WebPA up to 3.1.1. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection. Upgrading to version 3.1.2 is able to address this issue. The identifier of the patch is 8836c4f549181e885a68e0e7ca561fdbcbd04bf0. It is recommended to upgrade the affected component. The identifier VDB-217637 was assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-4308 |
CVE-2019-25100 | A vulnerability was found in happyman twmap. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file twmap3/data/ajaxCRUD/pointdata2.php. The manipulation of the argument id leads to sql injection. Upgrading to version v2.9_v4.31 is able to address this issue. The identifier of the patch is babbec79b3fa4efb3bd581ea68af0528d11bba0c. It is recommended to upgrade the affected component. The identifier VDB-217645 was assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-25100 |
CVE-2018-25072 | A vulnerability classified as critical has been found in lojban jbovlaste. This affects an unknown part of the file dict/listing.html. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The patch is named 6ff44c2e87b1113eb07d76ea62e1f64193b04d15. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217647. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-25072 |
CVE-2021-4311 | A vulnerability classified as problematic was found in Talend Open Studio for MDM. This vulnerability affects unknown code of the component XML Handler. The manipulation leads to xml external entity reference. The patch is identified as 31d442b9fb1d518128fd18f6e4d54e06c3d67793. It is recommended to apply a patch to fix this issue. VDB-217666 is the identifier assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-4311 |
CVE-2018-25076 | A vulnerability classified as critical was found in Events Extension on BigTree. Affected by this vulnerability is the function getRandomFeaturedEventByDate/getUpcomingFeaturedEventsInCategoriesWithSubcategories/recacheEvent/searchResults of the file classes/events.php. The manipulation leads to sql injection. The patch is named 11169e48ab1249109485fdb1e0c9fca3d25ba01d. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218395. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-25076 |
CVE-2023-24429 | Jenkins Semantic Versioning Plugin 1.14 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24429 |
CVE-2023-24430 | Jenkins Semantic Versioning Plugin 1.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24430 |
CVE-2023-0558 | The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to an unsecure token check that is susceptible to type juggling in versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to execute functions intended for use by users with proper API keys. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0558 |
CVE-2022-47002 | A vulnerability in the Remember Me function of Masa CMS v7.2, 7.3, and 7.4-beta allows attackers to bypass authentication via a crafted web request. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-47002 |
CVE-2019-25101 | A vulnerability classified as critical has been found in OnShift TurboGears 1.0.11.10. This affects an unknown part of the file turbogears/controllers.py of the component HTTP Header Handler. The manipulation leads to http response splitting. It is possible to initiate the attack remotely. Upgrading to version 1.0.11.11 is able to address this issue. The patch is named f68bbaba47f4474e1da553aa51564a73e1d92a84. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220059. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-25101 |
CVE-2022-48328 | app/Controller/Component/IndexFilterComponent.php in MISP before 2.4.167 mishandles ordered_url_params and additional_delimiters. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-48328 |
CVE-2021-4327 | A vulnerability was found in SerenityOS. It has been rated as critical. Affected by this issue is the function initialize_typed_array_from_array_buffer in the library Userland/Libraries/LibJS/Runtime/TypedArray.cpp. The manipulation leads to integer overflow. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as f6c6047e49f1517778f5565681fb64750b14bf60. It is recommended to apply a patch to fix this issue. VDB-222074 is the identifier assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-4327 |
CVE-2021-4329 | A vulnerability, which was classified as critical, has been found in json-logic-js 2.0.0. Affected by this issue is some unknown functionality of the file logic.js. The manipulation leads to command injection. Upgrading to version 2.0.1 is able to address this issue. The patch is identified as c1dd82f5b15d8a553bb7a0cfa841ab8a11a9c227. It is recommended to upgrade the affected component. VDB-222266 is the identifier assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-4329 |
CVE-2023-1283 | Code Injection in GitHub repository builderio/qwik prior to 0.21.0.\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1283 |
CVE-2018-25082 | A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classified as critical. This issue affects the function validate/to_xml. The manipulation leads to xml external entity reference. The attack may be initiated remotely. Upgrading to version 0.5.5 is able to address this issue. The patch is named e54abadc777715b6dcb545c13214d1dea63df6c9. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-223403. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-25082 |
CVE-2023-1177 | Path Traversal: '\\..\\filename' in GitHub repository mlflow/mlflow prior to 2.2.1.\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1177 |
CVE-2023-28883 | In Cerebrate 1.13, a blind SQL injection exists in the searchAll API endpoint. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28883 |
CVE-2023-1826 | A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. This affects an unknown part of the file php-ocls\\admin\\system_info\\index.php. The manipulation of the argument img leads to unrestricted upload. It is possible to initiate the attack remotely. The identifier VDB-224841 was assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1826 |
CVE-2023-3824 | In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE. \n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-3824 |
CVE-2023-40254 | Download of Code Without Integrity Check vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Malicious Software Update.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40254 |
CVE-2023-41361 | An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not check for an overly large length of the rcv software version. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41361 |
CVE-2023-34039 | Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-34039 |
CVE-2023-31069 | An issue was discovered in TSplus Remote Access through 16.0.2.14. Credentials are stored as cleartext within the HTML source code of the login page. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-31069 |
CVE-2023-43654 | TorchServe is a tool for serving and scaling PyTorch models in production. TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the disk. This issue could be taken advantage of to compromise the integrity of the system and sensitive data. This issue is present in versions 0.1.0 to 0.8.1. A user is able to load the model of their choice from any URL that they would like to use. The user of TorchServe is responsible for configuring both the allowed_urls and specifying the model URL to be used. A pull request to warn the user when the default value for allowed_urls is used has been merged in PR #2534. TorchServe release 0.8.2 includes this change. Users are advised to upgrade. There are no known workarounds for this issue. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43654 |
CVE-2023-5399 | \n\n\n\n\nA CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path\nTraversal') vulnerability exists that could cause tampering of files on the personal computer\nrunning C-Bus when using the File Command.\n\n\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5399 |
CVE-2023-39323 | Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-39323 |
CVE-2023-43119 | An Access Control issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, also fixed in 22.7, 31.7.2 allows attackers to gain escalated privileges using crafted telnet commands via Redis server. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43119 |
CVE-2023-27132 | TSplus Remote Work 16.0.0.0 places a cleartext password on the "var pass" line of the HTML source code for the secure single sign-on web portal. NOTE: CVE-2023-31069 is only about the TSplus Remote Access product, not the TSplus Remote Work product. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27132 |
CVE-2023-45952 | An arbitrary file upload vulnerability in the component ajax_link.php of lylme_spage v1.7.0 allows attackers to execute arbitrary code via uploading a crafted file. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45952 |
CVE-2023-35084 | Unsafe Deserialization of User Input could lead to Execution of Unauthorized Operations in Ivanti Endpoint Manager 2022 su3 and all previous versions, which could allow an attacker to execute commands remotely. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-35084 |
CVE-2023-38545 | This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means "let the host resolve the name" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-38545 |
CVE-2023-39332 | Various `node:fs` functions allow specifying paths as either strings or `Uint8Array` objects. In Node.js environments, the `Buffer` class extends the `Uint8Array` class. Node.js prevents path traversal through strings (see CVE-2023-30584) and `Buffer` objects (see CVE-2023-32004), but not through non-`Buffer` `Uint8Array` objects.\n\nThis is distinct from CVE-2023-32004 ([report 2038134](https://hackerone.com/reports/2038134)), which only referred to `Buffer` objects. However, the vulnerability follows the same pattern using `Uint8Array` instead of `Buffer`.\n\nImpacts:\n\nThis vulnerability affects all users using the experimental permission model in Node.js 20.\n\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-39332 |
CVE-2023-46005 | Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_branch.php. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46005 |
CVE-2023-46006 | Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_user.php. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46006 |
CVE-2023-46007 | Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_staff.php. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46007 |
CVE-2023-5642 | Advantech R-SeeNet v2.4.23 allows an unauthenticated remote attacker to read from and write to the snmpmon.ini file, which contains sensitive information. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5642 |
CVE-2023-45911 | An issue in WIPOTEC GmbH ComScale v4.3.29.21344 and v4.4.12.723 allows unauthenticated attackers to login as any user without a password. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45911 |
CVE-2023-4601 | A stack-based buffer overflow vulnerability exists in NI System Configuration that could result in information disclosure and/or arbitrary code execution. Successful exploitation requires that an attacker can provide a specially crafted response. This affects NI System Configuration 2023 Q3 and all previous versions.\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4601 |
CVE-2023-37503 | HCL Compass is vulnerable to insecure password requirements. An attacker could easily guess the password and gain access to user accounts.\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-37503 |
CVE-2023-45379 | In the module "Rotator Img" (posrotatorimg) in versions at least up to 1.1 from PosThemes for PrestaShop, a guest can perform SQL injection. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45379 |
CVE-2023-45384 | KnowBand supercheckout > 5.0.7 and < 6.0.7 is vulnerable to Unrestricted Upload of File with Dangerous Type. In the module "Module One Page Checkout, Social Login & Mailchimp" (supercheckout), a guest can upload files with extensions .php | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45384 |
CVE-2023-35182 | The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability can be abused by unauthenticated users on SolarWinds ARM Server. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-35182 |
CVE-2023-35184 | The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse a SolarWinds service resulting in a remote code execution. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-35184 |
CVE-2023-35187 | The SolarWinds Access Rights Manager was susceptible to a Directory Traversal Remote Code Vulnerability. This vulnerability allows an unauthenticated user to achieve the Remote Code Execution. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-35187 |
CVE-2023-46042 | An issue in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via a crafted payload to the phpinfo(). | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46042 |
CVE-2022-47583 | Terminal character injection in Mintty before 3.6.3 allows code execution via unescaped output to the terminal. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-47583 |
CVE-2023-43986 | DM Concept configurator before v4.9.4 was discovered to contain a SQL injection vulnerability via the component ConfiguratorAttachment::getAttachmentByToken. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43986 |
CVE-2023-45381 | In the module "Creative Popup" (creativepopup) up to version 1.6.9 from WebshopWorks for PrestaShop, a guest can perform SQL injection via `cp_download_popup().` | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45381 |
CVE-2023-38584 | \n\n\n\n\n\n\nIn Weintek's cMT3000 HMI Web CGI device, the cgi-bin command_wb.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication.\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-38584 |
CVE-2023-43492 | \n\n\n\n\n\n\n\n\nIn Weintek's cMT3000 HMI Web CGI device, the cgi-bin codesys.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication.\n\n\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43492 |
CVE-2023-45376 | In the module "Carousels Pack - Instagram, Products, Brands, Supplier" (hicarouselspack) for PrestaShop up to version 1.5.0 from HiPresta for PrestaShop, a guest can perform SQL injection via HiCpProductGetter::getViewedProduct().` | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45376 |
CVE-2023-30131 | An issue discovered in IXP EasyInstall 6.6.14884.0 allows attackers to run arbitrary commands, gain escalated privilege, and cause other unspecified impacts via unauthenticated API calls. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30131 |
CVE-2023-34051 | VMware Aria Operations for Logs contains an authentication bypass vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-34051 |
CVE-2020-36706 | The Simple:Press – WordPress Forum Plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ~/admin/resources/jscript/ajaxupload/sf-uploader.php file in versions up to, and including, 6.6.0. This makes it possible for attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-36706 |
CVE-2023-39680 | Sollace Unicopia version 1.1.1 and before was discovered to deserialize untrusted data, allowing attackers to execute arbitrary code. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-39680 |
CVE-2023-4402 | The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_products function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4402 |
CVE-2023-4488 | The Dropbox Folder Share for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.9.7 via the editor-view.php file. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4488 |
CVE-2023-5533 | The AI ChatBot plugin for WordPress is vulnerable to unauthorized use of AJAX actions due to missing capability checks on the corresponding functions in versions up to, and including, 4.8.9 as well as 4.9.2. This makes it possible for unauthenticated attackers to perform some of those actions that were intended for higher privileged users. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5533 |
CVE-2023-37824 | Sitolog sitologapplicationconnect v7.8.a and before was discovered to contain a SQL injection vulnerability via the component /activate_hook.php. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-37824 |
CVE-2023-5682 | A vulnerability has been found in Tongda OA 2017 and classified as critical. This vulnerability affects unknown code of the file general/hr/training/record/delete.php. The manipulation of the argument RECORD_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-243058 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5682 |
CVE-2023-32785 | In Langchain through 0.0.155, prompt injection allows execution of arbitrary code against the SQL service provided by the chain. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-32785 |
CVE-2023-45666 | stb_image is a single file MIT licensed library for processing images. It may look like `stbi__load_gif_main` doesn’t give guarantees about the content of output value `*delays` upon failure. Although it sets `*delays` to zero at the beginning, it doesn’t do it in case the image is not recognized as GIF and a call to `stbi__load_gif_main_outofmem` only frees possibly allocated memory in `*delays` without resetting it to zero. Thus it would be fair to say the caller of `stbi__load_gif_main` is responsible to free the allocated memory in `*delays` only if `stbi__load_gif_main` returns a non null value. However at the same time the function may return null value, but fail to free the memory in `*delays` if internally `stbi__convert_format` is called and fails. Thus the issue may lead to a memory leak if the caller chooses to free `delays` only when `stbi__load_gif_main` didn’t fail or to a double-free if the `delays` is always freed | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45666 |
CVE-2023-5683 | A vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20231010 and classified as critical. This issue affects some unknown processing of the file /sysmanage/importconf.php. The manipulation of the argument btn_file_renew leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243059. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5683 |
CVE-2023-5684 | A vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20231012. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /importexport.php. The manipulation leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243061 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5684 |
CVE-2023-46300 | iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain escape sequences related to tmux integration. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46300 |
CVE-2023-46301 | iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain escape sequences related to upload. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46301 |
CVE-2023-5693 | A vulnerability was found in CodeAstro Internet Banking System 1.0 and classified as critical. This issue affects some unknown processing of the file pages_reset_pwd.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243131. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5693 |
CVE-2023-5700 | A vulnerability, which was classified as critical, was found in Netentsec NS-ASG Application Security Gateway 6.3. Affected is an unknown function of the file /protocol/iscgwtunnel/uploadiscgwrouteconf.php. The manipulation of the argument GWLinkId leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-243138 is the identifier assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5700 |
CVE-2023-28805 | An Improper Input Validation vulnerability in Zscaler Client Connector on Linux allows Privilege Escalation. This issue affects Client Connector: before 1.4.0.105 | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28805 |
CVE-2022-22466 | IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 225222. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-22466 |
CVE-2023-27152 | DECISO OPNsense 23.1 does not impose rate limits for authentication, allowing attackers to perform a brute-force attack to bypass authentication. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27152 |
CVE-2023-37635 | UVDesk Community Skeleton v1.1.1 allows unauthenticated attackers to perform brute force attacks on the login page to gain access to the application. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-37635 |
CVE-2023-30912 | \nA remote code execution issue exists in HPE OneView.\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30912 |
CVE-2023-31581 | Dromara Sureness before v1.0.8 was discovered to use a hardcoded key. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-31581 |
CVE-2023-34048 | vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-34048 |
CVE-2023-37283 | Under a very specific and highly unrecommended configuration, authentication bypass is possible in the PingFederate Identifier First Adapter\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-37283 |
CVE-2023-39930 | A first-factor authentication bypass vulnerability exists in the PingFederate with PingID Radius PCV when a MSCHAP authentication request is sent via a maliciously crafted RADIUS client request. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-39930 |
CVE-2023-44794 | An issue in Dromara SaToken version 1.36.0 and before allows a remote attacker to escalate privileges via a crafted payload to the URL. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44794 |
CVE-2023-45554 | File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker to execute arbitrary code via modification of the imageext parameter from jpg, jpeg,gif, and png to jpg, jpeg,gif, png, pphphp. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45554 |
CVE-2023-46520 | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function uninstallPluginReqHandle. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46520 |
CVE-2023-46521 | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function RegisterRegister. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46521 |
CVE-2023-46522 | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function deviceInfoRegister. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46522 |
CVE-2023-46523 | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function upgradeInfoRegister. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46523 |
CVE-2023-46525 | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function loginRegister. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46525 |
CVE-2023-46526 | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function resetCloudPwdRegister. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46526 |
CVE-2023-46527 | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function bindRequestHandle. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46527 |
CVE-2023-46534 | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function modifyAccPwdRegister. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46534 |
CVE-2023-46535 | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function getResetVeriRegister. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46535 |
CVE-2023-46536 | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function chkRegVeriRegister. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46536 |
CVE-2023-46537 | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function getRegVeriRegister. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46537 |
CVE-2023-46538 | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function chkResetVeriRegister. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46538 |
CVE-2023-46539 | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function registerRequestHandle. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46539 |
CVE-2023-46554 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMapDel. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46554 |
CVE-2023-46555 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formPortFw. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46555 |
CVE-2023-46556 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formFilter. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46556 |
CVE-2023-46557 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMultiAPVLAN. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46557 |
CVE-2023-46558 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMapDelDevice. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46558 |
CVE-2023-46559 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formIPv6Addr. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46559 |
CVE-2023-46560 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formTcpipSetup. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46560 |
CVE-2023-46562 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formDosCfg. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46562 |
CVE-2023-46563 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formIpQoS. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46563 |
CVE-2023-46564 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formDMZ. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46564 |
CVE-2023-46574 | An issue in TOTOLINK A3700R v.9.1.2u.6165_20211012 allows a remote attacker to execute arbitrary code via the FileName parameter of the UploadFirmwareFile function. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46574 |
CVE-2023-5790 | A vulnerability classified as critical was found in SourceCodester File Manager App 1.0. Affected by this vulnerability is an unknown functionality of the file endpoint/add-file.php. The manipulation of the argument uploadedFileName leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243595. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5790 |
CVE-2023-5792 | A vulnerability has been found in SourceCodester Sticky Notes App 1.0 and classified as critical. This vulnerability affects unknown code of the file endpoint/delete-note.php. The manipulation of the argument note leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-243598 is the identifier assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5792 |
CVE-2023-46435 | Sourcecodester Packers and Movers Management System v1.0 is vulnerable to SQL Injection via mpms/?p=services/view_service&id. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46435 |
CVE-2023-44267 | Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'lnm' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44267 |
CVE-2023-46747 | \n\n\nUndisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46747 |
CVE-2023-43737 | Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'fnm' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43737 |
CVE-2023-44268 | Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'gender' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44268 |
CVE-2023-43738 | Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'email' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43738 |
CVE-2023-44162 | Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'contact' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44162 |
CVE-2023-44375 | Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'add1' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44375 |
CVE-2023-44376 | Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'add2' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44376 |
CVE-2023-44377 | Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'add3' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44377 |
CVE-2023-5807 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TRtek Software Education Portal allows SQL Injection.This issue affects Education Portal: before 3.2023.29.\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5807 |
CVE-2023-44480 | Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setcasualleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database.\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44480 |
CVE-2023-46509 | An issue in Contec SolarView Compact v.6.0 and before allows an attacker to execute arbitrary code via the texteditor.php component. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46509 |
CVE-2023-46569 | An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32_fpu function of libr/arch/p/nds32/nds32-dis.h. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46569 |
CVE-2023-46570 | An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32 function of libr/arch/p/nds32/nds32-dis.h. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46570 |
CVE-2022-37830 | Interway a.s WebJET CMS 8.6.896 is vulnerable to Cross Site Scripting (XSS). | 9.6 | https://nvd.nist.gov/vuln/detail/CVE-2022-37830 |
CVE-2023-45992 | A vulnerability in the web-based interface of the RUCKUS Cloudpath product on version 5.12 build 5538 or before to could allow a remote, unauthenticated attacker to execute persistent XSS and CSRF attacks against a user of the admin management interface. A successful attack, combined with a certain admin activity, could allow the attacker to gain full admin privileges on the exploited system. | 9.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-45992 |
CVE-2023-41895 | Home assistant is an open source home automation. The Home Assistant login page allows users to use their local Home Assistant credentials and log in to another website that specifies the `redirect_uri` and `client_id` parameters. Although the `redirect_uri` validation typically ensures that it matches the `client_id` and the scheme represents either `http` or `https`, Home Assistant will fetch the `client_id` and check for `<link rel="redirect_uri" href="...">` HTML tags on the page. These URLs are not subjected to the same scheme validation and thus allow for arbitrary JavaScript execution on the Home Assistant administration page via usage of `javascript\:` scheme URIs. This Cross-site Scripting (XSS) vulnerability can be executed on the Home Assistant frontend domain, which may be used for a full takeover of the Home Assistant account and installation. This issue has been addressed in version 2023.9.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 9.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-41895 |
CVE-2023-41897 | Home assistant is an open source home automation. Home Assistant server does not set any HTTP security headers, including the X-Frame-Options header, which specifies whether the web page is allowed to be framed. The omission of this and correlating headers facilitates covert clickjacking attacks and alternative exploit opportunities, such as the vector described in this security advisory. This fault incurs major risk, considering the ability to trick users into installing an external and malicious add-on with minimal user interaction, which would enable Remote Code Execution (RCE) within the Home Assistant application. This issue has been addressed in version 2023.9.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 9.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-41897 |
CVE-2023-37908 | XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. The cleaning of attributes during XHTML rendering, introduced in version 14.6-rc-1, allowed the injection of arbitrary HTML code and thus cross-site scripting via invalid attribute names. This can be exploited, e.g., via the link syntax in any content that supports XWiki syntax like comments in XWiki. When a user moves the mouse over a malicious link, the malicious JavaScript code is executed in the context of the user session. When this user is a privileged user who has programming rights, this allows server-side code execution with programming rights, impacting the confidentiality, integrity and availability of the XWiki instance. While this attribute was correctly recognized as not allowed, the attribute was still printed with a prefix `data-xwiki-translated-attribute-` without further cleaning or validation. This problem has been patched in XWiki 14.10.4 and 15.0 RC1 by removing characters not allowed in data attributes and then validating the cleaned attribute again. There are no known workarounds apart from upgrading to a version including the fix. | 9.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-37908 |
CVE-2019-10309 | Jenkins Self-Organizing Swarm Plug-in Modules Plugin clients that use UDP broadcasts to discover Jenkins masters do not prevent XML External Entity processing when processing the responses, allowing unauthorized attackers on the same network to read arbitrary files from Swarm clients. | 9.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-10309 |
CVE-2023-5576 | The Migration, Backup, Staging - WPvivid plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 0.9.91 via Google Drive API secrets stored in plaintext in the publicly visible plugin source. This could allow unauthenticated attackers to impersonate the WPVivid Google Drive account via the API if they can trick a user into reauthenticating via another vulnerability or social engineering. | 9.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-5576 |
CVE-2019-1003015 | An XML external entity processing vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/client/RestApiClient.java that allows attackers with the ability to control the HTTP server (Jenkins) queried in preparation of job import to read arbitrary files, perform a denial of service attack, etc. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003015 |
CVE-2021-25282 | An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-25282 |
CVE-2021-3144 | In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.) | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-3144 |
CVE-2021-21658 | Jenkins Nuget Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-21658 |
CVE-2021-21685 | Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agent-to-controller access to create parent directories in FilePath#mkdirs. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-21685 |
CVE-2021-21687 | Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agent-to-controller access to create symbolic links when unarchiving a symbolic link in FilePath#untar. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-21687 |
CVE-2021-21689 | FilePath#unzip and FilePath#untar were not subject to any agent-to-controller access control in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-21689 |
CVE-2021-21697 | Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allows any agent to read and write the contents of any build directory stored in Jenkins with very few restrictions. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-21697 |
CVE-2022-23096 | An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation lacks a check for the presence of sufficient Header Data, leading to an out-of-bounds read. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-23096 |
CVE-2022-23097 | An issue was discovered in the DNS proxy in Connman through 1.40. forward_dns_reply mishandles a strnlen call, leading to an out-of-bounds read. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-23097 |
CVE-2022-34181 | Jenkins xUnit Plugin 3.0.8 and earlier implements an agent-to-controller message that creates a user-specified directory if it doesn't exist, and parsing files inside it as test results, allowing attackers able to control agent processes to create an arbitrary directory on the Jenkins controller or to obtain test results from existing files in an attacker-specified directory. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-34181 |
CVE-2022-41241 | Jenkins RQM Plugin 2.8 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-41241 |
CVE-2023-41360 | An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c can read the initial byte of the ORF header in an ahead-of-stream situation. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-41360 |
CVE-2023-45278 | Directory Traversal vulnerability in the storage functionality of the API in Yamcs 5.8.6 allows attackers to delete arbitrary files via crafted HTTP DELETE request. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-45278 |
CVE-2023-26568 | Unauthenticated SQL injection in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-26568 |
CVE-2023-26569 | Unauthenticated SQL injection in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-26569 |
CVE-2023-26572 | Unauthenticated SQL injection in the GetExcursionList method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-26572 |
CVE-2023-26573 | Missing authentication in the SetDB method in IDAttend’s IDWeb application 3.1.052 and earlier allows denial of service or theft of database login credentials. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-26573 |
CVE-2023-26581 | Unauthenticated SQL injection in the GetVisitors method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-26581 |
CVE-2023-26582 | Unauthenticated SQL injection in the GetExcursionDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-26582 |
CVE-2023-26583 | Unauthenticated SQL injection in the GetCurrentPeriod method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-26583 |
CVE-2023-26584 | Unauthenticated SQL injection in the GetStudentInconsistencies method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-26584 |
CVE-2023-27254 | Unauthenticated SQL injection in the GetRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-27254 |
CVE-2023-27255 | Unauthenticated SQL injection in the DeleteRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-27255 |
CVE-2023-27260 | Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-27260 |
CVE-2023-27262 | Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-27262 |
CVE-2021-45046 | It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default. | 9 | https://nvd.nist.gov/vuln/detail/CVE-2021-45046 |
CVE-2022-40287 | \nThe application was found to be vulnerable to an authenticated Stored Cross-Site Scripting (XSS) vulnerability in messaging functionality, leading to privilege escalation or a compromise of a targeted account.\n\n | 9 | https://nvd.nist.gov/vuln/detail/CVE-2022-40287 |
CVE-2022-40288 | \nThe application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the user profile data fields, which could be leveraged to escalate privileges within and compromise any account that views their user profile.\n\n | 9 | https://nvd.nist.gov/vuln/detail/CVE-2022-40288 |
CVE-2022-40289 | \nThe application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the upload and download functionality, which could be leveraged to escalate privileges or compromise any accounts they can coerce into observing the targeted files.\n\n | 9 | https://nvd.nist.gov/vuln/detail/CVE-2022-40289 |
CVE-2023-41896 | Home assistant is an open source home automation. Whilst auditing the frontend code to identify hidden parameters, Cure53 detected `auth_callback=1`, which is leveraged by the WebSocket authentication logic in tandem with the `state` parameter. The state parameter contains the `hassUrl`, which is subsequently utilized to establish a WebSocket connection. This behavior permits an attacker to create a malicious Home Assistant link with a modified state parameter that forces the frontend to connect to an alternative WebSocket backend. Henceforth, the attacker can spoof any WebSocket responses and trigger cross site scripting (XSS). Since the XSS is executed on the actual Home Assistant frontend domain, it can connect to the real Home Assistant backend, which essentially represents a comprehensive takeover scenario. Permitting the site to be iframed by other origins, as discussed in GHSA-935v-rmg9-44mw, renders this exploit substantially covert since a malicious website can obfuscate the compromise strategy in the background. However, even without this, the attacker can still send the `auth_callback` link directly to the victim user. To mitigate this issue, Cure53 advises modifying the WebSocket code’s authentication flow. An optimal implementation in this regard would not trust the `hassUrl` passed in by a GET parameter. Cure53 must stipulate the significant time required of the Cure53 consultants to identify an XSS vector, despite holding full control over the WebSocket responses. In many areas, data from the WebSocket was properly sanitized, which hinders post-exploitation. The audit team eventually detected the `js_url` for custom panels, though generally, the frontend exhibited reasonable security hardening. This issue has been addressed in Home Assistant Core version 2023.8.0 and in the npm package home-assistant-js-websocket in version 8.2.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 9 | https://nvd.nist.gov/vuln/detail/CVE-2023-41896 |
CVE Number | Description | Base Score | Reference |
---|---|---|---|
CVE-2017-8625 | Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to bypass Device Guard User Mode Code Integrity (UMCI) policies due to Internet Explorer failing to validate UMCI policies, aka "Internet Explorer Security Feature Bypass Vulnerability". | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-8625 |
CVE-2019-1003000 | A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003000 |
CVE-2019-1003001 | A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins/workflow/cps/CpsFlowDefinition.java, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShellFactory.java that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003001 |
CVE-2019-1003002 | A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/Converter.groovy that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003002 |
CVE-2019-1003005 | A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.50 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003005 |
CVE-2019-1003006 | A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.0 and earlier in src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003006 |
CVE-2019-1003007 | A cross-site request forgery vulnerability exists in Jenkins Warnings Plugin 5.0.0 and earlier in src/main/java/hudson/plugins/warnings/GroovyParser.java that allows attackers to execute arbitrary code via a form validation HTTP endpoint. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003007 |
CVE-2019-1003008 | A cross-site request forgery vulnerability exists in Jenkins Warnings Next Generation Plugin 2.1.1 and earlier in src/main/java/io/jenkins/plugins/analysis/warnings/groovy/GroovyParser.java that allows attackers to execute arbitrary code via a form validation HTTP endpoint. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003008 |
CVE-2019-1003016 | An exposure of sensitive information vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/JobImportAction.java, src/main/java/org/jenkins/ci/plugins/jobimport/JobImportGlobalConfig.java, src/main/java/org/jenkins/ci/plugins/jobimport/model/JenkinsSite.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003016 |
CVE-2019-1003024 | A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.52 and earlier in RejectASTTransformsCustomizer.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003024 |
CVE-2019-1003025 | A exposure of sensitive information vulnerability exists in Jenkins Cloud Foundry Plugin 2.3.1 and earlier in AbstractCloudFoundryPushDescriptor.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003025 |
CVE-2019-9199 | PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-9199 |
CVE-2019-1003033 | A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.1 and earlier in pom.xml, src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003033 |
CVE-2019-1003039 | An insufficiently protected credentials vulnerability exists in JenkinsAppDynamics Dashboard Plugin 1.0.14 and earlier in src/main/java/nl/codecentric/jenkins/appd/AppDynamicsResultsPublisher.java that allows attackers without permission to obtain passwords configured in jobs to obtain them. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003039 |
CVE-2019-1003051 | Jenkins IRC Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003051 |
CVE-2019-1003052 | Jenkins AWS Elastic Beanstalk Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003052 |
CVE-2019-1003053 | Jenkins HockeyApp Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003053 |
CVE-2019-1003054 | Jenkins Jira Issue Updater Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003054 |
CVE-2019-1003055 | Jenkins FTP publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003055 |
CVE-2019-1003056 | Jenkins WebSphere Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003056 |
CVE-2019-1003057 | Jenkins Bitbucket Approve Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003057 |
CVE-2019-1003060 | Jenkins Official OWASP ZAP Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003060 |
CVE-2019-1003061 | Jenkins jenkins-cloudformation-plugin Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003061 |
CVE-2019-1003062 | Jenkins AWS CloudWatch Logs Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003062 |
CVE-2019-1003063 | Jenkins Amazon SNS Build Notifier Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003063 |
CVE-2019-1003064 | Jenkins aws-device-farm Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003064 |
CVE-2019-1003065 | Jenkins CloudShare Docker-Machine Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003065 |
CVE-2019-1003066 | Jenkins Bugzilla Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003066 |
CVE-2019-1003067 | Jenkins Trac Publisher Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003067 |
CVE-2019-1003068 | Jenkins VMware vRealize Automation Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003068 |
CVE-2019-1003069 | Jenkins Aqua Security Scanner Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003069 |
CVE-2019-1003070 | Jenkins veracode-scanner Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003070 |
CVE-2019-1003071 | Jenkins OctopusDeploy Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003071 |
CVE-2019-1003072 | Jenkins WildFly Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003072 |
CVE-2019-1003073 | Jenkins VS Team Services Continuous Deployment Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003073 |
CVE-2019-1003074 | Jenkins Hyper.sh Commons Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003074 |
CVE-2019-1003075 | Jenkins Audit to Database Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003075 |
CVE-2019-10277 | Jenkins StarTeam Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10277 |
CVE-2019-10280 | Jenkins Assembla Auth Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10280 |
CVE-2019-10281 | Jenkins Relution Enterprise Appstore Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10281 |
CVE-2019-10282 | Jenkins Klaros-Testmanagement Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10282 |
CVE-2019-10283 | Jenkins mabl Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10283 |
CVE-2019-10284 | Jenkins Diawi Upload Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10284 |
CVE-2019-10285 | Jenkins Minio Storage Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10285 |
CVE-2019-10286 | Jenkins DeployHub Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10286 |
CVE-2019-10287 | Jenkins youtrack-plugin Plugin 0.7.1 and older stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10287 |
CVE-2019-10288 | Jenkins Jabber Server Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10288 |
CVE-2019-10291 | Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10291 |
CVE-2019-10294 | Jenkins Kmap Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10294 |
CVE-2019-10295 | Jenkins crittercism-dsym Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10295 |
CVE-2019-10296 | Jenkins Serena SRA Deploy Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10296 |
CVE-2019-10297 | Jenkins Sametime Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10297 |
CVE-2019-10298 | Jenkins Koji Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10298 |
CVE-2019-10299 | Jenkins CloudCoreo DeployTime Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10299 |
CVE-2019-10301 | A missing permission check in Jenkins GitLab Plugin 1.5.11 and earlier in the GitLabConnectionConfig#doTestConnection form validation method allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10301 |
CVE-2019-10302 | Jenkins jira-ext Plugin 0.8 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10302 |
CVE-2019-10303 | Jenkins Azure PublisherSettings Credentials Plugin 1.2 and earlier stored credentials unencrypted in the credentials.xml file on the Jenkins master where they could be viewed by users with access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10303 |
CVE-2019-10310 | A cross-site request forgery vulnerability in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method allowed attackers permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10310 |
CVE-2019-10311 | A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10311 |
CVE-2019-10313 | Jenkins Twitter Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10313 |
CVE-2019-10315 | Jenkins GitHub Authentication Plugin 0.31 and earlier did not use the state parameter of OAuth to prevent CSRF. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10315 |
CVE-2019-10316 | Jenkins Aqua MicroScanner Plugin 1.0.5 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10316 |
CVE-2019-10318 | Jenkins Azure AD Plugin 0.3.3 and earlier stored the client secret unencrypted in the global config.xml configuration file on the Jenkins master where it could be viewed by users with access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10318 |
CVE-2019-10329 | Jenkins InfluxDB Plugin 1.21 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10329 |
CVE-2019-10338 | A cross-site request forgery vulnerability in Jenkins JX Resources Plugin 1.0.36 and earlier in GlobalPluginConfiguration#doValidateClient allowed attackers to have Jenkins connect to an attacker-specified Kubernetes server, potentially leaking credentials. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10338 |
CVE-2019-10339 | A missing permission check in Jenkins JX Resources Plugin 1.0.36 and earlier in GlobalPluginConfiguration#doValidateClient allowed users with Overall/Read access to have Jenkins connect to an attacker-specified Kubernetes server, potentially leaking credentials. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10339 |
CVE-2019-10340 | A cross-site request forgery vulnerability in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10340 |
CVE-2019-10347 | Jenkins Mashup Portlets Plugin stored credentials unencrypted on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10347 |
CVE-2019-10348 | Jenkins Gogs Plugin stored credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10348 |
CVE-2019-10350 | Jenkins Port Allocator Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10350 |
CVE-2019-10351 | Jenkins Caliper CI Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10351 |
CVE-2019-10355 | A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of type casts allowed attackers to execute arbitrary code in sandboxed scripts. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10355 |
CVE-2019-10356 | A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of method pointer expressions allowed attackers to execute arbitrary code in sandboxed scripts. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10356 |
CVE-2019-10368 | A cross-site request forgery vulnerability in Jenkins JClouds Plugin 2.14 and earlier in BlobStoreProfile.DescriptorImpl#doTestConnection and JCloudsCloud.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10368 |
CVE-2019-10380 | Jenkins Simple Travis Pipeline Runner Plugin 1.0 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10380 |
CVE-2019-10386 | A cross-site request forgery vulnerability in Jenkins XL TestView Plugin 1.2.0 and earlier in XLTestView.XLTestDescriptor#doTestConnection allows users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10386 |
CVE-2019-10384 | Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed users to obtain CSRF tokens without an associated web session ID, resulting in CSRF tokens that did not expire and could be used to bypass CSRF protection for the anonymous user. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10384 |
CVE-2019-10390 | A sandbox bypass vulnerability in Jenkins Splunk Plugin 1.7.4 and earlier allowed attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10390 |
CVE-2019-10392 | Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10392 |
CVE-2019-10437 | A cross-site request forgery vulnerability in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10437 |
CVE-2019-10440 | Jenkins NeoLoad Plugin 2.2.5 and earlier stored credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10440 |
CVE-2019-10443 | Jenkins iceScrum Plugin 1.1.4 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10443 |
CVE-2019-10448 | Jenkins Extensive Testing Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10448 |
CVE-2019-10449 | Jenkins Fortify on Demand Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10449 |
CVE-2019-10464 | A cross-site request forgery vulnerability in Jenkins Deploy WebLogic Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials, or determine whether a file or directory with an attacker-specified path exists on the Jenkins master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10464 |
CVE-2019-10468 | A cross-site request forgery vulnerability in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10468 |
CVE-2019-10471 | A cross-site request forgery vulnerability in Jenkins Libvirt Slaves Plugin allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10471 |
CVE-2019-16538 | A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.67 and earlier related to the handling of default parameter expressions in closures allowed attackers to execute arbitrary code in sandboxed scripts. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-16538 |
CVE-2019-16544 | Jenkins QMetry for JIRA - Test Management Plugin 1.12 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-16544 |
CVE-2019-16548 | A cross-site request forgery vulnerability in Jenkins Google Compute Engine Plugin 4.1.1 and earlier in ComputeEngineCloud#doProvision could be used to provision new agents. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-16548 |
CVE-2019-16550 | A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-16550 |
CVE-2019-16551 | A cross-site request forgery vulnerability in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-16551 |
CVE-2019-16553 | A cross-site request forgery vulnerability in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers to have Jenkins evaluate a computationally expensive regular expression. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-16553 |
CVE-2019-16560 | A cross-site request forgery vulnerability in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers to perform connection tests and determine whether files with an attacker-specified path exist on the Jenkins master file system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-16560 |
CVE-2019-16565 | A cross-site request forgery vulnerability in Jenkins Team Concert Plugin 1.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-16565 |
CVE-2019-16570 | A cross-site request forgery vulnerability in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers to connect to an attacker-specified web server. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-16570 |
CVE-2019-16573 | A cross-site request forgery vulnerability in Jenkins Alauda DevOps Pipeline Plugin 2.3.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-16573 |
CVE-2019-16575 | A cross-site request forgery vulnerability in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing the Kubernetes service account token or credentials stored in Jenkins. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-16575 |
CVE-2020-2090 | A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2090 |
CVE-2020-2092 | Jenkins Robot Framework Plugin 2.0.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing users with Job/Configure to have Jenkins parse crafted XML documents. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2092 |
CVE-2020-2093 | A cross-site request forgery vulnerability in Jenkins Health Advisor by CloudBees Plugin 3.0 and earlier allows attackers to send an email with fixed content to an attacker-specified recipient. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2093 |
CVE-2020-2097 | Jenkins Sounds Plugin 0.5 and earlier does not perform permission checks in URLs performing form validation, allowing attackers with Overall/Read access to execute arbitrary OS commands as the OS user account running Jenkins. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2097 |
CVE-2020-2098 | A cross-site request forgery vulnerability in Jenkins Sounds Plugin 0.5 and earlier allows attacker to execute arbitrary OS commands as the OS user account running Jenkins. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2098 |
CVE-2020-2109 | Sandbox protection in Jenkins Pipeline: Groovy Plugin 2.78 and earlier can be circumvented through default parameter expressions in CPS-transformed methods. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2109 |
CVE-2020-2110 | Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2110 |
CVE-2020-2115 | Jenkins NUnit Plugin 0.25 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2115 |
CVE-2020-2116 | A cross-site request forgery vulnerability in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2116 |
CVE-2020-2120 | Jenkins FitNesse Plugin 1.30 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2120 |
CVE-2020-2121 | Jenkins Google Kubernetes Engine Plugin 0.8.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2121 |
CVE-2020-2123 | Jenkins RadarGun Plugin 1.7 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2123 |
CVE-2020-2134 | Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted constructor calls and crafted constructor bodies. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2134 |
CVE-2020-2135 | Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted method calls on objects that implement GroovyInterceptable. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2135 |
CVE-2020-2158 | Jenkins Literate Plugin 1.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2158 |
CVE-2020-2159 | Jenkins CryptoMove Plugin 0.1.33 and earlier allows attackers with Job/Configure access to execute arbitrary OS commands on the Jenkins master as the OS user account running Jenkins. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2159 |
CVE-2020-2160 | Jenkins 2.227 and earlier, LTS 2.204.5 and earlier uses different representations of request URL paths, which allows attackers to craft URLs that allow bypassing CSRF protection of any target URL. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2160 |
CVE-2020-2166 | Jenkins Pipeline: AWS Steps Plugin 1.40 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2166 |
CVE-2020-2167 | Jenkins OpenShift Pipeline Plugin 1.0.56 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2167 |
CVE-2020-2168 | Jenkins Azure Container Service Plugin 1.0.1 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2168 |
CVE-2020-2171 | Jenkins RapidDeploy Plugin 4.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2171 |
CVE-2020-2179 | Jenkins Yaml Axis Plugin 0.2.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2179 |
CVE-2020-2180 | Jenkins AWS SAM Plugin 1.2.2 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2180 |
CVE-2020-2189 | Jenkins SCM Filter Jervis Plugin 0.2.1 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2189 |
CVE-2020-2200 | Jenkins Play Framework Plugin 1.0.2 and earlier lets users specify the path to the `play` command on the Jenkins master for a form validation endpoint, resulting in an OS command injection vulnerability exploitable by users able to store such a file on the Jenkins master. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2200 |
CVE-2020-2211 | Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin 1.3 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2211 |
CVE-2020-2228 | Jenkins Gitlab Authentication Plugin 1.5 and earlier does not perform group authorization checks properly, resulting in a privilege escalation vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2228 |
CVE-2020-2240 | A cross-site request forgery (CSRF) vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to execute arbitrary SQL scripts. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2240 |
CVE-2020-2241 | A cross-site request forgery (CSRF) vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to connect to an attacker-specified database server using attacker-specified credentials. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2241 |
CVE-2020-2261 | Jenkins Perfecto Plugin 1.17 and earlier executes a command on the Jenkins controller, allowing attackers with Job/Configure permission to run arbitrary commands on the Jenkins controller | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2261 |
CVE-2020-2268 | A cross-site request forgery (CSRF) vulnerability in Jenkins MongoDB Plugin 1.3 and earlier allows attackers to gain access to some metadata of any arbitrary files on the Jenkins controller. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2268 |
CVE-2020-2276 | Jenkins Selection tasks Plugin 1.0 and earlier executes a user-specified program on the Jenkins controller, allowing attackers with Job/Configure permission to execute an arbitrary system command on the Jenkins controller as the OS user that the Jenkins process is running as. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2276 |
CVE-2020-2280 | A cross-site request forgery (CSRF) vulnerability in Jenkins Warnings Plugin 5.0.1 and earlier allows attackers to execute arbitrary code. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2280 |
CVE-2020-2286 | Jenkins Role-based Authorization Strategy Plugin 3.0 and earlier does not properly invalidate a permission cache when the configuration is changed, resulting in permissions being granted based on an outdated configuration. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2286 |
CVE-2021-21617 | A cross-site request forgery (CSRF) vulnerability in Jenkins Configuration Slicing Plugin 1.51 and earlier allows attackers to apply different slice configurations. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21617 |
CVE-2021-21627 | A cross-site request forgery (CSRF) vulnerability in Jenkins Libvirt Agents Plugin 1.9.0 and earlier allows attackers to stop hypervisor domains. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21627 |
CVE-2021-21629 | A cross-site request forgery (CSRF) vulnerability in Jenkins Build With Parameters Plugin 1.5 and earlier allows attackers to build a project with attacker-specified parameters. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21629 |
CVE-2021-21633 | A cross-site request forgery (CSRF) vulnerability in Jenkins OWASP Dependency-Track Plugin 3.1.0 and earlier allows attackers to connect to an attacker-specified URL, capturing credentials stored in Jenkins. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21633 |
CVE-2021-21638 | A cross-site request forgery (CSRF) vulnerability in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21638 |
CVE-2021-21646 | Jenkins Templating Engine Plugin 2.1 and earlier does not protect its pipeline configurations using Script Security Plugin, allowing attackers with Job/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21646 |
CVE-2021-21657 | Jenkins Filesystem Trigger Plugin 0.40 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21657 |
CVE-2021-30560 | Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-30560 |
CVE-2021-21677 | Jenkins Code Coverage API Plugin 1.4.0 and earlier does not apply Jenkins JEP-200 deserialization protection to Java objects it deserializes from disk, resulting in a remote code execution vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21677 |
CVE-2021-21678 | Jenkins SAML Plugin 2.0.7 and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21678 |
CVE-2021-21679 | Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21679 |
CVE-2021-21695 | FilePath#listFiles lists files outside directories that agents are allowed to access when following symbolic links in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21695 |
CVE-2022-20617 | Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure permission or able to control the contents of a previously configured job's SCM repository. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-20617 |
CVE-2022-23118 | Jenkins Debian Package Builder Plugin 1.6.11 and earlier implements functionality that allows agents to invoke command-line `git` at an attacker-specified path on the controller, allowing attackers able to control agent processes to invoke arbitrary OS commands on the controller. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-23118 |
CVE-2022-25173 | Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier uses the same checkout directories for distinct SCMs when reading the script file (typically Jenkinsfile) for Pipelines, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25173 |
CVE-2022-25174 | Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier uses the same checkout directories for distinct SCMs for Pipeline libraries, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25174 |
CVE-2022-25175 | Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier uses the same checkout directories for distinct SCMs for the readTrusted step, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25175 |
CVE-2022-25181 | A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier allows attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM through crafted SCM contents, if a global Pipeline library already exists. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25181 |
CVE-2022-25182 | A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier allows attackers with Item/Configure permission to execute arbitrary code on the Jenkins controller JVM using specially crafted library names if a global Pipeline library is already configured. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25182 |
CVE-2022-25183 | Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier uses the names of Pipeline libraries to create cache directories without any sanitization, allowing attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM using specially crafted library names if a global Pipeline library configured to use caching already exists. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25183 |
CVE-2022-25192 | A cross-site request forgery (CSRF) vulnerability in Jenkins Snow Commander Plugin 1.10 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25192 |
CVE-2022-25194 | A cross-site request forgery (CSRF) vulnerability in Jenkins autonomiq Plugin 1.15 and earlier allows attackers to connect to an attacker-specified URL server using attacker-specified credentials. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25194 |
CVE-2022-25198 | A cross-site request forgery (CSRF) vulnerability in Jenkins SCP publisher Plugin 1.8 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25198 |
CVE-2022-25199 | A missing permission check in Jenkins SCP publisher Plugin 1.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25199 |
CVE-2022-25200 | A cross-site request forgery (CSRF) vulnerability in Jenkins Checkmarx Plugin 2022.1.2 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25200 |
CVE-2022-25205 | A cross-site request forgery (CSRF) vulnerability in Jenkins dbCharts Plugin 0.5.2 and earlier allows attackers to connect to an attacker-specified database via JDBC using attacker-specified credentials and to determine if a class is available in the Jenkins instance. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25205 |
CVE-2022-25206 | A missing check in Jenkins dbCharts Plugin 0.5.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified database via JDBC using attacker-specified credentials. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25206 |
CVE-2022-25207 | A cross-site request forgery (CSRF) vulnerability in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25207 |
CVE-2022-25208 | A missing permission check in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers with Overall/Read permission to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25208 |
CVE-2022-25209 | Jenkins Chef Sinatra Plugin 1.20 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25209 |
CVE-2022-25211 | A missing permission check in Jenkins SWAMP Plugin 1.2.6 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server using attacker-specified credentials. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25211 |
CVE-2022-25212 | A cross-site request forgery (CSRF) vulnerability in Jenkins SWAMP Plugin 1.2.6 and earlier allows attackers to connect to an attacker-specified web server using attacker-specified credentials. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25212 |
CVE-2022-27204 | A cross-site request forgery vulnerability in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers to connect to an attacker-specified URL. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-27204 |
CVE-2022-26183 | PNPM v6.15.1 and below was discovered to contain an untrusted search path which causes the application to behave in unexpected ways when users execute PNPM commands in a directory containing malicious content. This vulnerability occurs when the application is ran on Windows OS. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26183 |
CVE-2022-28136 | A cross-site request forgery (CSRF) vulnerability in Jenkins JiraTestResultReporter Plugin 165.v817928553942 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-28136 |
CVE-2022-28150 | A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to change the owners and item-specific permissions of a job. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-28150 |
CVE-2022-22934 | An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the minion’s public key, which can result in attackers substituting arbitrary pillar data. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-22934 |
CVE-2022-22936 | An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Job publishes and file server replies are susceptible to replay attacks, which can result in an attacker replaying job publishes causing minions to run old jobs. File server replies can also be re-played. A sufficient craft attacker could gain root access on minion under certain scenarios. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-22936 |
CVE-2022-22941 | An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. When configured as a Master-of-Masters, with a publisher_acl, if a user configured in the publisher_acl targets any minion connected to the Syndic, the Salt Master incorrectly interpreted no valid targets as valid, allowing configured users to target any of the minions connected to the syndic with their configured commands. This requires a syndic master combined with publisher_acl configured on the Master-of-Masters, allowing users specified in the publisher_acl to bypass permissions, publishing authorized commands to any configured minion. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-22941 |
CVE-2022-29050 | A cross-site request forgery (CSRF) vulnerability in Jenkins Publish Over FTP Plugin 1.16 and earlier allows attackers to connect to an FTP server using attacker-specified credentials. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-29050 |
CVE-2022-30950 | Jenkins WMI Windows Agents Plugin 1.8 and earlier includes the Windows Remote Command library which has a buffer overflow vulnerability that may allow users able to connect to a named pipe to execute commands on the Windows agent machine. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30950 |
CVE-2022-30951 | Jenkins WMI Windows Agents Plugin 1.8 and earlier includes the Windows Remote Command library does not implement access control, potentially allowing users to start processes even if they're not allowed to log in. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30951 |
CVE-2022-30958 | A cross-site request forgery (CSRF) vulnerability in Jenkins SSH Plugin 2.6.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30958 |
CVE-2022-30969 | A cross-site request forgery (CSRF) vulnerability in Jenkins Autocomplete Parameter Plugin 1.1 and earlier allows attackers to execute arbitrary code without sandbox protection if the victim is an administrator. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30969 |
CVE-2022-30971 | Jenkins Storable Configs Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30971 |
CVE-2022-30972 | A cross-site request forgery (CSRF) vulnerability in Jenkins Storable Configs Plugin 1.0 and earlier allows attackers to have Jenkins parse a local XML file (e.g., archived artifacts) that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30972 |
CVE-2022-29450 | Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Admin Management Xtended plugin <= 2.4.4 at WordPress.\n\n | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-29450 |
CVE-2022-22967 | An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allows a previously authorized user whose account is locked still run Salt commands when their account is locked. This affects both local shell accounts with an active session and salt-api users that authenticate via PAM eauth. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-22967 |
CVE-2022-34200 | A cross-site request forgery (CSRF) vulnerability in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers to connect to an attacker-specified URL. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-34200 |
CVE-2022-34203 | A cross-site request forgery (CSRF) vulnerability in Jenkins EasyQA Plugin 1.0 and earlier allows attackers to connect to an attacker-specified HTTP server. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-34203 |
CVE-2022-34134 | Benjamin BALET Jorani v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /application/controllers/Users.php. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-34134 |
CVE-2022-34793 | Jenkins Recipe Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-34793 |
CVE-2022-30550 | An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the same driver and args settings, incorrect username_filter and mechanism settings can be applied to passdb definitions. These incorrectly applied settings can lead to an unintended security configuration and can permit privilege escalation in certain configurations. The documentation does not advise against the use of passdb definitions that have the same driver and args settings. One such configuration would be where an administrator wishes to use the same PAM configuration or passwd file for both normal and master users but use the username_filter setting to restrict which of the users is able to be a master user. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30550 |
CVE-2022-36882 | A cross-site request forgery (CSRF) vulnerability in Jenkins Git Plugin 4.11.3 and earlier allows attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-36882 |
CVE-2022-36889 | Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the application path of the applications when configuring a deployment, allowing attackers with Item/Configure permission to upload arbitrary files from the Jenkins controller file system to the selected service. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-36889 |
CVE-2022-36920 | A cross-site request forgery (CSRF) vulnerability in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-36920 |
CVE-2022-41227 | A cross-site request forgery (CSRF) vulnerability in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-41227 |
CVE-2022-41228 | A missing permission check in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers with Overall/Read permissions to connect to an attacker-specified webserver using attacker-specified credentials. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-41228 |
CVE-2022-41234 | Jenkins Rundeck Plugin 3.6.11 and earlier does not protect access to the /plugin/rundeck/webhook/ endpoint, allowing users with Overall/Read permission to trigger jobs that are configured to be triggerable via Rundeck. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-41234 |
CVE-2022-41236 | A cross-site request forgery (CSRF) vulnerability in Jenkins Security Inspector Plugin 117.v6eecc36919c2 and earlier allows attackers to replace the generated report stored in a per-session cache and displayed to authorized users at the .../report URL with a report based on attacker-specified report generation options. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-41236 |
CVE-2022-41245 | A cross-site request forgery (CSRF) vulnerability in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-41245 |
CVE-2022-41249 | A cross-site request forgery (CSRF) vulnerability in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-41249 |
CVE-2022-41253 | A cross-site request forgery (CSRF) vulnerability in Jenkins CONS3RT Plugin 1.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-41253 |
CVE-2022-43407 | Jenkins Pipeline: Input Step Plugin 451.vf1a_a_4f405289 and earlier does not restrict or sanitize the optionally specified ID of the 'input' step, which is used for the URLs that process user interactions for the given 'input' step (proceed or abort) and is not correctly encoded, allowing attackers able to configure Pipelines to have Jenkins build URLs from 'input' step IDs that would bypass the CSRF protection of any target URL in Jenkins when the 'input' step is interacted with. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-43407 |
CVE-2022-43416 | Jenkins Katalon Plugin 1.0.32 and earlier implements an agent/controller message that does not limit where it can be executed and allows invoking Katalon with configurable arguments, allowing attackers able to control agent processes to invoke Katalon on the Jenkins controller with attacker-controlled version, install location, and arguments, and attackers additionally able to create files on the Jenkins controller (e.g., attackers with Item/Configure permission could archive artifacts) to invoke arbitrary OS commands. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-43416 |
CVE-2022-42344 | Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Incorrect Authorization vulnerability. An authenticated attacker can exploit this vulnerability to achieve information exposure and privilege escalation. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-42344 |
CVE-2022-39016 | \nJavascript injection in PDFtron in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to perform an account takeover via a crafted PDF upload. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-39016 |
CVE-2022-40291 | \nThe application was vulnerable to Cross-Site Request Forgery (CSRF) attacks, allowing an attacker to coerce users into sending malicious requests to the site to delete their account, or in rare circumstances, hijack their account and create other admin accounts.\n\n | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-40291 |
CVE-2022-40294 | \nThe application was identified to have an CSV injection in data export functionality, allowing for malicious code to be embedded within export data and then triggered in exported data viewers.\n\n | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-40294 |
CVE-2022-41775 | SQL Injection in \n\n\n\n\n\n\n\nHandler_CFG.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-41775 |
CVE-2022-43447 | SQL Injection in \n\n\n\n\n\n\n\n\n\nAM_EBillAnalysis.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-43447 |
CVE-2022-43452 | SQL Injection in \n\n\n\n\n\n\n\n\n\n\n\n\n\nFtyInfoSetting.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-43452 |
CVE-2022-43457 | SQL Injection in \n\n\n\n\n\n\n\n\n\n\n\nHandlerPage_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-43457 |
CVE-2022-43506 | SQL Injection in \n\n\n\nHandlerTag_KID.ashx\n\n\n\nin Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-43506 |
CVE-2023-0052 | SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior allows the execution of commands without credentials. As Telnet and file transfer protocol (FTP) are the only protocols available for device management, an unauthorized user could access the system and modify the device configuration, which could result in the unauthorized user executing unrestricted malicious commands.\n\n | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0052 |
CVE-2023-24432 | A cross-site request forgery (CSRF) vulnerability in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24432 |
CVE-2023-24434 | A cross-site request forgery (CSRF) vulnerability in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24434 |
CVE-2023-0493 | Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.7.5.\n\n | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0493 |
CVE-2023-0696 | Type confusion in V8 in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0696 |
CVE-2023-0698 | Out of bounds read in WebRTC in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0698 |
CVE-2023-0699 | Use after free in GPU in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page and browser shutdown. (Chromium security severity: Medium) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0699 |
CVE-2023-0701 | Heap buffer overflow in WebUI in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interaction . (Chromium security severity: Medium) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0701 |
CVE-2023-0702 | Type confusion in Data Transfer in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0702 |
CVE-2023-0703 | Type confusion in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interactions. (Chromium security severity: Medium) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0703 |
CVE-2023-22935 | In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘display.page.search.patterns.sensitivity’ search parameter lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user to initiate a request within their browser and only affects instances with Splunk Web enabled. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22935 |
CVE-2023-22939 | In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘map’ search processing language (SPL) command lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user to initiate a request within their browser and only affects instances with Splunk Web enabled. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22939 |
CVE-2023-25767 | A cross-site request forgery (CSRF) vulnerability in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers to connect to an attacker-specified web server. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25767 |
CVE-2023-0903 | A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file edit-task.php. The manipulation of the argument task_id leads to sql injection. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221452. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0903 |
CVE-2022-46836 | PHP code injection in watolib auth.php and hosttags.php in Tribe29's Checkmk <= 2.1.0p10, Checkmk <= 2.0.0p27, and Checkmk <= 1.6.0p29 allows an attacker to inject and execute PHP code which will be executed upon request of the vulnerable component. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-46836 |
CVE-2023-0927 | Use after free in Web Payments API in Google Chrome on Android prior to 110.0.5481.177 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0927 |
CVE-2023-0928 | Use after free in SwiftShader in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0928 |
CVE-2023-1647 | Improper Access Control in GitHub repository calcom/cal.com prior to 2.7.\n\n | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1647 |
CVE-2023-29842 | ChurchCRM 4.5.4 endpoint /EditEventTypes.php is vulnerable to Blind SQL Injection (Time-based) via the EN_tyid POST parameter. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29842 |
CVE-2023-32707 | In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below version 9.0.2303.100, a low-privileged user who holds a role that has the ‘edit_user’ capability assigned to it can escalate their privileges to that of the admin user by providing specially crafted web requests. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-32707 |
CVE-2023-24018 | A stack-based buffer overflow vulnerability exists in the libzebra.so.0.0.0 security_decrypt_password functionality of Milesight UR32L v32.3.0.5. A specially crafted HTTP request can lead to a buffer overflow. An authenticated attacker can send an HTTP request to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24018 |
CVE-2023-4352 | Type confusion in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4352 |
CVE-2023-4429 | Use after free in Loader in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4429 |
CVE-2023-4430 | Use after free in Vulkan in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4430 |
CVE-2023-4572 | Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4572 |
CVE-2023-4746 | A vulnerability classified as critical has been found in TOTOLINK N200RE V5 9.3.5u.6437_B20230519. This affects the function Validity_check. The manipulation leads to format string. It is possible to initiate the attack remotely. The root-cause of the vulnerability is a format string issue. But the impact is to bypass the validation which leads to to OS command injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-238635. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4746 |
CVE-2023-4762 | Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4762 |
CVE-2023-4585 | Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4585 |
CVE-2023-4863 | Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4863 |
CVE-2023-5002 | A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API, allowing an authenticated user to run arbitrary commands on the server. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5002 |
CVE-2023-35074 | The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-35074 |
CVE-2023-43192 | SQL injection can exist in a newly created part of the SpringbootCMS 1.0 background, and the parameters submitted by users are not filtered. As a result, special characters in parameters destroy the original logic of SQL statements. Attackers can use this vulnerability to execute any SQL statement. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43192 |
CVE-2023-2681 | An SQL Injection vulnerability has been found on Jorani version 1.0.0. This vulnerability allows an authenticated remote user, with low privileges, to send queries with malicious SQL code on the "/leaves/validate" path and the “id” parameter, managing to extract arbritary information from the database. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2681 |
CVE-2023-45160 | \nIn the affected version of the 1E Client, an ordinary user could subvert downloaded instruction resource files, e.g., to substitute a harmful script. by replacing a resource script file created by an instruction at run time with a malicious script. The 1E Client's temporary directory is now locked down in the released patch.\n\n\n\nResolution: This has been fixed in patch Q23094 \n\nThis issue has also been fixed in the Mac Client in updated versions of Non-Windows release v8.1.2.62 - please re-download from the 1E Support site. v9.0 Mac client release is still pending. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45160 |
CVE-2023-43641 | libcue provides an API for parsing and extracting data from CUE sheets. Versions 2.2.1 and prior are vulnerable to out-of-bounds array access. A user of the GNOME desktop environment can be exploited by downloading a cue sheet from a malicious webpage. Because the file is saved to `~/Downloads`, it is then automatically scanned by tracker-miners. And because it has a .cue filename extension, tracker-miners use libcue to parse the file. The file exploits the vulnerability in libcue to gain code execution. This issue is patched in version 2.3.0. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43641 |
CVE-2023-38218 | Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Incorrect Authorization . An authenticated attacker can exploit this to achieve information exposure and privilege escalation. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-38218 |
CVE-2023-43118 | Cross Site Request Forgery (CSRF) vulnerability in Chalet application in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, fixed in 31.7.2 and 32.5.1.5 allows attackers to run arbitrary code and cause other unspecified impacts via /jsonrpc API. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43118 |
CVE-2023-5626 | Cross-Site Request Forgery (CSRF) in GitHub repository pkp/ojs prior to 3.3.0-16. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5626 |
CVE-2023-37502 | HCL Compass is vulnerable to lack of file upload security. An attacker could upload files containing active code that can be executed by the server or by a user's web browser.\n | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-37502 |
CVE-2023-46229 | LangChain before 0.0.317 allows SSRF via document_loaders/recursive_url_loader.py because crawling can proceed from an external server to an internal server. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46229 |
CVE-2022-25333 | The Texas Instruments OMAP L138 (secure variants) trusted execution environment (TEE) performs an RSA check implemented in mask ROM when loading a module through the SK_LOAD routine. However, only the module header authenticity is validated. An adversary can re-use any correctly signed header and append a forged payload, to be encrypted using the CEK (obtainable through CVE-2022-25332) in order to obtain arbitrary code execution in secure context. This constitutes a full break of the TEE security architecture. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25333 |
CVE-2022-25334 | The Texas Instruments OMAP L138 (secure variants) trusted execution environment (TEE) lacks a bounds check on the signature size field in the SK_LOAD module loading routine, present in mask ROM. A module with a sufficiently large signature field causes a stack overflow, affecting secure kernel data pages. This can be leveraged to obtain arbitrary code execution in secure supervisor context by overwriting a SHA256 function pointer in the secure kernel data area when loading a forged, unsigned SK_LOAD module encrypted with the CEK (obtainable through CVE-2022-25332). This constitutes a full break of the TEE security architecture. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25334 |
CVE-2022-26941 | A format string vulnerability exists in Motorola MTM5000 series firmware AT command handler for the AT+CTGL command. An attacker-controllable string is improperly handled, allowing for a write-anything-anywhere scenario. This can be leveraged to obtain arbitrary code execution inside the teds_app binary, which runs with root privileges. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26941 |
CVE-2022-26943 | The Motorola MTM5000 series firmwares generate TETRA authentication challenges using a PRNG using a tick count register as its sole entropy source. Low boottime entropy and limited re-seeding of the pool renders the authentication challenge vulnerable to two attacks. First, due to the limited boottime pool entropy, an adversary can derive the contents of the entropy pool by an exhaustive search of possible values, based on an observed authentication challenge. Second, an adversary can use knowledge of the entropy pool to predict authentication challenges. As such, the unit is vulnerable to CVE-2022-24400. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26943 |
CVE-2023-35180 | The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows authenticated users to abuse SolarWinds ARM API. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-35180 |
CVE-2023-35186 | The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an authenticated user to abuse SolarWinds service resulting in remote code execution. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-35186 |
CVE-2023-41089 | \n\n\n\n\n\n\n\n\nThe affected product is vulnerable to an improper authentication vulnerability, which may allow an attacker to impersonate a legitimate user as long as the device keeps the session active, since the attack takes advantage of the cookie header to generate "legitimate" requests.\n\n\n\n\n\n\n\n\n\n | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41089 |
CVE-2023-42435 | \n\n\n\n\nThe affected product is vulnerable to a cross-site request forgery vulnerability, which may allow an attacker to perform actions with the permissions of a victim user.\n\n\n\n\n\n | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-42435 |
CVE-2023-40145 | \n\n\n\n\n\n\n\n\nIn Weintek's cMT3000 HMI Web CGI device, an anonymous attacker can execute arbitrary commands after login to the device.\n\n\n\n | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40145 |
CVE-2023-44385 | The Home Assistant Companion for iOS and macOS app up to version 2023.4 are vulnerable to Client-Side Request Forgery. Attackers may send malicious links/QRs to victims that, when visited, will make the victim to call arbitrary services in their Home Assistant installation. Combined with this security advisory, may result in full compromise and remote code execution (RCE). Version 2023.7 addresses this issue and all users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as GitHub Security Lab (GHSL) Vulnerability Report: GHSL-2023-161. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44385 |
CVE-2020-36698 | The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized user interaction in versions up to, and including, 2.50. This is due to missing capability checks on several AJAX actions and nonce disclosure in the source page of the administrative dashboard. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to call functions and delete and/or upload files. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-36698 |
CVE-2023-4920 | The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_save_options function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Additionally, input sanitization and escaping is insufficient resulting in the possibility of malicious script injection. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4920 |
CVE-2021-4334 | The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized modification of site options due to a missing capability check on the fpd_update_options function in versions up to, and including, 4.6.9. This makes it possible for authenticated attackers with subscriber-level permissions to modify site options, including setting the default role to administrator which can allow privilege escalation. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-4334 |
CVE-2022-2441 | The ImageMagick Engine plugin for WordPress is vulnerable to remote code execution via the 'cli_path' parameter in versions up to, and including 1.7.5. This makes it possible for unauthenticated users to run arbitrary commands leading to remote command execution, granted they can trick a site administrator into performing an action such as clicking on a link. This makes it possible for an attacker to create and or modify files hosted on the server which can easily grant attackers backdoor access to the affected server. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-2441 |
CVE-2022-3342 | The Jetpack CRM plugin for WordPress is vulnerable to PHAR deserialization via the ‘zbscrmcsvimpf’ parameter in the 'zeroBSCRM_CSVImporterLitehtml_app' function in versions up to, and including, 5.3.1. While the function performs a nonce check, steps 2 and 3 of the check do not take any action upon a failed check. These steps then perform a 'file_exists' check on the value of 'zbscrmcsvimpf'. If a phar:// archive is supplied, its contents will be deserialized and an object injected in the execution stream. This allows an unauthenticated attacker to obtain object injection if they are able to upload a phar archive (for instance if the site supports image uploads) and then trick an administrator into performing an action, such as clicking a link. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-3342 |
CVE-2022-4290 | The Cyr to Lat plugin for WordPress is vulnerable to authenticated SQL Injection via the 'ctl_sanitize_title' function in versions up to, and including, 3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This potentially allows authenticated users with the ability to add or modify terms or tags to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. A partial patch became available in version 3.6 and the issue was fully patched in version 3.7. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-4290 |
CVE-2023-4999 | The Horizontal scrolling announcement plugin for WordPress is vulnerable to SQL Injection via the plugin's [horizontal-scrolling] shortcode in versions up to, and including, 9.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4999 |
CVE-2023-5602 | The Social Media Share Buttons & Social Sharing Icons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.5. This is due to missing or incorrect nonce validation on several functions corresponding to AJAX actions. This makes it possible for unauthenticated attackers to invoke those actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5602 |
CVE-2023-23373 | An OS command injection vulnerability has been reported to affect QUSBCam2. If exploited, the vulnerability could allow users to execute commands via a network.\n\nWe have already fixed the vulnerability in the following version:\nQUSBCam2 2.0.3 ( 2023/06/15 ) and later\n | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23373 |
CVE-2023-5686 | Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5686 |
CVE-2023-5687 | Cross-Site Request Forgery (CSRF) in GitHub repository mosparo/mosparo prior to 1.0.3. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5687 |
CVE-2023-5690 | Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.2.2. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5690 |
CVE-2023-46117 | reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities. A vulnerability has been identified in reconftw where inadequate validation of retrieved subdomains may lead to a Remote Code Execution (RCE) attack. An attacker can exploit this vulnerability by crafting a malicious CSP entry on it's own domain. Successful exploitation can lead to the execution of arbitrary code within the context of the application, potentially compromising the system. This issue has been addressed in version 2.7.1.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46117 |
CVE-2023-45664 | stb_image is a single file MIT licensed library for processing images. A crafted image file can trigger `stbi__load_gif_main_outofmem` attempt to double-free the out variable. This happens in `stbi__load_gif_main` because when the `layers * stride` value is zero the behavior is implementation defined, but common that realloc frees the old memory and returns null pointer. Since it attempts to double-free the memory a few lines below the first “free”, the issue can be potentially exploited only in a multi-threaded environment. In the worst case this may lead to code execution. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45664 |
CVE-2023-38190 | An issue was discovered in SuperWebMailer 9.00.0.01710. It allows Export SQL Injection via the size parameter. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-38190 |
CVE-2023-38193 | An issue was discovered in SuperWebMailer 9.00.0.01710. It allows Remote Code Execution via a crafted sendmail command line. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-38193 |
CVE-2023-46055 | An issue in ThingNario Photon v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the ping function to the "thingnario Logger Maintenance Webpage" endpoint. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46055 |
CVE-2023-46067 | Cross-Site Request Forgery (CSRF) vulnerability in Qwerty23 Rocket Font plugin <= 1.2.3 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46067 |
CVE-2023-46078 | Cross-Site Request Forgery (CSRF) vulnerability in PluginEver WC Serial Numbers plugin <= 1.6.3 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46078 |
CVE-2023-46085 | Cross-Site Request Forgery (CSRF) vulnerability in Wpmet Wp Ultimate Review plugin <= 2.2.4 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46085 |
CVE-2023-46089 | Cross-Site Request Forgery (CSRF) vulnerability in Lee Le @ Userback Userback plugin <= 1.0.13 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46089 |
CVE-2023-46095 | Cross-Site Request Forgery (CSRF) vulnerability in Chetan Gole Smooth Scroll Links [SSL] plugin <= 1.1.0 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46095 |
CVE-2023-5246 | Authentication Bypass by Capture-replay in SICK Flexi Soft Gateways with Partnumbers 1044073, 1127717, 1130282, 1044074, 1121597, 1099832, 1051432, 1127487, 1069070, 1112296, 1044072, 1121596, 1099830 allows an unauthenticated remote attacker to potentially impact the availability, integrity and confidentiality of the gateways via an authentication bypass by capture-replay. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5246 |
CVE-2023-42295 | An issue in OpenImageIO oiio v.2.4.12.0 allows a remote attacker to execute arbitrary code and cause a denial of service via the read_rle_image function of file bifs/unquantize.c | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-42295 |
CVE-2023-33839 | IBM Security Verify Governance 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 256036. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-33839 |
CVE-2023-46602 | In International Color Consortium DemoIccMAX 79ecb74, there is a stack-based buffer overflow in the icFixXml function in IccXML/IccLibXML/IccUtilXml.cpp in libIccXML.a. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46602 |
CVE-2022-38484 | An arbitrary file upload and directory traversal vulnerability exist in the file upload functionality of the System Setup menu in AgeVolt Portal prior to version 0.1. A remote authenticated attacker could leverage this vulnerability to upload files to any location on the target operating system with web server privileges. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-38484 |
CVE-2023-26578 | Arbitrary file upload to web root in the IDAttend’s IDWeb application 3.1.013 allows authenticated attackers to upload dangerous files to web root such as ASP or ASPX, gaining command execution on the affected server. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26578 |
CVE-2023-37909 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 5.1-rc-1 and prior to versions 14.10.8 and 15.3-rc-1, any user who can edit their own user profile can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. This has been patched in XWiki 14.10.8 and 15.3-rc-1 by adding proper escaping. As a workaround, the patch can be manually applied to the document `Menu.UIExtensionSheet`; only three lines need to be changed. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-37909 |
CVE-2023-37912 | XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. Prior to version 14.10.6 of `org.xwiki.platform:xwiki-core-rendering-macro-footnotes` and `org.xwiki.platform:xwiki-rendering-macro-footnotes` and prior to version 15.1-rc-1 of `org.xwiki.platform:xwiki-rendering-macro-footnotes`, the footnote macro executed its content in a potentially different context than the one in which it was defined. In particular in combination with the include macro, this allows privilege escalation from a simple user account in XWiki to programming rights and thus remote code execution, impacting the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.6 and 15.1-rc-1. There is no workaround apart from upgrading to a fixed version of the footnote macro. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-37912 |
CVE-2023-5802 | Cross-Site Request Forgery (CSRF) vulnerability in Mihai Iova WordPress Knowledge base & Documentation Plugin – WP Knowledgebase plugin <= 1.3.4 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5802 |
CVE-2023-46449 | Sourcecodester Free and Open Source inventory management system v1.0 is vulnerable to Incorrect Access Control. An arbitrary user can change the password of another user and takeover the account via IDOR in the password change function. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46449 |
CVE-2023-46748 | An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which \n\nmay allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execute arbitrary system commands.\n\n Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46748 |
CVE-2023-40129 | In build_read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40129 |
CVE-2020-2099 | Jenkins 2.213 and earlier, LTS 2.204.1 and earlier improperly reuses encryption key parameters in the Inbound TCP Agent Protocol/3, allowing unauthorized attackers with knowledge of agent names to obtain the connection secrets for those agents, which can be used to connect to Jenkins, impersonating those agents. | 8.6 | https://nvd.nist.gov/vuln/detail/CVE-2020-2099 |
CVE-2023-4571 | In Splunk IT Service Intelligence (ITSI) versions below below 4.13.3, 4.15.3, or 4.17.1, a malicious actor can inject American National Standards Institute (ANSI) escape codes into Splunk ITSI log files that, when a vulnerable terminal application reads them, can run malicious code in the vulnerable application. This attack requires a user to use a terminal application that translates ANSI escape codes to read the malicious log file locally in the vulnerable terminal. The vulnerability also requires additional user interaction to succeed. \n\nThe vulnerability does not directly affect Splunk ITSI. The indirect impact on Splunk ITSI can vary significantly depending on the permissions in the vulnerable terminal application, as well as where and how the user reads the malicious log file. For example, users can copy the malicious file from Splunk ITSI and read it on their local machine. | 8.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-4571 |
CVE-2023-43345 | Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Content - Name parameter in the Pages Menu component. | 8.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-43345 |
CVE-2022-30945 | Jenkins Pipeline: Groovy Plugin 2689.v434009a_31b_f1 and earlier allows loading any Groovy source files on the classpath of Jenkins and Jenkins plugins in sandboxed pipelines. | 8.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30945 |
CVE-2023-22102 | Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.1.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Connectors, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). | 8.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-22102 |
CVE-2019-10446 | Jenkins Cadence vManager Plugin 2.7.0 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2019-10446 |
CVE-2019-16558 | Jenkins Spira Importer Plugin 3.2.3 and earlier disables SSL/TLS certificate validation for the Jenkins master JVM. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2019-16558 |
CVE-2022-36899 | Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-36899 |
CVE-2022-36900 | Jenkins Compuware zAdviser API Plugin 1.0.3 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-36900 |
CVE-2023-34441 | \n\n\nBaker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05\n\n contains a cleartext transmission vulnerability which could allow an attacker to \n\nsteal the authentication secret from communication traffic to the device and reuse it for arbitrary requests.\n\n | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-34441 |
CVE-2022-26942 | The Motorola MTM5000 series firmwares lack pointer validation on arguments passed to trusted execution environment (TEE) modules. Two modules are used, one responsible for KVL key management and the other for TETRA cryptographic functionality. In both modules, an adversary with non-secure supervisor level code execution can exploit the issue in order to gain secure supervisor code execution within the TEE. This constitutes a full break of the TEE module, exposing the device key as well as any TETRA cryptographic keys and the confidential TETRA cryptographic primitives. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-26942 |
CVE-2022-27813 | Motorola MTM5000 series firmwares lack properly configured memory protection of pages shared between the OMAP-L138 ARM and DSP cores. The SoC provides two memory protection units, MPU1 and MPU2, to enforce the trust boundary between the two cores. Since both units are left unconfigured by the firmwares, an adversary with control over either core can trivially gain code execution on the other, by overwriting code located in shared RAM or DDR2 memory regions. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-27813 |
CVE-2023-39732 | The leakage of the client secret in Tokueimaru_waiting Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-39732 |
CVE-2023-39733 | The leakage of the client secret in TonTon-Tei Line v13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-39733 |
CVE-2023-39734 | The leakage of the client secret in VISION MEAT WORKS TrackDiner10/10_mc Line v13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-39734 |
CVE-2023-39735 | The leakage of the client secret in Uomasa_Saiji_news Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-39735 |
CVE-2023-39736 | The leakage of the client secret in Fukunaga_memberscard Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-39736 |
CVE-2023-39737 | The leakage of the client secret in Matsuya Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-39737 |
CVE-2023-39739 | The leakage of the client secret in REGINA SWEETS&BAKERY Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-39739 |
CVE-2023-39740 | The leakage of the client secret in Onigiriya-musubee Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-39740 |
CVE-2019-1003011 | An information exposure and denial of service vulnerability exists in Jenkins Token Macro Plugin 2.5 and earlier in src/main/java/org/jenkinsci/plugins/tokenmacro/Parser.java, src/main/java/org/jenkinsci/plugins/tokenmacro/TokenMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/AbstractChangesSinceMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/ChangesSinceLastBuildMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/ProjectUrlMacro.java that allows attackers with the ability to control token macro input (such as SCM changelogs) to define recursive input that results in unexpected macro evaluation. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003011 |
CVE-2019-1003049 | Users who cached their CLI authentication before Jenkins was updated to 2.150.2 and newer, or 2.160 and newer, would remain authenticated in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, because the fix for CVE-2019-1003004 in these releases did not reject existing remoting-based CLI authentication caches. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003049 |
CVE-2019-10327 | An XML external entities (XXE) vulnerability in Jenkins Pipeline Maven Integration Plugin 1.7.0 and earlier allowed attackers able to control a temporary directory's content on the agent running the Maven build to have Jenkins parse a maliciously crafted XML file that uses external entities for extraction of secrets from the Jenkins master, server-side request forgery, or denial-of-service attacks. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-10327 |
CVE-2019-10462 | A cross-site request forgery vulnerability in Jenkins Dynatrace Application Monitoring Plugin 2.1.3 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-10462 |
CVE-2019-10466 | An XML external entities (XXE) vulnerability in Jenkins 360 FireLine Plugin allows attackers with Overall/Read access to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side request forgery, or denial-of-service attacks. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-10466 |
CVE-2019-16549 | Jenkins Maven Release Plugin 0.16.1 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks, allowing man-in-the-middle attackers to have Jenkins parse crafted XML documents. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-16549 |
CVE-2020-2091 | A missing permission check in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-2091 |
CVE-2020-2321 | A cross-site request forgery (CSRF) vulnerability in Jenkins Shelve Project Plugin 3.0 and earlier allows attackers to shelve, unshelve, or delete a project. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-2321 |
CVE-2021-21642 | Jenkins Config File Provider Plugin 3.7.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-21642 |
CVE-2021-21659 | Jenkins URLTrigger Plugin 0.48 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-21659 |
CVE-2021-21686 | File path filters in the agent-to-controller security subsystem of Jenkins 2.318 and earlier, LTS 2.303.2 and earlier do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-21686 |
CVE-2021-43578 | Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier implements an agent-to-controller message that does not implement any validation of its input, allowing attackers able to control agent processes to replace arbitrary files on the Jenkins controller file system with an attacker-controlled JSON string. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-43578 |
CVE-2022-23107 | Jenkins Warnings Next Generation Plugin 9.10.2 and earlier does not restrict the name of a file when configuring custom ID, allowing attackers with Item/Configure permission to write and read specific files with a hard-coded suffix on the Jenkins controller file system. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-23107 |
CVE-2022-28140 | Jenkins Flaky Test Handler Plugin 1.2.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-28140 |
CVE-2022-28154 | Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-28154 |
CVE-2022-28155 | Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-28155 |
CVE-2022-36881 | Jenkins Git client Plugin 3.11.0 and earlier does not perform SSH host key verification when connecting to Git repositories via SSH, enabling man-in-the-middle attacks. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-36881 |
CVE-2022-36921 | A missing permission check in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-36921 |
CVE-2022-32293 | In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HTTP query could be used to trigger a use-after-free in WISPR handling, leading to crashes or code execution. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-32293 |
CVE-2022-41243 | Jenkins SmallTest Plugin 1.0.4 and earlier does not perform hostname validation when connecting to the configured View26 server that could be abused using a man-in-the-middle attack to intercept these connections. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-41243 |
CVE-2022-41244 | Jenkins View26 Test-Reporting Plugin 1.0.7 and earlier does not perform hostname validation when connecting to the configured View26 server that could be abused using a man-in-the-middle attack to intercept these connections. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-41244 |
CVE-2022-3708 | The Web Stories plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including 1.24.0 due to insufficient validation of URLs supplied via the 'url' parameter found via the /v1/hotlink/proxy REST API Endpoint. This makes it possible for authenticated users to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-3708 |
CVE-2022-3979 | A vulnerability was found in NagVis up to 1.9.33 and classified as problematic. This issue affects the function checkAuthCookie of the file share/server/core/classes/CoreLogonMultisite.php. The manipulation of the argument hash leads to incorrect type conversion. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 1.9.34 is able to address this issue. The identifier of the patch is 7574fd8a2903282c2e0d1feef5c4876763db21d5. It is recommended to upgrade the affected component. The identifier VDB-213557 was assigned to this vulnerability. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-3979 |
CVE-2022-45381 | Jenkins Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of Apache Commons Configuration library that enable the 'file:' prefix interpolator by default, allowing attackers able to configure Pipelines to read arbitrary files from the Jenkins controller file system. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-45381 |
CVE-2023-4428 | Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-4428 |
CVE-2023-4761 | Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5845.179 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-4761 |
CVE-2023-41915 | OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-41915 |
CVE-2023-4853 | A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting in unauthorized endpoint access and possibly a denial of service. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-4853 |
CVE-2023-44154 | Sensitive information disclosure and manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-44154 |
CVE-2023-5212 | The AI ChatBot plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 4.8.9 as well as version 4.9.2. This makes it possible for authenticated attackers with subscriber privileges to delete arbitrary files on the server, which makes it possible to take over affected sites as well as others sharing the same hosting account. Version 4.9.1 originally addressed the issue, but it was reintroduced in 4.9.2 and fixed again in 4.9.3. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-5212 |
CVE-2023-5241 | The AI ChatBot for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.8.9 as well as 4.9.2 via the qcld_openai_upload_pagetraining_file function. This allows subscriber-level attackers to append "<?php" to any existing file on the server resulting in potential DoS when appended to critical files such as wp-config.php. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-5241 |
CVE-2022-24401 | Adversary-induced keystream re-use on TETRA air-interface encrypted traffic using any TEA keystream generator. IV generation is based upon several TDMA frame counters, which are frequently broadcast by the infrastructure in an unauthenticated manner. An active adversary can manipulate the view of these counters in a mobile station, provoking keystream re-use. By sending crafted messages to the MS and analyzing MS responses, keystream for arbitrary frames can be recovered. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-24401 |
CVE-2023-27791 | An issue found in IXP Data Easy Install 6.6.148840 allows a remote attacker to escalate privileges via insecure PRNG. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-27791 |
CVE-2020-36714 | The Brizy plugin for WordPress is vulnerable to authorization bypass due to a incorrect capability check on the is_administrator() function in versions up to, and including, 1.0.125. This makes it possible for authenticated attackers to access and interact with available AJAX functions. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-36714 |
CVE-2023-4386 | The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_posts function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-4386 |
CVE-2023-45662 | stb_image is a single file MIT licensed library for processing images. When `stbi_set_flip_vertically_on_load` is set to `TRUE` and `req_comp` is set to a number that doesn’t match the real number of components per pixel, the library attempts to flip the image vertically. A crafted image file can trigger `memcpy` out-of-bounds read because `bytes_per_pixel` used to calculate `bytes_per_row` doesn’t match the real image array dimensions. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-45662 |
CVE-2023-37910 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting with the introduction of attachment move support in version 14.0-rc-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, an attacker with edit access on any document (can be the user profile which is editable by default) can move any attachment of any other document to this attacker-controlled document. This allows the attacker to access and possibly publish any attachment of which the name is known, regardless if the attacker has view or edit rights on the source document of this attachment. Further, the attachment is deleted from the source document. This vulnerability has been patched in XWiki 14.4.8, 14.10.4, and 15.0 RC1. There is no workaround apart from upgrading to a fixed version. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-37910 |
CVE-2019-10300 | A cross-site request forgery vulnerability in Jenkins GitLab Plugin 1.5.11 and earlier in the GitLabConnectionConfig#doTestConnection form validation method allowed attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10300 |
CVE-2020-2196 | Jenkins Selenium Plugin 3.141.59 and earlier has no CSRF protection for its HTTP endpoints, allowing attackers to perform all administrative actions provided by the plugin. | 8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2196 |
CVE-2021-21604 | Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows attackers with permission to create or configure various objects to inject crafted content into Old Data Monitor that results in the instantiation of potentially unsafe objects once discarded by an administrator. | 8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21604 |
CVE-2021-21605 | Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows users with Agent/Configure permission to choose agent names that cause Jenkins to override the global `config.xml` file. | 8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21605 |
CVE-2021-21665 | A cross-site request forgery (CSRF) vulnerability in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins. | 8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21665 |
CVE-2022-27198 | A cross-site request forgery (CSRF) vulnerability in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token. | 8 | https://nvd.nist.gov/vuln/detail/CVE-2022-27198 |
CVE-2022-34792 | A cross-site request forgery (CSRF) vulnerability in Jenkins Recipe Plugin 1.2 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML. | 8 | https://nvd.nist.gov/vuln/detail/CVE-2022-34792 |
CVE-2022-36916 | A cross-site request forgery (CSRF) vulnerability in Jenkins Google Cloud Backup Plugin 0.6 and earlier allows attackers to request a manual backup. | 8 | https://nvd.nist.gov/vuln/detail/CVE-2022-36916 |
CVE-2022-41232 | A cross-site request forgery (CSRF) vulnerability in Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers to replace any config.xml file on the Jenkins controller file system with an empty file by providing a crafted file name to an API endpoint. | 8 | https://nvd.nist.gov/vuln/detail/CVE-2022-41232 |
CVE-2020-36650 | A vulnerability, which was classified as critical, was found in IonicaBizau node-gry up to 5.x. This affects an unknown part. The manipulation leads to command injection. Upgrading to version 6.0.0 is able to address this issue. The patch is named 5108446c1e23960d65e8b973f1d9486f9f9dbd6c. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-218019. | 8 | https://nvd.nist.gov/vuln/detail/CVE-2020-36650 |
CVE-2023-22934 | In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘pivot’ search processing language (SPL) command lets a search bypass SPL safeguards for risky commands using a saved search job. The vulnerability requires an authenticated user to craft the saved job and a higher privileged user to initiate a request within their browser. | 8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22934 |
CVE-2019-1003038 | An insufficiently protected credentials vulnerability exists in Jenkins Repository Connector Plugin 1.2.4 and earlier in src/main/java/org/jvnet/hudson/plugins/repositoryconnector/ArtifactDeployer.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/Repository.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/UserPwd.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the password stored in the plugin configuration. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003038 |
CVE-2019-1003048 | A vulnerability in Jenkins PRQA Plugin 3.1.0 and earlier allows attackers with local file system access to the Jenkins home directory to obtain the unencrypted password from the plugin configuration. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003048 |
CVE-2019-10453 | Jenkins Delphix Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10453 |
CVE-2019-10460 | Jenkins Bitbucket OAuth Plugin 0.9 and earlier stored credentials unencrypted in the global config.xml configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10460 |
CVE-2019-10461 | Jenkins Dynatrace Application Monitoring Plugin 2.1.3 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10461 |
CVE-2019-10476 | Jenkins Zulip Plugin 1.1.0 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10476 |
CVE-2020-15862 | Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-15862 |
CVE-2020-28243 | An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on the minion in a non-blacklisted directory. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-28243 |
CVE-2021-31607 | In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff function (which executes popen unsafely). | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-31607 |
CVE-2022-23220 | USBView 2.1 before 2.2 allows some local users (e.g., ones logged in via SSH) to execute arbitrary code as root because certain Polkit settings (e.g., allow_any=yes) for pkexec disable the authentication requirement. Code execution can, for example, use the --gtk-module option. This affects Ubuntu, Debian, and Gentoo. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-23220 |
CVE-2022-1215 | A format string vulnerability was found in libinput | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-1215 |
CVE-2021-44862 | Netskope client is impacted by a vulnerability where an authenticated, local attacker can view sensitive information stored in NSClient logs which should be restricted. The vulnerability exists because the sensitive information is not masked/scrubbed before writing in the logs. A malicious user can use the sensitive information to download data and impersonate another user.\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-44862 |
CVE-2022-47909 | Livestatus Query Language (LQL) injection in the AuthUser HTTP query header of Tribe29's Checkmk <= 2.1.0p11, Checkmk <= 2.0.0p28, and all versions of Checkmk 1.6.0 (EOL) allows an attacker to perform direct queries to the application's core from localhost. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-47909 |
CVE-2022-48321 | Limited Server-Side Request Forgery (SSRF) in agent-receiver in Tribe29's Checkmk <= 2.1.0p11 allows an attacker to communicate with local network restricted endpoints by use of the host registration API. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-48321 |
CVE-2023-1646 | A vulnerability was found in IObit Malware Fighter 9.4.0.776. It has been declared as critical. This vulnerability affects the function 0x8018E000/0x8018E004 in the library IMFCameraProtect.sys of the component IOCTL Handler. The manipulation leads to stack-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. VDB-224026 is the identifier assigned to this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1646 |
CVE-2023-2241 | A vulnerability, which was classified as critical, was found in PoDoFo 0.10.0. Affected is the function readXRefStreamEntry of the file PdfXRefStreamParserObject.cpp. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as 535a786f124b739e3c857529cecc29e4eeb79778. It is recommended to apply a patch to fix this issue. VDB-227226 is the identifier assigned to this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2241 |
CVE-2023-3111 | A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag(). | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-3111 |
CVE-2023-32434 | An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.5.2, macOS Big Sur 11.7.8, iOS 15.7.7 and iPadOS 15.7.7, macOS Monterey 12.6.7, watchOS 8.8.1, iOS 16.5.1 and iPadOS 16.5.1, macOS Ventura 13.4.1. An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-32434 |
CVE-2023-3090 | A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation.\n\nThe out-of-bounds write is caused by missing skb->cb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled.\n\n\nWe recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.\n\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-3090 |
CVE-2023-3389 | A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.\n\nRacing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.\n\nWe recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).\n\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-3389 |
CVE-2023-3609 | A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation.\n\nIf tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.\n\nWe recommend upgrading past commit 04c55383fa5689357bcdd2c8036725a55ed632bc.\n\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-3609 |
CVE-2023-3611 | An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation.\n\nThe qfq_change_agg() function in net/sched/sch_qfq.c allows an out-of-bounds write because lmax is updated according to packet sizes without bounds checks.\n\nWe recommend upgrading past commit 3e337087c3b5805fe0b8a46ba622a962880b5d64.\n\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-3611 |
CVE-2023-3776 | A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation.\n\nIf tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.\n\nWe recommend upgrading past commit 0323bce598eea038714f941ce2b22541c46d488f.\n\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-3776 |
CVE-2023-3997 | Splunk SOAR versions lower than 6.1.0 are indirectly affected by a potential vulnerability accessed through the user’s terminal. A third party can send Splunk SOAR a maliciously crafted web request containing special ANSI characters to cause log file poisoning. When a terminal user attempts to view the poisoned logs, this can tamper with the terminal and cause possible malicious code execution from the terminal user’s action. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-3997 |
CVE-2023-4004 | A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4004 |
CVE-2023-4128 | A use-after-free flaw was found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel. This flaw allows a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4128 |
CVE-2023-4734 | Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4734 |
CVE-2023-4735 | Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4735 |
CVE-2023-4736 | Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4736 |
CVE-2023-4738 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4738 |
CVE-2023-4751 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4751 |
CVE-2023-4733 | Use After Free in GitHub repository vim/vim prior to 9.0.1840. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4733 |
CVE-2023-4750 | Use After Free in GitHub repository vim/vim prior to 9.0.1857. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4750 |
CVE-2023-4752 | Use After Free in GitHub repository vim/vim prior to 9.0.1858. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4752 |
CVE-2023-4781 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4781 |
CVE-2023-4623 | A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation.\n\nIf a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curve, then init_vf() will call vttree_insert() on the parent, but vttree_remove() will be skipped in update_vf(). This leaves a dangling pointer that can cause a use-after-free.\n\nWe recommend upgrading past commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f.\n\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4623 |
CVE-2023-4921 | A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation.\n\nWhen the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfq_dequeue() due to the incorrect .peek handler of sch_plug and lack of error checking in agg_dequeue().\n\nWe recommend upgrading past commit 8fc134fee27f2263988ae38920bc03da416b03d8.\n\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4921 |
CVE-2023-34319 | The fix for XSA-423 added logic to Linux'es netback driver to deal with\na frontend splitting a packet in a way such that not all of the headers\nwould come in one piece. Unfortunately the logic introduced there\ndidn't account for the extreme case of the entire packet being split\ninto as many pieces as permitted by the protocol, yet still being\nsmaller than the area that's specially dealt with to keep all (possible)\nheaders together. Such an unusual packet would therefore trigger a\nbuffer overrun in the driver.\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-34319 |
CVE-2023-42753 | An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-42753 |
CVE-2023-37605 | Weak Exception Handling vulnerability in baramundi software GmbH EMM Agent 23.1.50 and before allows an attacker to cause a denial of service via a crafted request to the password parameter. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-37605 |
CVE-2023-42824 | The issue was addressed with improved checks. This issue is fixed in iOS 16.7.1 and iPadOS 16.7.1. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-42824 |
CVE-2023-43896 | A buffer overflow in Macrium Reflect 8.1.7544 and below allows attackers to escalate privileges or execute arbitrary code. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43896 |
CVE-2023-44824 | An issue in Expense Management System v.1.0 allows a local attacker to execute arbitrary code via a crafted file uploaded to the sign-up.php component. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44824 |
CVE-2023-20598 | \n\n\nAn improper privilege management in the AMD Radeon™ Graphics driver may allow an authenticated attacker to craft an IOCTL request to gain I/O control over arbitrary hardware ports or physical addresses resulting in a potential arbitrary code execution.\n\n\n\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-20598 |
CVE-2023-45811 | Synchrony deobfuscator is a javascript cleaner & deobfuscator. A `__proto__` pollution vulnerability exists in versions before v2.4.4. Successful exploitation could lead to arbitrary code execution. A `__proto__` pollution vulnerability exists in the `LiteralMap` transformer allowing crafted input to modify properties in the Object prototype. A fix has been released in `deobfuscator@2.4.4`. Users are advised to upgrade. Users unable to upgrade should launch node with the [--disable-proto=delete][disable-proto] or [--disable-proto=throw][disable-proto] flags\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45811 |
CVE-2023-43250 | XNSoft Nconvert 7.136 is vulnerable to Buffer Overflow. There is a User Mode Write AV via a crafted image file. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43250 |
CVE-2023-46009 | gifsicle-1.94 was found to have a floating point exception (FPE) vulnerability via resize_stream at src/xform.c. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46009 |
CVE-2023-26300 | A potential security vulnerability has been identified in the system BIOS for certain HP PC products which might allow escalation of privilege. HP is releasing firmware updates to mitigate the potential vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26300 |
CVE-2023-43802 | Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint `/upload` which handles request with the `filename` parameter. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can escalate their privileges to those of the user running the Arduino Create Agent service via a crafted HTTP POST request. This issue has been addressed in version `1.3.3`. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43802 |
CVE-2023-43800 | Arduino Create Agent is a package to help manage Arduino development. The vulnerability affects the endpoint `/v2/pkgs/tools/installed`. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can escalate his privileges to those of the user running the Arduino Create Agent service via a crafted HTTP POST request. This issue has been addressed in version `1.3.3`. Users are advised to upgrade. There are no known workarounds for this issue. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43800 |
CVE-2023-46228 | zchunk before 1.3.2 has multiple integer overflows via malformed zchunk files to lib/comp/comp.c, lib/comp/zstd/zstd.c, lib/dl/multipart.c, or lib/header.c. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46228 |
CVE-2023-43252 | XNSoft Nconvert 7.136 is vulnerable to Buffer Overflow via a crafted image file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43252 |
CVE-2023-45883 | A privilege escalation vulnerability exists within the Qumu Multicast Extension v2 before 2.0.63 for Windows. When a standard user triggers a repair of the software, a pop-up window opens with SYSTEM privileges. Standard users may use this to gain arbitrary code execution as SYSTEM. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45883 |
CVE-2023-35181 | The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. This vulnerability allows users to abuse incorrect folder permission resulting in Privilege Escalation. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-35181 |
CVE-2023-35183 | The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. This vulnerability allows authenticated users to abuse local resources to Privilege Escalation. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-35183 |
CVE-2023-43251 | XNSoft Nconvert 7.136 has an Exception Handler Chain Corrupted via a crafted image file. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43251 |
CVE-2023-35126 | An out-of-bounds write vulnerability exists within the parsers for both the "DocumentViewStyles" and "DocumentEditStyles" streams of Ichitaro 2023 1.0.1.59372 when processing types 0x0000-0x0009 of a style record with the type 0x2008. A specially crafted document can cause memory corruption, which can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-35126 |
CVE-2023-34366 | A use-after-free vulnerability exists in the Figure stream parsing functionality of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause memory corruption, resulting in arbitrary code execution. Victim would need to open a malicious file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-34366 |
CVE-2023-35986 | \nSante DICOM Viewer Pro lacks proper validation of user-supplied data when parsing DICOM files. This could lead to a stack-based buffer overflow. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.\n\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-35986 |
CVE-2023-38127 | An integer overflow exists in the "HyperLinkFrame" stream parser of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause the parser to make an under-sized allocation, which can later allow for memory corruption, potentially resulting in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-38127 |
CVE-2023-38128 | An out-of-bounds write vulnerability exists in the "HyperLinkFrame" stream parser of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause a type confusion, which can lead to memory corruption and eventually arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-38128 |
CVE-2023-39431 | \n\n\nSante DICOM Viewer Pro lacks proper validation of user-supplied data when parsing DICOM files. This could lead to an out-of-bounds write. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.\n\n\n\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-39431 |
CVE-2023-5059 | \n\n\n\n\nSantesoft Sante FFT Imaging lacks proper validation of user-supplied data when parsing DICOM files. This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5059 |
CVE-2023-27792 | An issue found in IXP Data Easy Install v.6.6.14884.0 allows an attacker to escalate privileges via lack of permissions applied to sub directories. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27792 |
CVE-2023-27793 | An issue discovered in IXP Data Easy Install v.6.6.14884.0 allows local attackers to gain escalated privileges via weak encoding of sensitive information. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27793 |
CVE-2023-27795 | An issue found in IXP Data Easy Install v.6.6.14884.0 allows a local attacker to gain privileges via a static XOR key. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27795 |
CVE-2023-30132 | An issue discovered in IXP Data EasyInstall 6.6.14907.0 allows attackers to gain escalated privileges via static Cryptographic Key. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30132 |
CVE-2023-41898 | Home assistant is an open source home automation. The Home Assistant Companion for Android app up to version 2023.8.2 is vulnerable to arbitrary URL loading in a WebView. This enables all sorts of attacks, including arbitrary JavaScript execution, limited native code execution, and credential theft. This issue has been patched in version 2023.9.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as GitHub Security Lab (GHSL) Vulnerability Report: `GHSL-2023-142`. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41898 |
CVE-2023-34052 | VMware Aria Operations for Logs contains a deserialization vulnerability. A malicious actor with non-administrative access to the local system can trigger the deserialization of data which could result in authentication bypass.\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-34052 |
CVE-2023-46277 | please (aka pleaser) through 0.5.4 allows privilege escalation through the TIOCSTI and/or TIOCLINUX ioctl. (If both TIOCSTI and TIOCLINUX are disabled, this cannot be exploited.) | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46277 |
CVE-2023-40361 | SECUDOS Qiata (DOMOS OS) 4.13 has Insecure Permissions for the previewRm.sh daily cronjob. To exploit this, an attacker needs access as a low-privileged user to the underlying DOMOS system. Every user on the system has write permission for previewRm.sh, which is executed by the root user. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40361 |
CVE-2023-5523 | Execution of downloaded content flaw in M-Files Web Companion before release version 23.10 and LTS Service Release Versions before 23.8 LTS SR1 allows \n\nRemote Code Execution \n\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5523 |
CVE-2023-34045 | VMware Fusion(13.x prior to 13.5) contains a local privilege escalation vulnerability that occurs during \ninstallation for the first time (the user needs to drag or copy the \napplication to a folder from the '.dmg' volume) or when installing an \nupgrade. A malicious actor with local non-administrative user privileges may \nexploit this vulnerability to escalate privileges to root on the system \nwhere Fusion is installed or being installed for the first time. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-34045 |
CVE-2023-3487 | \nAn integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and earlier allows unbounded memory access when reading from or writing to storage slots.\n\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-3487 |
CVE-2023-45805 | pdm is a Python package and dependency manager supporting the latest PEP standards. It's possible to craft a malicious `pdm.lock` file that could allow e.g. an insider or a malicious open source project to appear to depend on a trusted PyPI project, but actually install another project. A project `foo` can be targeted by creating the project `foo-2` and uploading the file `foo-2-2.tar.gz` to pypi.org. PyPI will see this as project `foo-2` version `2`, while PDM will see this as project `foo` version `2-2`. The version must only be `parseable as a version` and the filename must be a prefix of the project name, but it's not verified to match the version being installed. Version `2-2` is also not a valid normalized version per PEP 440. Matching the project name exactly (not just prefix) would fix the issue. When installing dependencies with PDM, what's actually installed could differ from what's listed in `pyproject.toml` (including arbitrary code execution on install). It could also be used for downgrade attacks by only changing the version. This issue has been addressed in commit `6853e2642df` which is included in release version `2.9.4`. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45805 |
CVE-2023-45675 | stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[len] = (char)'\\0';`. The root cause is that if the len read in `start_decoder` is `-1` and `len + 1` becomes 0 when passed to `setup_malloc`. The `setup_malloc` behaves differently when `f->alloc.alloc_buffer` is pre-allocated. Instead of returning `NULL` as in `malloc` case it shifts the pre-allocated buffer by zero and returns the currently available memory block. This issue may lead to code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45675 |
CVE-2023-45676 | stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[i] = get8_packet(f);`. The root cause is an integer overflow in `setup_malloc`. A sufficiently large value in the variable `sz` overflows with `sz+7` in and the negative value passes the maximum available memory buffer check. This issue may lead to code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45676 |
CVE-2023-45677 | stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[len] = (char)'\\0';`. The root cause is that if `len` read in `start_decoder` is a negative number and `setup_malloc` successfully allocates memory in that case, but memory write is done with a negative index `len`. Similarly if len is INT_MAX the integer overflow len+1 happens in `f->vendor = (char*)setup_malloc(f, sizeof(char) * (len+1));` and `f->comment_list[i] = (char*)setup_malloc(f, sizeof(char) * (len+1));`. This issue may lead to code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45677 |
CVE-2023-45678 | stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of buffer write in `start_decoder` because at maximum `m->submaps` can be 16 but `submap_floor` and `submap_residue` are declared as arrays of 15 elements. This issue may lead to code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45678 |
CVE-2023-45679 | stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, but some of the pointers in `f->comment_list` are left initialized and later `setup_free` is called on these pointers in `vorbis_deinit`. This issue may lead to code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45679 |
CVE-2023-45681 | stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory write past an allocated heap buffer in `start_decoder`. The root cause is a potential integer overflow in `sizeof(char*) * (f->comment_list_length)` which may make `setup_malloc` allocate less memory than required. Since there is another integer overflow an attacker may overflow it too to force `setup_malloc` to return 0 and make the exploit more reliable. This issue may lead to code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45681 |
CVE-2021-26735 | The Zscaler Client Connector Installer and Unsintallers for Windows prior to 3.6 had an unquoted search path vulnerability. A local adversary may be able to execute code with SYSTEM privileges.\n\n\n\n\n\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-26735 |
CVE-2021-26736 | Multiple vulnerabilities in the Zscaler Client Connector Installer and Uninstaller for Windows prior to 3.6 allowed execution of binaries from a low privileged path. A local adversary may be able to execute code with SYSTEM privileges.\n\n\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-26736 |
CVE-2021-26738 | Zscaler Client Connector for macOS prior to 3.7 had an unquoted search path vulnerability via the PATH variable. A local adversary may be able to execute code with root privileges.\n\n\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-26738 |
CVE-2023-28793 | Buffer overflow vulnerability in the signelf library used by Zscaler Client Connector on Linux allows Code Injection. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6.\n\n\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28793 |
CVE-2023-28795 | Origin Validation Error vulnerability in Zscaler Client Connector on Linux allows Inclusion of Code in Existing Process. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6.\n\n\n\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28795 |
CVE-2023-28796 | \nImproper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows Code Injection. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6.\n\n\n\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28796 |
CVE-2023-43066 | \nDell Unity prior to 5.3 contains a Restricted Shell Bypass vulnerability. This could allow an authenticated, local attacker to exploit this vulnerability by authenticating to the device CLI and issuing certain commands.\n\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43066 |
CVE-2023-46603 | In International Color Consortium DemoIccMAX 79ecb74, there is an out-of-bounds read in the CIccPRMG::GetChroma function in IccProfLib/IccPrmg.cpp in libSampleICC.a. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46603 |
CVE-2022-3699 | \nA privilege escalation vulnerability was reported in the Lenovo HardwareScanPlugin prior to version 1.3.1.2 and Lenovo Diagnostics prior to version 4.45\n\n\n\n that could allow a local user to execute code with elevated privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-3699 |
CVE-2023-3112 | A vulnerability was reported in Elliptic Labs Virtual Lock Sensor for ThinkPad T14 Gen 3 that could allow an attacker with local access to execute code with elevated privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-3112 |
CVE-2023-45555 | File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker to execute arbitrary code via a crafted file to the down_url function in zzz.php file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45555 |
CVE-2023-40116 | In onTaskAppeared of PipTaskOrganizer.java, there is a possible way to bypass background activity launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40116 |
CVE-2023-40117 | In resetSettingsLocked of SettingsProvider.java, there is a possible lockscreen bypass due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40117 |
CVE-2023-40120 | In multiple locations, there is a possible way to bypass user notification of foreground services due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40120 |
CVE-2023-40125 | In onCreate of ApnEditor.java, there is a possible way for a Guest user to change the APN due to a permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40125 |
CVE-2023-40128 | In several functions of xmlregexp.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40128 |
CVE-2023-40130 | In onBindingDied of CallRedirectionProcessor.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege and background activity launch with no additional execution privileges needed. User interaction is not needed for exploitation. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40130 |
CVE-2023-46468 | An issue in juzawebCMS v.3.4 and before allows a remote attacker to execute arbitrary code via a crafted file to the custom plugin function. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46468 |
CVE-2020-2108 | Jenkins WebSphere Deployer Plugin 1.6.1 and earlier does not configure the XML parser to prevent XXE attacks which can be exploited by a user with Job/Configure permissions. | 7.6 | https://nvd.nist.gov/vuln/detail/CVE-2020-2108 |
CVE-2019-1003043 | A missing permission check in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003043 |
CVE-2019-10330 | Jenkins Gitea Plugin 1.1.1 and earlier did not implement trusted revisions, allowing attackers without commit access to the Git repo to change Jenkinsfiles even if Jenkins is configured to consider them to be untrusted. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10330 |
CVE-2019-10337 | An XML external entities (XXE) vulnerability in Jenkins Token Macro Plugin 2.7 and earlier allowed attackers able to control a the content of the input file for the "XML" macro to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side request forgery, or denial-of-service attacks. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10337 |
CVE-2019-10353 | CSRF tokens in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier did not expire, thereby allowing attackers able to obtain them to bypass CSRF protection. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10353 |
CVE-2019-10371 | A session fixation vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows unauthorized attackers to impersonate another user if they can control the pre-authentication session. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10371 |
CVE-2019-10381 | Jenkins Codefresh Integration Plugin 1.8 and earlier disables SSL/TLS and hostname verification globally for the Jenkins master JVM. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10381 |
CVE-2019-10411 | Jenkins Inedo BuildMaster Plugin 2.4.0 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10411 |
CVE-2019-10412 | Jenkins Inedo ProGet Plugin 1.2 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10412 |
CVE-2019-10428 | Jenkins Aqua Security Scanner Plugin 3.0.17 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10428 |
CVE-2019-10434 | Jenkins LDAP Email Plugin transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10434 |
CVE-2019-10435 | Jenkins SourceGear Vault Plugin transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10435 |
CVE-2020-2114 | Jenkins S3 publisher Plugin 0.11.4 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2114 |
CVE-2020-2165 | Jenkins Artifactory Plugin 3.6.0 and earlier transmits configured passwords in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2165 |
CVE-2020-2232 | Jenkins Email Extension Plugin 2.72 and 2.73 transmits and displays the SMTP password in plain text as part of the global Jenkins configuration form, potentially resulting in its exposure. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2232 |
CVE-2020-25648 | A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-25648 |
CVE-2020-2322 | Jenkins Chaos Monkey Plugin 0.3 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to generate load and to generate memory leaks. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2322 |
CVE-2020-2324 | Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2324 |
CVE-2021-21671 | Jenkins 2.299 and earlier, LTS 2.289.1 and earlier does not invalidate the previous session on login. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-21671 |
CVE-2021-21996 | An issue was discovered in SaltStack Salt before 3003.3. A user who has control of the source, and source_hash URLs can gain full file system access as root on a salt minion. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-21996 |
CVE-2021-21688 | The agent-to-controller security check FilePath#reading(FileVisitor) in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not reject any operations, allowing users to have unrestricted read access using certain operations (creating archives, FilePath#copyRecursiveTo). | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-21688 |
CVE-2021-21698 | Jenkins Subversion Plugin 2.15.0 and earlier does not restrict the name of a file when looking up a subversion key file on the controller from an agent. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-21698 |
CVE-2021-4104 | JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-4104 |
CVE-2022-23116 | Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to decrypt secrets stored in Jenkins obtained through another method. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-23116 |
CVE-2022-23117 | Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to retrieve all username/password credentials stored on the Jenkins controller. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-23117 |
CVE-2022-23098 | An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation has an infinite loop if no data is received. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-23098 |
CVE-2022-0538 | Jenkins 2.333 and earlier, LTS 2.319.2 and earlier defines custom XStream converters that have not been updated to apply the protections for the vulnerability CVE-2021-43859 and allow unconstrained resource usage. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-0538 |
CVE-2022-28142 | Jenkins Proxmox Plugin 0.6.0 and earlier disables SSL/TLS certificate validation globally for the Jenkins controller JVM when configured to ignore SSL/TLS issues. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-28142 |
CVE-2022-29534 | An issue was discovered in MISP before 2.4.158. In UsersController.php, password confirmation can be bypassed via vectors involving an "Accept: application/json" header. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-29534 |
CVE-2022-30947 | Jenkins Git Plugin 4.11.1 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30947 |
CVE-2022-30948 | Jenkins Mercurial Plugin 2.16 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30948 |
CVE-2022-34174 | In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts with a valid username and wrong password, when using the Jenkins user database security realm. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34174 |
CVE-2022-34175 | Jenkins 2.335 through 2.355 (both inclusive) allows attackers in some cases to bypass a protection mechanism, thereby directly accessing some view fragments containing sensitive information, bypassing any permission checks in the corresponding view. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34175 |
CVE-2022-34177 | Jenkins Pipeline: Input Step Plugin 448.v37cea_9a_10a_70 and earlier archives files uploaded for `file` parameters for Pipeline `input` steps on the controller as part of build metadata, using the parameter name without sanitization as a relative path inside a build-related directory, allowing attackers able to configure Pipelines to create or replace arbitrary files on the Jenkins controller file system with attacker-specified content. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34177 |
CVE-2022-34179 | Jenkins Embeddable Build Status Plugin 2.0.3 and earlier allows specifying a `style` query parameter that is used to choose a different SVG image style without restricting possible values, resulting in a relative path traversal vulnerability that allows attackers without Overall/Read permission to specify paths to other SVG images on the Jenkins controller file system. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34179 |
CVE-2022-34180 | Jenkins Embeddable Build Status Plugin 2.0.3 and earlier does not correctly perform the ViewStatus permission check in the HTTP endpoint it provides for "unprotected" status badge access, allowing attackers without any permissions to obtain the build status badge icon for any attacker-specified job and/or build. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34180 |
CVE-2022-36883 | A missing permission check in Jenkins Git Plugin 4.11.3 and earlier allows unauthenticated attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-36883 |
CVE-2022-40146 | Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-40146 |
CVE-2022-43415 | Jenkins REPO Plugin 1.15.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-43415 |
CVE-2022-43429 | Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to read arbitrary files on the Jenkins controller file system. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-43429 |
CVE-2022-43430 | Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-43430 |
CVE-2022-39018 | \nBroken access controls on PDFtron data in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to access restricted PDF files via a known URL.\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-39018 |
CVE-2022-39019 | \nBroken access controls on PDFtron WebviewerUI in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to upload malicious files to the application server.\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-39019 |
CVE-2022-3059 | \nThe application was vulnerable to multiple instances of SQL injection (authenticated and unauthenticated) through a vulnerable parameter. Due to the stacked query support, complex SQL commands could be crafted and injected into the vulnerable parameter and using a sleep based inferential SQL injection it was possible to extract data from the database.\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-3059 |
CVE-2022-38666 | Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.146 and earlier unconditionally disables SSL/TLS certificate and hostname validation for several features. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-38666 |
CVE-2022-45379 | Jenkins Script Security Plugin 1189.vb_a_b_7c8fd5fde and earlier stores whole-script approvals as the SHA-1 hash of the script, making it vulnerable to collision attacks. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-45379 |
CVE-2022-45385 | A missing permission check in Jenkins CloudBees Docker Hub/Registry Notification Plugin 2.6.2 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-45385 |
CVE-2022-45388 | Jenkins Config Rotator Plugin 2.0.1 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing unauthenticated attackers to read arbitrary files with '.xml' extension on the Jenkins controller file system. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-45388 |
CVE-2022-45391 | Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier globally and unconditionally disables SSL/TLS certificate and hostname validation for the entire Jenkins controller JVM. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-45391 |
CVE-2022-36785 | \nD-Link – G integrated Access Device4 Information Disclosure & Authorization Bypass.\n*Information Disclosure – \nfile contains a URL with private IP at line 15 "login.asp" A. The\nwindow.location.href = http://192.168.1.1/setupWizard.asp" http://192.168.1.1/setupWizard.asp" ;\n"admin" – contains default username value "login.asp" B. While accessing the web interface, the login form at \n\n*Authorization Bypass – \nURL by "setupWizard.asp' while it blocks direct access to – the web interface does not properly validate user identity variables values located at the client side, it is available to access it without a "login_glag" and "login_status" checking browser and to read the admin user credentials for the web interface.\n\n\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-36785 |
CVE-2022-30122 | A possible denial of service vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 in the multipart parsing component of Rack. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30122 |
CVE-2022-4869 | A vulnerability was found in Evolution Events Artaxerxes. It has been declared as problematic. This vulnerability affects unknown code of the file arta/common/middleware.py of the component POST Parameter Handler. The manipulation of the argument password leads to information disclosure. The attack can be initiated remotely. The patch is identified as 022111407d34815c16c6eada2de69ca34084dc0d. It is recommended to apply a patch to fix this issue. VDB-217438 is the identifier assigned to this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-4869 |
CVE-2022-4879 | A vulnerability was found in Forged Alliance Forever up to 3746. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Vote Handler. The manipulation leads to improper authorization. Upgrading to version 3747 is able to address this issue. The patch is named 6880971bd3d73d942384aff62d53058c206ce644. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217555. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-4879 |
CVE-2018-25074 | A vulnerability was found in Prestaul skeemas and classified as problematic. This issue affects some unknown processing of the file validators/base.js. The manipulation of the argument uri leads to inefficient regular expression complexity. The patch is named 65e94eda62dc8dc148ab3e59aa2ccc086ac448fd. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218003. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-25074 |
CVE-2018-25079 | A vulnerability was found in Segmentio is-url up to 1.2.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely. Upgrading to version 1.2.3 is able to address this issue. The patch is identified as 149550935c63a98c11f27f694a7c4a9479e53794. It is recommended to upgrade the affected component. VDB-220058 is the identifier assigned to this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-25079 |
CVE-2023-0705 | Integer overflow in Core in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who had one a race condition to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0705 |
CVE-2019-25102 | A vulnerability, which was classified as problematic, was found in simple-markdown 0.6.0. Affected is an unknown function of the file simple-markdown.js. The manipulation with the input <<<<<<<<<<:/:/:/:/:/:/:/:/:/:/ leads to inefficient regular expression complexity. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.6.1 is able to address this issue. The patch is identified as 015a719bf5cdc561feea05500ecb3274ef609cd2. It is recommended to upgrade the affected component. VDB-220638 is the identifier assigned to this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-25102 |
CVE-2019-25103 | A vulnerability has been found in simple-markdown 0.5.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file simple-markdown.js. The manipulation leads to inefficient regular expression complexity. The attack can be launched remotely. Upgrading to version 0.5.2 is able to address this issue. The patch is named 89797fef9abb4cab2fb76a335968266a92588816. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220639. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-25103 |
CVE-2023-22941 | In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, an improperly-formatted ‘INGEST_EVAL’ parameter in a Field Transformation crashes the Splunk daemon (splunkd). | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-22941 |
CVE-2019-25104 | A vulnerability has been found in rtcwcoop 1.0.2 and classified as problematic. Affected by this vulnerability is the function AICast_ScriptLoad of the file code/game/ai_cast_script.c of the component Team Command Handler. The manipulation leads to denial of service. The identifier of the patch is f2cd18bc2e1cbca8c4b78bee9c392272bd5f42ac. It is recommended to apply a patch to fix this issue. The identifier VDB-221485 was assigned to this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-25104 |
CVE-2023-0053 | SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and \nprior and BACnetstac version 4.2.1 and prior have only FTP and Telnet \navailable for device management. Any sensitive information communicated \nthrough these protocols, such as credentials, is sent in cleartext. An \nattacker could obtain sensitive information such as user credentials to \ngain access to the system. \n\n\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0053 |
CVE-2023-27857 | \n In affected versions, a heap-based buffer over-read condition occurs when the message field indicates more data than is present in the message field\n\n\n\n in Rockwell Automation's ThinManager ThinServer. An unauthenticated remote attacker can exploit this vulnerability to crash ThinServer.exe due to a read access violation.\n\n\n\n \n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-27857 |
CVE-2023-31490 | An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_attr_psid_sub() function. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-31490 |
CVE-2023-32067 | c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-32067 |
CVE-2023-37307 | In MISP before 2.4.172, title_for_layout is not properly sanitized in Correlations, CorrelationExclusions, and Layouts. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-37307 |
CVE-2023-3635 | GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client when handling a crafted GZIP archive, by using the GzipSource class.\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-3635 |
CVE-2023-38403 | iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-38403 |
CVE-2023-39533 | go-libp2p is the Go implementation of the libp2p Networking Stack. Prior to versions 0.27.8, 0.28.2, and 0.29.1 malicious peer can use large RSA keys to run a resource exhaustion attack & force a node to spend time doing signature verification of the large key. This vulnerability is present in the core/crypto module of go-libp2p and can occur during the Noise handshake and the libp2p x509 extension verification step. To prevent this attack, go-libp2p versions 0.27.8, 0.28.2, and 0.29.1 restrict RSA keys to <= 8192 bits. To protect one's application, it is necessary to update to these patch releases and to use the updated Go compiler in 1.20.7 or 1.19.12. There are no known workarounds for this issue. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-39533 |
CVE-2023-3823 | In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling appropriate function. However, since the state is process-global, other modules - such as ImageMagick - may also use this library within the same process, and change that global state for their internal purposes, and leave it in a state where external entities loading is enabled. This can lead to the situation where external XML is parsed with external entities loaded, which can lead to disclosure of any local files accessible to PHP. This vulnerable state may persist in the same process across many requests, until the process is shut down. \n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-3823 |
CVE-2023-41358 | An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attribute length is zero. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-41358 |
CVE-2023-38802 | FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation). | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-38802 |
CVE-2023-20900 | A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html . | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-20900 |
CVE-2023-41909 | An issue was discovered in FRRouting FRR through 9.0. bgp_nlri_parse_flowspec in bgpd/bgp_flowspec.c processes malformed requests with no attributes, leading to a NULL pointer dereference. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-41909 |
CVE-2023-20191 | A vulnerability in the access control list (ACL) processing on MPLS interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incomplete support for this feature. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an ACL on the affected device.There are workarounds that address this vulnerability.\r\n\r \r\n\r \r This advisory is part of the September 2023 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2023 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication . | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-20191 |
CVE-2023-43783 | Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/cadence-wineasio.reg Temporary File. The filename is used even if it has been created by a local adversary before Cadence started. The adversary can leverage this to create or overwrite files via a symlink attack. In some kernel configurations, code injection into the Wine registry is possible. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43783 |
CVE-2023-3223 | A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-3223 |
CVE-2023-43615 | Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43615 |
CVE-2023-44487 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-44487 |
CVE-2023-4966 | Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server. \n\n\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-4966 |
CVE-2020-27213 | An issue was discovered in Ethernut Nut/OS 5.1. The code that generates Initial Sequence Numbers (ISNs) for TCP connections derives the ISN from an insufficiently random source. As a result, an attacker may be able to determine the ISN of current and future TCP connections and either hijack existing ones or spoof future ones. While the ISN generator seems to adhere to RFC 793 (where a global 32-bit counter is incremented roughly every 4 microseconds), proper ISN generation should aim to follow at least the specifications outlined in RFC 6528. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-27213 |
CVE-2023-36478 | Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to\nexceed their size limit. `MetaDataBuilder.java` determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded. However, when length is very large and huffman is true, the multiplication by 4 in line 295\nwill overflow, and length will become negative. `(_size+length)` will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. Users of HTTP/2 can be impacted by a remote denial of service attack. The issue has been fixed in versions 11.0.16, 10.0.16, and 9.4.53. There are no known workarounds. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-36478 |
CVE-2023-39325 | A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-39325 |
CVE-2023-43121 | A Directory Traversal vulnerability discovered in Chalet application in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, before 22.7, and before 31.7.2 allows attackers to read arbitrary files. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43121 |
CVE-2023-45810 | OpenFGA is a flexible authorization/permission engine built for developers and inspired by Google Zanzibar. Affected versions of OpenFGA are vulnerable to a denial of service attack. When a number of `ListObjects` calls are executed, in some scenarios, those calls are not releasing resources even after a response has been sent, and given a sufficient call volume the service as a whole becomes unresponsive. This issue has been addressed in version 1.3.4 and the upgrade is considered backwards compatible. There are no known workarounds for this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-45810 |
CVE-2023-5552 | A password disclosure vulnerability in the Secure PDF eXchange (SPX) feature allows attackers with full email access to decrypt PDFs in Sophos Firewall version 19.5 MR3 (19.5.3) and older, if the password type is set to “Specified by sender”. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5552 |
CVE-2023-38552 | When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node's policy implementation, thus effectively disabling the integrity check.\nImpacts:\nThis vulnerability affects all users using the experimental policy mechanism in all active release lines: 18.x and, 20.x.\nPlease note that at the time this CVE was issued, the policy mechanism is an experimental feature of Node.js. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-38552 |
CVE-2023-39331 | A previously disclosed vulnerability (CVE-2023-30584) was patched insufficiently in commit 205f1e6. The new path traversal vulnerability arises because the implementation does not protect itself against the application overwriting built-in utility functions with user-defined implementations.\n\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-39331 |
CVE-2023-42319 | Geth (aka go-ethereum) through 1.13.4, when --http --graphql is used, allows remote attackers to cause a denial of service (memory consumption and daemon hang) via a crafted GraphQL query. NOTE: the vendor's position is that the "graphql endpoint [is not] designed to withstand attacks by hostile clients, nor handle huge amounts of clients/traffic. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-42319 |
CVE-2023-5632 | In Eclipse Mosquito before and including 2.0.5, establishing a connection to the mosquitto server without sending data causes the EPOLLOUT event to be added, which results excessive CPU consumption. This could be used by a malicious actor to perform denial of service type attack. This issue is fixed in 2.0.6\n\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5632 |
CVE-2023-45727 | Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and earlier allow a remote unauthenticated attacker to conduct XML External Entity (XXE) attacks. By processing a specially crafted request containing malformed XML data, arbitrary files on the server containing account information may be read by the attacker. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-45727 |
CVE-2023-45383 | In the module "SoNice etiquetage" (sonice_etiquetage) up to version 2.5.9 from Common-Services for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack. Due to a lack of permissions control and a lack of control in the path name construction, a guest can perform a path traversal to view all files on the information system. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-45383 |
CVE-2023-30911 | HPE Integrated Lights-Out 5, and Integrated Lights-Out 6 using iLOrest may cause denial of service. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-30911 |
CVE-2023-45912 | WIPOTEC GmbH ComScale v4.3.29.21344 and v4.4.12.723 fails to validate user sessions, allowing unauthenticated attackers to read files from the underlying operating system and obtain directory listings. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-45912 |
CVE-2023-35656 | In multiple functions of protocolembmsadapter.cpp, there is a possible out\n of bounds read due to a missing bounds check. This could lead to remote\n information disclosure with no additional execution privileges needed. User\n interaction is not needed for exploitation. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-35656 |
CVE-2023-35663 | In Init of protocolnetadapter.cpp, there is a possible out of bounds read\n due to a missing bounds check. This could lead to remote information\n disclosure with no additional execution privileges needed. User interaction\n is not needed for exploitation. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-35663 |
CVE-2023-45813 | Torbot is an open source tor network intelligence tool. In affected versions the `torbot.modules.validators.validate_link function` uses the python-validators URL validation regex. This particular regular expression has an exponential complexity which allows an attacker to cause an application crash using a well-crafted argument. An attacker can use a well-crafted URL argument to exploit the vulnerability in the regular expression and cause a Denial of Service on the system. The validators file has been removed in version 4.0.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-45813 |
CVE-2023-45812 | The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation. Affected versions are subject to a Denial-of-Service (DoS) type vulnerability which causes the Router to panic and terminate when a multi-part response is sent. When users send queries to the router that uses the `@defer` or Subscriptions, the Router will panic. To be vulnerable, users of Router must have a coprocessor with `coprocessor.supergraph.response` configured in their `router.yaml` and also to support either `@defer` or Subscriptions. Apollo Router version 1.33.0 has a fix for this vulnerability which was introduced in PR #4014. Users are advised to upgrade. Users unable to upgrade should avoid using the coprocessor supergraph response or disable defer and subscriptions support and continue to use the coprocessor supergraph response. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-45812 |
CVE-2023-34437 | \n\n\nBaker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05\n\n contains a vulnerability in their password retrieval functionality which could allow an attacker to access passwords stored on the device. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-34437 |
CVE-2023-5204 | The ChatBot plugin for WordPress is vulnerable to SQL Injection via the $strid parameter in versions up to, and including, 4.8.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5204 |
CVE-2022-24402 | The TETRA TEA1 keystream generator implements a key register initialization function that compresses the 80-bit key to only 32 bits for usage during the keystream generation phase, which is insufficient to safeguard against exhaustive search attacks. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-24402 |
CVE-2022-24404 | Lack of cryptographic integrity check on TETRA air-interface encrypted traffic. Since a stream cipher is employed, this allows an active adversary to manipulate cleartext data in a bit-by-bit fashion. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-24404 |
CVE-2023-46227 | \nDeserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.\n\nThis issue affects Apache InLong: from 1.4.0 through 1.8.0, the attacker can use \\t to bypass. Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick [1] to solve it.\n\n[1] https://github.com/apache/inlong/pull/8814 \n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-46227 |
CVE-2023-45277 | Yamcs 5.8.6 is vulnerable to directory traversal (issue 1 of 2). The vulnerability is in the storage functionality of the API and allows one to escape the base directory of the buckets, freely navigate system directories, and read arbitrary files. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-45277 |
CVE-2023-45823 | Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which by using symbolic links in certain kinds of repositories loaded into Artifact Hub, it was possible to read internal files. Artifact Hub indexes content from a variety of sources, including git repositories. When processing git based repositories, Artifact Hub clones the repository and, depending on the artifact kind, reads some files from it. During this process, in some cases, no validation was done to check if the file was a symbolic link. This made possible to read arbitrary files in the system, potentially leaking sensitive information. This issue has been resolved in version `1.16.0`. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-45823 |
CVE-2023-44690 | Inadequate encryption strength in mycli 1.27.0 allows attackers to view sensitive information via /mycli/config.py | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-44690 |
CVE-2023-4668 | The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the ai-debug-processing-fe URL parameter. This can allow unauthenticated attackers to extract sensitive data including installed plugins (present and active), active theme, various plugin settings, WordPress version, as well as some server settings such as memory limit, installation paths. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-4668 |
CVE-2023-32786 | In Langchain through 0.0.155, prompt injection allows an attacker to force the service to retrieve data from an arbitrary URL, essentially providing SSRF and potentially injecting content into downstream tasks. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-32786 |
CVE-2023-45667 | stb_image is a single file MIT licensed library for processing images.\n\nIf `stbi__load_gif_main` in `stbi_load_gif_from_memory` fails it returns a null pointer and may keep the `z` variable uninitialized. In case the caller also sets the flip vertically flag, it continues and calls `stbi__vertical_flip_slices` with the null pointer result value and the uninitialized `z` value. This may result in a program crash. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-45667 |
CVE-2023-5132 | The Soisy Pagamento Rateale plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the parseRemoteRequest function in versions up to, and including, 6.0.1. This makes it possible for unauthenticated attackers with knowledge of an existing WooCommerce Order ID to expose sensitive WooCommerce order information (e.g., Name, Address, Email Address, and other order metadata). | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5132 |
CVE-2023-38275 | IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in container images which could lead to further attacks against the system. IBM X-Force ID: 260730. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-38275 |
CVE-2023-38276 | IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in environment variables which could aid in further attacks against the system. IBM X-Force ID: 260736. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-38276 |
CVE-2023-46298 | Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via that CDN. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-46298 |
CVE-2023-46303 | link_to_local_path in ebooks/conversion/plugins/html_input.py in calibre before 6.19.0 can, by default, add resources outside of the document root. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-46303 |
CVE-2023-46315 | The zanllp sd-webui-infinite-image-browsing (aka Infinite Image Browsing) extension before 977815a for stable-diffusion-webui (aka Stable Diffusion web UI), if Gradio authentication is enabled without secret key configuration, allows remote attackers to read any local file via /file?path= in the URL, as demonstrated by reading /proc/self/environ to discover credentials. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-46315 |
CVE-2023-46319 | WALLIX Bastion 9.x before 9.0.9 and 10.x before 10.0.5 allows unauthenticated access to sensitive information by bypassing access control on a network access administration web interface. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-46319 |
CVE-2023-46324 | pkg/suci/suci.go in free5GC udm before 1.2.0, when Go before 1.19 is used, allows an Invalid Curve Attack because it may compute a shared secret via an uncompressed public key that has not been validated. An attacker can send arbitrary SUCIs to the UDM, which tries to decrypt them via both its private key and the attacker's public key. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-46324 |
CVE-2023-31122 | Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57.\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-31122 |
CVE-2023-43074 | \nDell Unity 5.3 contain(s) an Arbitrary File Creation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by crafting arbitrary files through a request to the server.\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43074 |
CVE-2023-43045 | IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 could allow a remote user to perform unauthorized actions due to improper authentication. IBM X-Force ID: 266896. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43045 |
CVE-2023-33837 | IBM Security Verify Governance 10.0 does not encrypt sensitive or critical information before storage or transmission. IBM X-Force ID: 256020. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-33837 |
CVE-2023-45966 | umputun remark42 version 1.12.1 and before has a Blind Server-Side Request Forgery (SSRF) vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-45966 |
CVE-2023-33517 | carRental 1.0 is vulnerable to Incorrect Access Control (Arbitrary File Read on the Back-end System). | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-33517 |
CVE-2023-26570 | Missing authentication in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-26570 |
CVE-2023-26571 | Missing authentication in the SetStudentNotes method in IDAttend’s IDWeb application 3.1.052 and earlier allows modification of student data by unauthenticated attackers. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-26571 |
CVE-2023-26574 | Missing authentication in the SearchStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-26574 |
CVE-2023-26575 | Missing authentication in the SearchStudentsStaff method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student and teacher data by unauthenticated attackers. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-26575 |
CVE-2023-26576 | Missing authentication in the SearchStudentsRFID method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-26576 |
CVE-2023-26580 | Unauthenticated arbitrary file read in the IDAttend’s IDWeb application 3.1.013 allows the retrieval of any file present on the web server by unauthenticated attackers. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-26580 |
CVE-2023-27257 | Missing authentication in the GetActiveToiletPasses method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student information by unauthenticated attackers. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-27257 |
CVE-2023-27258 | Missing authentication in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student and teacher data by unauthenticated attackers. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-27258 |
CVE-2023-27259 | Missing authentication in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student and teacher data by unauthenticated attackers. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-27259 |
CVE-2023-27375 | Missing authentication in the StudentPopupDetails_ContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-27375 |
CVE-2023-27376 | Missing authentication in the StudentPopupDetails_StudentDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-27376 |
CVE-2023-27377 | Missing authentication in the StudentPopupDetails_EmergencyContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-27377 |
CVE-2023-31582 | jose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-31582 |
CVE-2023-39219 | PingFederate Administrative Console dependency contains a weakness where console becomes unresponsive with crafted Java class loading enumeration requests\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-39219 |
CVE-2023-39619 | ReDos in NPMJS Node Email Check v.1.0.4 allows an attacker to cause a denial of service via a crafted string to the scpSyntax component. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-39619 |
CVE-2023-5570 | Improper Protection for Outbound Error Messages and Alert Signals vulnerability in Inohom Home Manager Gateway allows Account Footprinting.This issue affects Home Manager Gateway: before v.1.27.12.\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5570 |
CVE-2023-5443 | Improper Protection for Outbound Error Messages and Alert Signals vulnerability in EDM Informatics E-invoice allows Account Footprinting.This issue affects E-invoice: before 2.1.\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5443 |
CVE-2019-1003009 | An improper certificate validation vulnerability exists in Jenkins Active Directory Plugin 2.10 and earlier in src/main/java/hudson/plugins/active_directory/ActiveDirectoryDomain.java, src/main/java/hudson/plugins/active_directory/ActiveDirectorySecurityRealm.java, src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java that allows attackers to impersonate the Active Directory server Jenkins connects to for authentication if Jenkins is configured to use StartTLS. | 7.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003009 |
CVE-2020-2146 | Jenkins Mac Plugin 1.1.0 and earlier does not validate SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks. | 7.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2146 |
CVE-2020-35662 | In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated. | 7.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-35662 |
CVE-2021-43809 | `Bundler` is a package for managing application dependencies in Ruby. In `bundler` versions before 2.2.33, when working with untrusted and apparently harmless `Gemfile`'s, it is not expected that they lead to execution of external code, unless that's explicit in the ruby code inside the `Gemfile` itself. However, if the `Gemfile` includes `gem` entries that use the `git` option with invalid, but seemingly harmless, values with a leading dash, this can be false. To handle dependencies that come from a Git repository instead of a registry, Bundler uses various commands, such as `git clone`. These commands are being constructed using user input (e.g. the repository URL). When building the commands, Bundler versions before 2.2.33 correctly avoid Command Injection vulnerabilities by passing an array of arguments instead of a command string. However, there is the possibility that a user input starts with a dash (`-`) and is therefore treated as an optional argument instead of a positional one. This can lead to Code Execution because some of the commands have options that can be leveraged to run arbitrary executables. Since this value comes from the `Gemfile` file, it can contain any character, including a leading dash.\n\nTo exploit this vulnerability, an attacker has to craft a directory containing a `Gemfile` file that declares a dependency that is located in a Git repository. This dependency has to have a Git URL in the form of `-u./payload`. This URL will be used to construct a Git clone command but will be interpreted as the upload-pack argument. Then this directory needs to be shared with the victim, who then needs to run a command that evaluates the Gemfile, such as `bundle lock`, inside.\n\nThis vulnerability can lead to Arbitrary Code Execution, which could potentially lead to the takeover of the system. However, the exploitability is very low, because it requires a lot of user interaction. Bundler 2.2.33 has patched this problem by inserting `--` as an argument before any positional arguments to those Git commands that were affected by this issue. Regardless of whether users can upgrade or not, they should review any untrustred `Gemfile`'s before running any `bundler` commands that may read them, since they can contain arbitrary ruby code. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-43809 |
CVE-2022-36069 | Poetry is a dependency manager for Python. When handling dependencies that come from a Git repository instead of a registry, Poetry uses various commands, such as `git clone`. These commands are constructed using user input (e.g. the repository URL). When building the commands, Poetry correctly avoids Command Injection vulnerabilities by passing an array of arguments instead of a command string. However, there is the possibility that a user input starts with a dash (`-`) and is therefore treated as an optional argument instead of a positional one. This can lead to Code Execution because some of the commands have options that can be leveraged to run arbitrary executables. If a developer is exploited, the attacker could steal credentials or persist their access. If the exploit happens on a server, the attackers could use their access to attack other internal systems. Since this vulnerability requires a fair amount of user interaction, it is not as dangerous as a remotely exploitable one. However, it still puts developers at risk when dealing with untrusted files in a way they think is safe, because the exploit still works when the victim tries to make sure nothing can happen, e.g. by vetting any Git or Poetry config files that might be present in the directory. Versions 1.1.9 and 1.2.0b1 contain patches for this issue. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-36069 |
CVE-2023-36673 | An issue was discovered in Avira Phantom VPN through 2.23.1 for macOS. The VPN client insecurely configures the operating system such that all IP traffic to the VPN server's IP address is sent in plaintext outside the VPN tunnel, even if this traffic is not generated by the VPN client, while simultaneously using plaintext DNS to look up the VPN server's IP address. This allows an adversary to trick the victim into sending traffic to arbitrary IP addresses in plaintext outside the VPN tunnel. NOTE: the tunnelcrack.mathyvanhoef.com website uses this CVE ID to refer more generally to "ServerIP attack, combined with DNS spoofing, that can leak traffic to an arbitrary IP address" rather than to only Avira Phantom VPN. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-36673 |
CVE-2023-5524 | Insufficient blacklisting in M-Files Web Companion before release version 23.10 and LTS Service Release Versions before 23.8 LTS SR1 allows \n\nRemote Code Execution\n\n via specific file types\n\n | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-5524 |
CVE-2023-28797 | Zscaler Client Connector for Windows before 4.1 writes/deletes a configuration file inside specific folders on the disk. A malicious user can replace the folder and execute code as a privileged user.\n\n\n\n | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-28797 |
CVE-2019-1003003 | An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java that allows attackers with Overall/RunScripts permission to craft Remember Me cookies that would never expire, allowing e.g. to persist access to temporarily compromised user accounts. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003003 |
CVE-2019-1003004 | An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java that allows attackers to extend the duration of active HTTP sessions indefinitely even though the user account may have been deleted in the mean time. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003004 |
CVE-2022-39179 | \nCollege Management System v1.0 - Authenticated remote code execution.\nAn admin user (the authentication can be bypassed using SQL Injection that mentioned in my other report) can upload\n.php file that contains malicious code via student.php file.\n\n | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-39179 |
CVE-2022-4871 | A vulnerability classified as problematic was found in ummmmm nflpick-em.com up to 2.2.x. This vulnerability affects the function _Load_Users of the file html/includes/runtime/admin/JSON/LoadUsers.php. The manipulation of the argument sort leads to sql injection. The attack can be initiated remotely. The patch is identified as dd77a35942f527ea0beef5e0ec62b92e8b93211e. It is recommended to apply a patch to fix this issue. VDB-217270 is the identifier assigned to this vulnerability. NOTE: JSON entrypoint is only accessible via an admin account | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-4871 |
CVE-2018-25067 | A vulnerability, which was classified as critical, was found in JoomGallery up to 3.3.3. This affects an unknown part of the file administrator/components/com_joomgallery/views/config/tmpl/default.php of the component Image Sort Handler. The manipulation leads to sql injection. Upgrading to version 3.3.4 is able to address this issue. The identifier of the patch is dc414ee954e849082260f8613e15a1c1e1d354a1. It is recommended to upgrade the affected component. The identifier VDB-217569 was assigned to this vulnerability. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2018-25067 |
CVE-2023-2744 | The ERP WordPress plugin before 1.12.4 does not properly sanitise and escape the `type` parameter in the `erp/v1/accounting/v1/people` REST API endpoint before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-2744 |
CVE-2023-25097 | Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the attach_class variable. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-25097 |
CVE-2023-23842 | The SolarWinds Network Configuration Manager was susceptible to the Directory Traversal Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-23842 |
CVE-2023-46004 | Sourcecodester Best Courier Management System 1.0 is vulnerable to Arbitrary file upload in the update_user function. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-46004 |
CVE-2023-35185 | The SolarWinds Access Rights Manager was susceptible to a Directory Traversal Remote Code Vulnerability using SYSTEM privileges. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-35185 |
CVE-2023-41899 | Home assistant is an open source home automation. In affected versions the `hassio.addon_stdin` is vulnerable to a partial Server-Side Request Forgery where an attacker capable of calling this service (e.g.: through GHSA-h2jp-7grc-9xpp) may be able to invoke any Supervisor REST API endpoints with a POST request. An attacker able to exploit will be able to control the data dictionary, including its addon and input key/values. This issue has been addressed in version 2023.9.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as GitHub Security Lab (GHSL) Vulnerability Report: `GHSL-2023-162`. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-41899 |
CVE-2023-5414 | The Icegram Express plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.6.23 via the show_es_logs function. This allows administrator-level attackers to read the contents of arbitrary files on the server, which can contain sensitive information including those belonging to other sites, for example in shared hosting environments. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-5414 |
CVE-2023-5681 | A vulnerability, which was classified as critical, was found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /admin/list_addr_fwresource_ip.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243057 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-5681 |
CVE-2023-20273 | A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root.\r\n\r This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-20273 |
CVE-2019-1003044 | A cross-site request forgery vulnerability in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003044 |
CVE-2019-16561 | Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows users with Overall/Read access to disable SSL/TLS certificate and hostname validation for the entire Jenkins master JVM. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-16561 |
CVE-2020-2138 | Jenkins Cobertura Plugin 1.15 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-2138 |
CVE-2020-2144 | Jenkins Rundeck Plugin 3.6.6 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-2144 |
CVE-2020-2178 | Jenkins Parasoft Findings Plugin 10.4.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-2178 |
CVE-2020-2245 | Jenkins Valgrind Plugin 0.28 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-2245 |
CVE-2020-2284 | Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-2284 |
CVE-2021-21652 | A cross-site request forgery (CSRF) vulnerability in Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-21652 |
CVE-2021-21655 | A cross-site request forgery (CSRF) vulnerability in Jenkins P4 Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified Perforce server using attacker-specified username and password. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-21655 |
CVE-2021-21656 | Jenkins Xcode integration Plugin 2.0.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-21656 |
CVE-2021-21680 | Jenkins Nested View Plugin 1.20 and earlier does not configure its XML transformer to prevent XML external entity (XXE) attacks. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-21680 |
CVE-2021-43577 | Jenkins OWASP Dependency-Check Plugin 5.1.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-43577 |
CVE-2022-20619 | A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-20619 |
CVE-2023-29030 | \nA cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability.\n\n | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-29030 |
CVE-2023-29031 | \nA cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability.\n\n | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-29031 |
CVE-2023-3141 | A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-3141 |
CVE-2023-3268 | An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-3268 |
CVE-2023-3567 | A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-3567 |
CVE-2022-44729 | Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16.\n\nOn version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even information disclosure. Users are recommended to upgrade to version 1.17 or later.\n\n | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-44729 |
CVE-2023-43803 | Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint `/v2/pkgs/tools/installed` and the way it handles plugin names supplied as user input. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can delete arbitrary files or folders belonging to the user that runs the Arduino Create Agent via a crafted HTTP POST request. This issue has been addressed in version `1.3.3`. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-43803 |
CVE-2023-43801 | Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint `/v2/pkgs/tools/installed` and the way it handles plugin names supplied as user input. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can delete arbitrary files or folders belonging to the user that runs the Arduino Create Agent via a crafted HTTP DELETE request. This issue has been addressed in version `1.3.3`. Users are advised to upgrade. There are no known workarounds for this issue.\n | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-43801 |
CVE-2023-45661 | stb_image is a single file MIT licensed library for processing images. A crafted image file may trigger out of bounds memcpy read in `stbi__gif_load_next`. This happens because two_back points to a memory address lower than the start of the buffer out. This issue may be used to leak internal memory allocation information. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-45661 |
CVE-2023-45682 | stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds read in `DECODE` macro when `var` is negative. As it can be seen in the definition of `DECODE_RAW` a negative `var` is a valid value. This issue may be used to leak internal memory allocation information. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-45682 |
CVE-2023-46122 | sbt is a build tool for Scala, Java, and others. Given a specially crafted zip or JAR file, `IO.unzip` allows writing of arbitrary file. This would have potential to overwrite `/root/.ssh/authorized_keys`. Within sbt's main code, `IO.unzip` is used in `pullRemoteCache` task and `Resolvers.remote`; however many projects use `IO.unzip(...)` directly to implement custom tasks. This vulnerability has been patched in version 1.9.7. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-46122 |
CVE-2023-35823 | An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2023-35823 |
CVE-2023-35824 | An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2023-35824 |
CVE-2023-4244 | A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.\n\nDue to a race condition between nf_tables netlink control plane transaction and nft_set element garbage collection, it is possible to underflow the reference counter causing a use-after-free vulnerability.\n\nWe recommend upgrading past commit 3e91b0ebd994635df2346353322ac51ce84ce6d8.\n\n | 7 | https://nvd.nist.gov/vuln/detail/CVE-2023-4244 |
CVE-2023-4622 | A use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve local privilege escalation.\n\nThe unix_stream_sendpage() function tries to add data to the last skb in the peer's recv queue without locking the queue. Thus there is a race where unix_stream_sendpage() could access an skb locklessly that is being released by garbage collection, resulting in use-after-free.\n\nWe recommend upgrading past commit 790c2f9d15b594350ae9bca7b236f2b1859de02c.\n\n | 7 | https://nvd.nist.gov/vuln/detail/CVE-2023-4622 |
CVE-2023-20135 | A vulnerability in Cisco IOS XR Software image verification checks could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system.\r\n\r This vulnerability is due to a time-of-check, time-of-use (TOCTOU) race condition when an install query regarding an ISO image is performed during an install operation that uses an ISO image. An attacker could exploit this vulnerability by modifying an ISO image and then carrying out install requests in parallel. A successful exploit could allow the attacker to execute arbitrary code on an affected device. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2023-20135 |
CVE-2023-34046 | VMware Fusion(13.x prior to 13.5) contains a TOCTOU (Time-of-check Time-of-use) \nvulnerability that occurs during installation for the first time (the \nuser needs to drag or copy the application to a folder from the '.dmg' \nvolume) or when installing an upgrade. A malicious actor with local non-administrative user privileges may \nexploit this vulnerability to escalate privileges to root on the system \nwhere Fusion is installed or being installed for the first time. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2023-34046 |
CVE-2023-38041 | A logged in user may elevate its permissions by abusing a Time-of-Check to Time-of-Use (TOCTOU) race condition. When a particular process flow is initiated, an attacker can exploit this condition to gain unauthorized elevated privileges on the affected system. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2023-38041 |
CVE-2023-40131 | In GpuService of GpuService.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2023-40131 |
CVE-2023-21400 | In multiple functions of io_uring.c, there is a possible kernel memory corruption due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.\n\n | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-21400 |
CVE-2023-30562 | A GRE dataset file within Systems Manager can be tampered with and distributed to PCUs. \n\n\n\n | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-30562 |
CVE-2023-4273 | A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long file name. Since the file name characters are copied into a stack variable, a local privileged attacker could use this flaw to overflow the kernel stack. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-4273 |
CVE-2023-43776 | Eaton easyE4 PLC offers a device password protection functionality to facilitate a secure connection and prevent unauthorized access. It was observed that the device password was stored with a weak encoding algorithm in the easyE4 program file when exported to SD card (*.PRG file ending). | 6.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-43776 |
CVE-2019-1003012 | A data modification vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-core-js/src/js/bundleStartup.js, blueocean-core-js/src/js/fetch.ts, blueocean-core-js/src/js/i18n/i18n.js, blueocean-core-js/src/js/urlconfig.js, blueocean-rest/src/main/java/io/jenkins/blueocean/rest/APICrumbExclusion.java, blueocean-web/src/main/java/io/jenkins/blueocean/BlueOceanUI.java, blueocean-web/src/main/resources/io/jenkins/blueocean/BlueOceanUI/index.jelly that allows attackers to bypass all cross-site request forgery protection in Blue Ocean API. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003012 |
CVE-2019-1003022 | A denial of service vulnerability exists in Jenkins Monitoring Plugin 1.74.0 and earlier in PluginImpl.java that allows attackers to kill threads running on the Jenkins master. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003022 |
CVE-2019-1003037 | An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMCloud.java that allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003037 |
CVE-2019-1003045 | A vulnerability in Jenkins ECS Publisher Plugin 1.0.0 and earlier allows attackers with Item/Extended Read permission, or local file system access to the Jenkins home directory to obtain the API token configured in this plugin's configuration. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003045 |
CVE-2019-1003046 | A cross-site request forgery vulnerability in Jenkins Fortify on Demand Uploader Plugin 3.0.10 and earlier allows attackers to initiate a connection to an attacker-specified server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003046 |
CVE-2019-1003047 | A missing permission check in Jenkins Fortify on Demand Uploader Plugin 3.0.10 and earlier allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003047 |
CVE-2019-1003058 | A cross-site request forgery vulnerability in Jenkins FTP publisher Plugin in the FTPPublisher.DescriptorImpl#doLoginCheck method allows attackers to initiate a connection to an attacker-specified server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003058 |
CVE-2019-1003059 | A missing permission check in Jenkins FTP publisher Plugin in the FTPPublisher.DescriptorImpl#doLoginCheck method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003059 |
CVE-2019-1003076 | A cross-site request forgery vulnerability in Jenkins Audit to Database Plugin in the DbAuditPublisherDescriptorImpl#doTestJdbcConnection form validation method allows attackers to initiate a connection to an attacker-specified server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003076 |
CVE-2019-1003077 | A missing permission check in Jenkins Audit to Database Plugin in the DbAuditPublisherDescriptorImpl#doTestJdbcConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003077 |
CVE-2019-1003078 | A cross-site request forgery vulnerability in Jenkins VMware Lab Manager Slaves Plugin in the LabManager.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003078 |
CVE-2019-1003079 | A missing permission check in Jenkins VMware Lab Manager Slaves Plugin in the LabManager.DescriptorImpl#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003079 |
CVE-2019-1003080 | A cross-site request forgery vulnerability in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptor#doCheckLogin form validation method allows attackers to initiate a connection to an attacker-specified server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003080 |
CVE-2019-1003081 | A missing permission check in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptor#doCheckLogin form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003081 |
CVE-2019-1003082 | A cross-site request forgery vulnerability in Jenkins Gearman Plugin in the GearmanPluginConfig#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003082 |
CVE-2019-1003083 | A missing permission check in Jenkins Gearman Plugin in the GearmanPluginConfig#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003083 |
CVE-2019-1003084 | A cross-site request forgery vulnerability in Jenkins Zephyr Enterprise Test Management Plugin in the ZeeDescriptor#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003084 |
CVE-2019-1003085 | A missing permission check in Jenkins Zephyr Enterprise Test Management Plugin in the ZeeDescriptor#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003085 |
CVE-2019-1003086 | A cross-site request forgery vulnerability in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003086 |
CVE-2019-1003087 | A missing permission check in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpl#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003087 |
CVE-2019-1003088 | Jenkins Fabric Beta Publisher Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003088 |
CVE-2019-1003089 | Jenkins Upload to pgyer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003089 |
CVE-2019-1003090 | A cross-site request forgery vulnerability in Jenkins SOASTA CloudTest Plugin in the CloudTestServer.DescriptorImpl#doValidate form validation method allows attackers to initiate a connection to an attacker-specified server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003090 |
CVE-2019-1003091 | A missing permission check in Jenkins SOASTA CloudTest Plugin in the CloudTestServer.DescriptorImpl#doValidate form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003091 |
CVE-2019-1003092 | A cross-site request forgery vulnerability in Jenkins Nomad Plugin in the NomadCloud.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003092 |
CVE-2019-1003093 | A missing permission check in Jenkins Nomad Plugin in the NomadCloud.DescriptorImpl#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003093 |
CVE-2019-1003094 | Jenkins Open STF Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003094 |
CVE-2019-1003095 | Jenkins Perfecto Mobile Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003095 |
CVE-2019-1003096 | Jenkins TestFairy Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003096 |
CVE-2019-1003097 | Jenkins Crowd Integration Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003097 |
CVE-2019-1003098 | A cross-site request forgery vulnerability in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpl#doValidate form validation method allows attackers to initiate a connection to an attacker-specified server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003098 |
CVE-2019-1003099 | A missing permission check in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpl#doValidate form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003099 |
CVE-2019-10278 | A cross-site request forgery vulnerability in Jenkins jenkins-reviewbot Plugin in the ReviewboardDescriptor#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10278 |
CVE-2019-10279 | A missing permission check in Jenkins jenkins-reviewbot Plugin in the ReviewboardDescriptor#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10279 |
CVE-2019-10289 | A cross-site request forgery vulnerability in Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older in the NCScanBuilder.DescriptorImpl#doValidateAPI form validation method allowed attackers to initiate a connection to an attacker-specified server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10289 |
CVE-2019-10290 | A missing permission check in Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older in the NCScanBuilder.DescriptorImpl#doValidateAPI form validation method allowed attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10290 |
CVE-2019-10292 | A cross-site request forgery vulnerability in Jenkins Kmap Plugin in KmapJenkinsBuilder.DescriptorImpl form validation methods allows attackers to initiate a connection to an attacker-specified server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10292 |
CVE-2019-10293 | A missing permission check in Jenkins Kmap Plugin in KmapJenkinsBuilder.DescriptorImpl form validation methods allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10293 |
CVE-2019-10304 | A cross-site request forgery vulnerability in Jenkins XebiaLabs XL Deploy Plugin in the Credential#doValidateUserNamePassword form validation method allows attackers to initiate a connection to an attacker-specified server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10304 |
CVE-2019-10305 | A missing permission check in Jenkins XebiaLabs XL Deploy Plugin in the Credential#doValidateUserNamePassword form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10305 |
CVE-2019-10307 | A cross-site request forgery vulnerability in Jenkins Static Analysis Utilities Plugin 1.95 and earlier in the DefaultGraphConfigurationView#doSave form handler method allowed attackers to change the per-job default graph configuration for all users. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10307 |
CVE-2019-10308 | A missing permission check in Jenkins Static Analysis Utilities Plugin 1.95 and earlier in the DefaultGraphConfigurationView#doSave form handler method allowed attackers with Overall/Read permission to change the per-job default graph configuration for all users. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10308 |
CVE-2019-10324 | A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and earlier in ReleaseAction#doSubmit, GradleReleaseApiAction#doStaging, MavenReleaseApiAction#doStaging, and UnifiedPromoteBuildAction#doSubmit allowed attackers to schedule a release build, perform release staging for Gradle and Maven projects, and promote previously staged builds, respectively. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10324 |
CVE-2019-10334 | Jenkins ElectricFlow Plugin 1.1.5 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM when MultipartUtility.java is used to upload files. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10334 |
CVE-2019-10341 | A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10341 |
CVE-2019-10352 | A path traversal vulnerability in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java allowed attackers with Job/Configure permission to define a file parameter with a file name outside the intended directory, resulting in an arbitrary file write on the Jenkins master when scheduling a build. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10352 |
CVE-2019-10358 | Jenkins Maven Integration Plugin 3.3 and earlier did not apply build log decorators to module builds, potentially revealing sensitive build variables in the build log. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10358 |
CVE-2019-10366 | Jenkins Skytap Cloud CI Plugin 2.06 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10366 |
CVE-2019-10369 | A missing permission check in Jenkins JClouds Plugin 2.14 and earlier in BlobStoreProfile.DescriptorImpl#doTestConnection and JCloudsCloud.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10369 |
CVE-2019-10370 | Jenkins Mask Passwords Plugin 2.12.0 and earlier transmits globally configured passwords in plain text as part of the configuration form, potentially resulting in their exposure. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10370 |
CVE-2019-10375 | An arbitrary file read vulnerability in Jenkins File System SCM Plugin 2.1 and earlier allows attackers able to configure jobs in Jenkins to obtain the contents of any file on the Jenkins master. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10375 |
CVE-2019-10379 | Jenkins Google Cloud Messaging Notification Plugin 1.0 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10379 |
CVE-2019-10382 | Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier disables SSL/TLS and hostname verification globally for the Jenkins master JVM. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10382 |
CVE-2019-10385 | Jenkins eggPlant Plugin 2.2 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10385 |
CVE-2019-10387 | A missing permission check in Jenkins XL TestView Plugin 1.2.0 and earlier in XLTestView.XLTestDescriptor#doTestConnection allows users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10387 |
CVE-2019-10391 | Jenkins IBM Application Security on Cloud Plugin 1.2.4 and earlier transmitted configured passwords in plain text as part of job configuration forms, potentially resulting in their exposure. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10391 |
CVE-2019-10407 | Jenkins Project Inheritance Plugin 2.0.0 and earlier displayed a list of environment variables passed to a build without masking sensitive variables contributed by the Mask Passwords Plugin. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10407 |
CVE-2019-10413 | Jenkins Data Theorem: CI/CD Plugin 1.3 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10413 |
CVE-2019-10414 | Jenkins Git Changelog Plugin 2.17 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10414 |
CVE-2019-10415 | Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10415 |
CVE-2019-10416 | Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10416 |
CVE-2019-10422 | Jenkins Call Remote Job Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10422 |
CVE-2019-10425 | Jenkins Google Calendar Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10425 |
CVE-2019-10436 | An arbitrary file read vulnerability in Jenkins Google OAuth Credentials Plugin 0.9 and earlier allowed attackers able to configure jobs and credentials in Jenkins to obtain the contents of any file on the Jenkins master. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10436 |
CVE-2019-10438 | A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10438 |
CVE-2019-10444 | Jenkins Bumblebee HP ALM Plugin 4.1.3 and earlier unconditionally disabled SSL/TLS and hostname verification for connections to HP ALM. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10444 |
CVE-2019-10459 | Jenkins Mattermost Notification Plugin 2.7.0 and earlier stored webhook URLs containing a secret token unencrypted in its global configuration file and job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10459 |
CVE-2019-10463 | A missing permission check in Jenkins Dynatrace Application Monitoring Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10463 |
CVE-2019-10467 | Jenkins Sonar Gerrit Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10467 |
CVE-2019-10469 | A missing permission check in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10469 |
CVE-2019-10470 | A missing permission check in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10470 |
CVE-2019-10472 | A missing permission check in Jenkins Libvirt Slaves Plugin allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10472 |
CVE-2019-16539 | A missing permission check in Jenkins Support Core Plugin 2.63 and earlier allows attackers with Overall/Read permission to delete support bundles. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-16539 |
CVE-2019-16540 | A path traversal vulnerability in Jenkins Support Core Plugin 2.63 and earlier allows attackers with Overall/Read permission to delete arbitrary files on the Jenkins master. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-16540 |
CVE-2019-16542 | Jenkins Anchore Container Image Scanner Plugin 1.0.19 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-16542 |
CVE-2019-16545 | Jenkins QMetry for JIRA - Test Management Plugin transmits credentials in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-16545 |
CVE-2019-16555 | A user-supplied regular expression in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier was processed in a way that wasn't interruptible, allowing attackers to have Jenkins evaluate a regular expression without the ability to interrupt this process. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-16555 |
CVE-2019-16556 | Jenkins Rundeck Plugin 3.6.5 and earlier stores credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-16556 |
CVE-2019-16557 | Jenkins Redgate SQL Change Automation Plugin 2.0.3 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-16557 |
CVE-2019-16566 | A missing permission check in Jenkins Team Concert Plugin 1.3.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-16566 |
CVE-2019-16574 | A missing permission check in Jenkins Alauda DevOps Pipeline Plugin 2.3.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-16574 |
CVE-2019-16576 | A missing permission check in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing the Kubernetes service account token or credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-16576 |
CVE-2020-2129 | Jenkins Eagle Tester Plugin 1.0.9 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2129 |
CVE-2020-2130 | Jenkins Harvest SCM Plugin 0.5.1 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2130 |
CVE-2020-2131 | Jenkins Harvest SCM Plugin 0.5.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2131 |
CVE-2020-2132 | Jenkins Parasoft Environment Manager Plugin 2.14 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2132 |
CVE-2020-2133 | Jenkins Applatix Plugin 1.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2133 |
CVE-2020-2139 | An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 and earlier allows attackers able to control the coverage report file contents to overwrite any file on the Jenkins master file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2139 |
CVE-2020-2164 | Jenkins Artifactory Plugin 3.5.0 and earlier stores its Artifactory server password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2164 |
CVE-2020-2172 | Jenkins Code Coverage API Plugin 1.1.4 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2172 |
CVE-2020-2181 | Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets in the build log when the build contains no build steps. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2181 |
CVE-2020-2183 | Jenkins Copy Artifact Plugin 1.43.1 and earlier performs improper permission checks, allowing attackers to copy artifacts from jobs they have no permission to access. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2183 |
CVE-2020-2192 | A cross-site request forgery vulnerability in Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier allows attackers to add or remove agent labels. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2192 |
CVE-2020-2198 | Jenkins Project Inheritance Plugin 19.08.02 and earlier does not redact encrypted secrets in the 'getConfigAsXML' API URL when transmitting job config.xml data to users without Job/Configure. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2198 |
CVE-2020-2233 | A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2233 |
CVE-2020-2234 | A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2234 |
CVE-2020-2235 | A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows attackers to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2235 |
CVE-2020-2242 | A missing permission check in Jenkins database Plugin 1.6 and earlier allows attackers with Overall/Read access to Jenkins to connect to an attacker-specified database server using attacker-specified credentials. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2242 |
CVE-2020-2247 | Jenkins Klocwork Analysis Plugin 2020.2.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2247 |
CVE-2020-2250 | Jenkins SoapUI Pro Functional Testing Plugin 1.3 and earlier stores project passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2250 |
CVE-2020-2254 | Jenkins Blue Ocean Plugin 1.23.2 and earlier provides an undocumented feature flag that, when enabled, allows an attacker with Job/Configure or Job/Create permission to read arbitrary files on the Jenkins controller file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2254 |
CVE-2020-2275 | Jenkins Copy data to workspace Plugin 1.0 and earlier does not limit which directories can be copied from the Jenkins controller to job workspaces, allowing attackers with Job/Configure permission to read arbitrary files on the Jenkins controller. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2275 |
CVE-2020-2277 | Jenkins Storable Configs Plugin 1.0 and earlier allows users with Job/Read permission to read arbitrary files on the Jenkins controller. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2277 |
CVE-2020-2278 | Jenkins Storable Configs Plugin 1.0 and earlier does not restrict the user-specified file name, allowing attackers with Job/Configure permission to replace any other '.xml' file on the Jenkins controller with a job config.xml file's content. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2278 |
CVE-2020-2293 | Jenkins Persona Plugin 2.4 and earlier allows users with Overall/Read permission to read arbitrary files on the Jenkins controller. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2293 |
CVE-2020-2294 | Jenkins Maven Cascade Release Plugin 1.3.2 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to start cascade builds and layout builds, and reconfigure the plugin. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2294 |
CVE-2020-2295 | A cross-site request forgery (CSRF) vulnerability in Jenkins Maven Cascade Release Plugin 1.3.2 and earlier allows attackers to start cascade builds and layout builds, and reconfigure the plugin. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2295 |
CVE-2020-2298 | Jenkins Nerrvana Plugin 1.02.06 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2298 |
CVE-2020-2304 | Jenkins Subversion Plugin 2.13.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2304 |
CVE-2020-2305 | Jenkins Mercurial Plugin 2.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2305 |
CVE-2020-2312 | Jenkins SQLPlus Script Runner Plugin 2.0.12 and earlier does not mask a password provided as command line argument in build logs. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2312 |
CVE-2020-2315 | Jenkins Visualworks Store Plugin 1.1.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2315 |
CVE-2020-2318 | Jenkins Mail Commander Plugin for Jenkins-ci Plugin 1.0.0 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2318 |
CVE-2020-2319 | Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier stores a password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2319 |
CVE-2021-21602 | Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows reading arbitrary files using the file browser for workspaces and archived artifacts by following symlinks. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-21602 |
CVE-2021-21607 | Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not limit sizes provided as query parameters to graph-rendering URLs, allowing attackers to request crafted URLs that use all available memory in Jenkins, potentially leading to out of memory errors. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-21607 |
CVE-2021-21623 | An incorrect permission check in Jenkins Matrix Authorization Strategy Plugin 2.6.5 and earlier allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read permission for parent folders. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-21623 |
CVE-2021-21632 | A missing permission check in Jenkins OWASP Dependency-Track Plugin 3.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-21632 |
CVE-2021-21634 | Jenkins Jabber (XMPP) notifier and control Plugin 1.41 and earlier stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-21634 |
CVE-2021-21637 | A missing permission check in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-21637 |
CVE-2021-21643 | Jenkins Config File Provider Plugin 3.7.0 and earlier does not correctly perform permission checks in several HTTP endpoints, allowing attackers with global Job/Configure permission to enumerate system-scoped credentials IDs of credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-21643 |
CVE-2021-21664 | An incorrect permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Generic Create permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-21664 |
CVE-2021-21675 | A cross-site request forgery (CSRF) vulnerability in Jenkins requests-plugin Plugin 2.2.12 and earlier allows attackers to create requests and/or have administrators apply pending requests. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-21675 |
CVE-2021-21683 | The file browser in Jenkins 2.314 and earlier, LTS 2.303.1 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Overall/Read permission (Windows controller) or Job/Workspace permission (Windows agents) to obtain the contents of arbitrary files. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-21683 |
CVE-2021-21701 | Jenkins Performance Plugin 3.20 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-21701 |
CVE-2021-43576 | Jenkins pom2config Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing attackers with Overall/Read and Item/Read permissions to have Jenkins parse a crafted XML file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-43576 |
CVE-2022-23105 | Jenkins Active Directory Plugin 2.25 and earlier does not encrypt the transmission of data between the Jenkins controller and Active Directory servers in most configurations. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-23105 |
CVE-2022-23109 | Jenkins HashiCorp Vault Plugin 3.7.0 and earlier does not mask Vault credentials in Pipeline build logs or in Pipeline step descriptions when Pipeline: Groovy Plugin 2.85 or later is installed. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-23109 |
CVE-2022-23112 | A missing permission check in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers with Overall/Read access to connect to an attacker-specified SSH server using attacker-specified credentials. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-23112 |
CVE-2022-25176 | Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier follows symbolic links to locations outside of the checkout directory for the configured SCM when reading the script file (typically Jenkinsfile) for Pipelines, allowing attackers able to configure Pipelines to read arbitrary files on the Jenkins controller file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-25176 |
CVE-2022-25177 | Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier follows symbolic links to locations outside of the expected Pipeline library when reading files using the libraryResource step, allowing attackers able to configure Pipelines to read arbitrary files on the Jenkins controller file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-25177 |
CVE-2022-25178 | Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier does not restrict the names of resources passed to the libraryResource step, allowing attackers able to configure Pipelines permission to read arbitrary files on the Jenkins controller file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-25178 |
CVE-2022-25179 | Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier follows symbolic links to locations outside of the checkout directory for the configured SCM when reading files using the readTrusted step, allowing attackers able to configure Pipelines permission to read arbitrary files on the Jenkins controller file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-25179 |
CVE-2022-25184 | Jenkins Pipeline: Build Step Plugin 2.15 and earlier reveals password parameter default values when generating a pipeline script using the Pipeline Snippet Generator, allowing attackers with Item/Read permission to retrieve the default password parameter value from jobs. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-25184 |
CVE-2022-25186 | Jenkins HashiCorp Vault Plugin 3.8.0 and earlier implements functionality that allows agent processes to retrieve any Vault secrets for use on the agent, allowing attackers able to control agent processes to obtain Vault secrets for an attacker-specified path and key. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-25186 |
CVE-2022-25187 | Jenkins Support Core Plugin 2.79 and earlier does not redact some sensitive information in the support bundle. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-25187 |
CVE-2022-25193 | Missing permission checks in Jenkins Snow Commander Plugin 1.10 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-25193 |
CVE-2022-25197 | Jenkins HashiCorp Vault Plugin 336.v182c0fbaaeb7 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-25197 |
CVE-2022-25201 | Missing permission checks in Jenkins Checkmarx Plugin 2022.1.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-25201 |
CVE-2022-25210 | Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier uses static fields to store job configuration information, allowing attackers with Item/Configure permission to capture passwords of the jobs that will be configured. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-25210 |
CVE-2022-27201 | Jenkins Semantic Versioning Plugin 1.13 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-27201 |
CVE-2022-27203 | Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers with Item/Configure permission to read values from arbitrary JSON and Java properties files on the Jenkins controller. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-27203 |
CVE-2022-27206 | Jenkins GitLab Authentication Plugin 1.13 and earlier stores the GitLab client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-27206 |
CVE-2022-27208 | Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows users with Credentials/Create permission to read arbitrary files on the Jenkins controller. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-27208 |
CVE-2022-27209 | A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-27209 |
CVE-2022-27210 | A cross-site request forgery (CSRF) vulnerability in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-27210 |
CVE-2022-27211 | A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-27211 |
CVE-2022-27216 | Jenkins dbCharts Plugin 0.5.2 and earlier stores JDBC connection passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-27216 |
CVE-2022-27217 | Jenkins Vmware vRealize CodeStream Plugin 1.2 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-27217 |
CVE-2022-28135 | Jenkins instant-messaging Plugin 1.41 and earlier stores passwords for group chats unencrypted in the global configuration file of plugins based on Jenkins instant-messaging Plugin on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-28135 |
CVE-2022-28141 | Jenkins Proxmox Plugin 0.5.0 and earlier stores the Proxmox Datacenter password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-28141 |
CVE-2022-28143 | A cross-site request forgery (CSRF) vulnerability in Jenkins Proxmox Plugin 0.7.0 and earlier allows attackers to connect to an attacker-specified host using attacker-specified username and password (perform a connection test), disable SSL/TLS validation for the entire Jenkins controller JVM as part of the connection test (see CVE-2022-28142), and test a rollback with attacker-specified parameters. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-28143 |
CVE-2022-28144 | Jenkins Proxmox Plugin 0.7.0 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified host using attacker-specified username and password (perform a connection test), disable SSL/TLS validation for the entire Jenkins controller JVM as part of the connection test (see CVE-2022-28142), and test a rollback with attacker-specified parameters. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-28144 |
CVE-2022-28146 | Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier allows attackers with Item/Configure permission to read arbitrary files on the Jenkins controller by specifying an input folder on the Jenkins controller as a parameter to its build steps. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-28146 |
CVE-2022-28148 | The file browser in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Item/Read permission to obtain the contents of arbitrary files on Windows controllers. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-28148 |
CVE-2022-28156 | Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Item/Configure permission to copy arbitrary files and directories from the Jenkins controller to the agent workspace. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-28156 |
CVE-2022-28157 | Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Item/Configure permission to upload arbitrary files from the Jenkins controller via FTP to an attacker-specified FTP server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-28157 |
CVE-2022-28158 | A missing permission check in Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-28158 |
CVE-2022-28160 | Jenkins Tests Selector Plugin 1.3.3 and earlier allows users with Item/Configure permission to read arbitrary files on the Jenkins controller. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-28160 |
CVE-2022-30952 | Jenkins Pipeline SCM API for Blue Ocean Plugin 1.25.3 and earlier allows attackers with Job/Configure permission to access credentials with attacker-specified IDs stored in the private per-user credentials stores of any attacker-specified user in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30952 |
CVE-2022-30953 | A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30953 |
CVE-2022-30954 | Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30954 |
CVE-2022-30955 | Jenkins GitLab Plugin 1.5.31 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30955 |
CVE-2022-30959 | A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30959 |
CVE-2022-34199 | Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34199 |
CVE-2022-34201 | A missing permission check in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34201 |
CVE-2022-34202 | Jenkins EasyQA Plugin 1.0 and earlier stores user passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34202 |
CVE-2022-34205 | A cross-site request forgery (CSRF) vulnerability in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers to send HTTP POST requests to an attacker-specified URL. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34205 |
CVE-2022-34207 | A cross-site request forgery (CSRF) vulnerability in Jenkins Beaker builder Plugin 1.10 and earlier allows attackers to connect to an attacker-specified URL. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34207 |
CVE-2022-34209 | A cross-site request forgery (CSRF) vulnerability in Jenkins ThreadFix Plugin 1.5.4 and earlier allows attackers to connect to an attacker-specified URL. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34209 |
CVE-2022-34210 | A missing permission check in Jenkins ThreadFix Plugin 1.5.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34210 |
CVE-2022-34211 | A cross-site request forgery (CSRF) vulnerability in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers to send an HTTP POST request to an attacker-specified URL. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34211 |
CVE-2022-34213 | Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34213 |
CVE-2022-34779 | A missing permission check in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34779 |
CVE-2022-34780 | A cross-site request forgery (CSRF) vulnerability in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34780 |
CVE-2022-34781 | Missing permission checks in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34781 |
CVE-2022-34789 | A cross-site request forgery (CSRF) vulnerability in Jenkins Matrix Reloaded Plugin 1.1.3 and earlier allows attackers to rebuild previous matrix builds. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34789 |
CVE-2022-34794 | Missing permission checks in Jenkins Recipe Plugin 1.2 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34794 |
CVE-2022-34805 | Jenkins Skype notifier Plugin 1.1.0 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34805 |
CVE-2022-34806 | Jenkins Jigomerge Plugin 0.9 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34806 |
CVE-2022-34807 | Jenkins Elasticsearch Query Plugin 1.2 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34807 |
CVE-2022-34809 | Jenkins RQM Plugin 2.8 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34809 |
CVE-2022-34810 | A missing check in Jenkins RQM Plugin 2.8 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34810 |
CVE-2022-34816 | Jenkins HPE Network Virtualization Plugin 1.0 stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34816 |
CVE-2022-36888 | A missing permission check in Jenkins HashiCorp Vault Plugin 354.vdb_858fd6b_f48 and earlier allows attackers with Overall/Read permission to obtain credentials stored in Vault with attacker-specified path and keys. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-36888 |
CVE-2022-36894 | An arbitrary file write vulnerability in Jenkins CLIF Performance Testing Plugin 64.vc0d66de1dfb_f and earlier allows attackers with Overall/Read permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specified content. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-36894 |
CVE-2022-36896 | A missing permission check in Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-36896 |
CVE-2022-36901 | Jenkins HTTP Request Plugin 1.15 and earlier stores HTTP Request passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-36901 |
CVE-2022-36906 | A cross-site request forgery (CSRF) vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-36906 |
CVE-2022-36907 | A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-36907 |
CVE-2022-36908 | A cross-site request forgery (CSRF) vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenkins controller file system to an attacker-specified URL. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-36908 |
CVE-2022-36909 | A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenkins controller file system to an attacker-specified URL. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-36909 |
CVE-2022-36911 | A cross-site request forgery (CSRF) vulnerability in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers to connect to an attacker-specified URL. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-36911 |
CVE-2022-38663 | Jenkins Git Plugin 4.11.4 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log provided by the Git Username and Password (`gitUsernamePassword`) credentials binding. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-38663 |
CVE-2022-38665 | Jenkins CollabNet Plugins Plugin 2.0.8 and earlier stores a RabbitMQ password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-38665 |
CVE-2022-41246 | A missing permission check in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-41246 |
CVE-2022-41250 | A missing permission check in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-41250 |
CVE-2022-41254 | Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-41254 |
CVE-2022-41255 | Jenkins CONS3RT Plugin 1.0.0 and earlier stores Cons3rt API token unencrypted in job config.xml files on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-41255 |
CVE-2022-43408 | Jenkins Pipeline: Stage View Plugin 2.26 and earlier does not correctly encode the ID of 'input' steps when using it to generate URLs to proceed or abort Pipeline builds, allowing attackers able to configure Pipelines to specify 'input' step IDs resulting in URLs that would bypass the CSRF protection of any target URL in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-43408 |
CVE-2022-43419 | Jenkins Katalon Plugin 1.0.32 and earlier stores API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-43419 |
CVE-2022-45383 | An incorrect permission check in Jenkins Support Core Plugin 1206.v14049fa_b_d860 and earlier allows attackers with Support/DownloadBundle permission to download a previously created support bundle containing information limited to users with Overall/Administer permission. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-45383 |
CVE-2022-45384 | Jenkins Reverse Proxy Auth Plugin 1.7.3 and earlier stores the LDAP manager password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-45384 |
CVE-2022-45392 | Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-45392 |
CVE-2023-24433 | Missing permission checks in Jenkins Orka by MacStadium Plugin 1.31 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24433 |
CVE-2023-24435 | A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24435 |
CVE-2023-0697 | Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 110.0.5481.77 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: High) | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0697 |
CVE-2023-0700 | Inappropriate implementation in Download in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0700 |
CVE-2023-0704 | Insufficient policy enforcement in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to bypass same origin policy and proxy settings via a crafted HTML page. (Chromium security severity: Low) | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0704 |
CVE-2023-0003 | A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR server software enables an authenticated user with access to the web interface to read local files from the server.\n | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0003 |
CVE-2023-25768 | A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-25768 |
CVE-2023-0004 | A local file deletion vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to delete files from the local file system with elevated privileges.\n\nThese files can include logs and system components that impact the integrity and availability of PAN-OS software. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0004 |
CVE-2023-2307 | Cross-Site Request Forgery (CSRF) in GitHub repository builderio/qwik prior to 0.104.0.\n\n | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2307 |
CVE-2023-29024 | \nA cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product \n\nA cross site scripting vulnerability was discovered that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability.\n\n\n\n | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-29024 |
CVE-2023-31147 | c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom() are unavailable, c-ares uses rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand() so will generate predictable output. Input from the random number generator is fed into a non-compilant RC4 implementation and may not be as strong as the original RC4 implementation. No attempt is made to look for modern OS-provided CSPRNGs like arc4random() that is widely available. This issue has been fixed in version 1.19.1. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-31147 |
CVE-2023-2650 | Issue summary: Processing some specially crafted ASN.1 object identifiers or\ndata containing them may be very slow.\n\nImpact summary: Applications that use OBJ_obj2txt() directly, or use any of\nthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message\nsize limit may experience notable to very long delays when processing those\nmessages, which may lead to a Denial of Service.\n\nAn OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -\nmost of which have no size limit. OBJ_obj2txt() may be used to translate\nan ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL\ntype ASN1_OBJECT) to its canonical numeric text form, which are the\nsub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by\nperiods.\n\nWhen one of the sub-identifiers in the OBJECT IDENTIFIER is very large\n(these are sizes that are seen as absurdly large, taking up tens or hundreds\nof KiBs), the translation to a decimal number in text may take a very long\ntime. The time complexity is O(n^2) with 'n' being the size of the\nsub-identifiers in bytes (*).\n\nWith OpenSSL 3.0, support to fetch cryptographic algorithms using names /\nidentifiers in string form was introduced. This includes using OBJECT\nIDENTIFIERs in canonical numeric text form as identifiers for fetching\nalgorithms.\n\nSuch OBJECT IDENTIFIERs may be received through the ASN.1 structure\nAlgorithmIdentifier, which is commonly used in multiple protocols to specify\nwhat cryptographic algorithm should be used to sign or verify, encrypt or\ndecrypt, or digest passed data.\n\nApplications that call OBJ_obj2txt() directly with untrusted data are\naffected, with any version of OpenSSL. If the use is for the mere purpose\nof display, the severity is considered low.\n\nIn OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,\nCMS, CMP/CRMF or TS. It also impacts anything that processes X.509\ncertificates, including simple things like verifying its signature.\n\nThe impact on TLS is relatively low, because all versions of OpenSSL have a\n100KiB limit on the peer's certificate chain. Additionally, this only\nimpacts clients, or servers that have explicitly enabled client\nauthentication.\n\nIn OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,\nsuch as X.509 certificates. This is assumed to not happen in such a way\nthat it would cause a Denial of Service, so these versions are considered\nnot affected by this issue in such a way that it would be cause for concern,\nand the severity is therefore considered low. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2650 |
CVE-2023-3338 | A null pointer dereference flaw was found in the Linux kernel's DECnet networking protocol. This issue could allow a remote user to crash the system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-3338 |
CVE-2023-4527 | A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-4527 |
CVE-2023-44249 | An authorization bypass through user-controlled key [CWE-639] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 allows a remote attacker with low privileges to read sensitive information via crafted HTTP requests. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-44249 |
CVE-2023-43777 | Eaton easySoft software is used to program easy controllers and displays for configuring, programming and defining parameters for all the intelligent relays. This software has a password protection functionality to secure the project file from unauthorized access. This password was being stored insecurely and could be retrieved by skilled adversaries. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43777 |
CVE-2023-22059 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-22059 |
CVE-2023-22079 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-22079 |
CVE-2023-22095 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). The supported version that is affected is 8.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-22095 |
CVE-2023-35083 | Allows an authenticated attacker with network access to read arbitrary files on Endpoint Manager recently discovered on 2022 SU3 and all previous versions potentially leading to the leakage of sensitive information. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-35083 |
CVE-2023-20261 | A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to retrieve arbitrary files from an affected system.\r\n\r This vulnerability is due to improper validation of parameters that are sent to the web UI. An attacker could exploit this vulnerability by logging in to Cisco Catalyst SD-WAN Manager and issuing crafted requests using the web UI. A successful exploit could allow the attacker to obtain arbitrary files from the underlying Linux file system of an affected system. To exploit this vulnerability, the attacker must be an authenticated user. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-20261 |
CVE-2023-36857 | \n\n\nBaker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05\n\n contains a replay vulnerability which could allow an attacker to \n\n\n\nreplay older captured packets of traffic to the device to gain access.\n\n\n\n | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-36857 |
CVE-2023-37504 | HCL Compass is vulnerable to failure to invalidate sessions. The application does not invalidate authenticated sessions when the log out functionality is called. If the session identifier can be discovered, it could be replayed to the application and used to impersonate the user.\n | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-37504 |
CVE-2023-5336 | The iPanorama 360 – WordPress Virtual Tour Builder plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 1.8.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5336 |
CVE-2023-25753 | \nThere exists an SSRF (Server-Side Request Forgery) vulnerability located at the /sandbox/proxyGateway endpoint. This vulnerability allows us to manipulate arbitrary requests and retrieve corresponding responses by inputting any URL into the requestUrl parameter.\n\nOf particular concern is our ability to exert control over the HTTP method, cookies, IP address, and headers. This effectively grants us the capability to dispatch complete HTTP requests to hosts of our choosing.\n\nThis issue affects Apache ShenYu: 2.5.1.\n\nUpgrade to Apache ShenYu 2.6.0 or apply patch https://github.com/apache/shenyu/pull/4776 .\n\n | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-25753 |
CVE-2023-31046 | A Path Traversal vulnerability exists in PaperCut NG before 22.1.1 and PaperCut MF before 22.1.1. Under specific conditions, this could potentially allow an authenticated attacker to achieve read-only access to the server's filesystem, because requests beginning with "GET /ui/static/..//.." reach getStaticContent in UIContentResource.class in the static-content-files servlet. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-31046 |
CVE-2023-5654 | The React Developer Tools extension registers a message listener with window.addEventListener('message', <listener>) in a content script that is accessible to any webpage that is active in the browser. Within the listener is code that requests a URL derived from the received message via fetch(). The URL is not validated or sanitised before it is fetched, thus allowing a malicious web page to arbitrarily fetch URL’s via the victim's browser. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5654 |
CVE-2023-41088 | \n\n\n\n\n\n\n\n\n\n\nThe affected product is vulnerable to a cleartext transmission of sensitive information vulnerability, which may allow an attacker with access to the network, where clients have access to the DexGate server, could capture traffic. The attacker can later us the information within it to access the application.\n\n\n\n\n\n\n\n\n\n\n\n | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-41088 |
CVE-2023-45820 | Directus is a real-time API and App dashboard for managing SQL database content. In affected versions any Directus installation that has websockets enabled can be crashed if the websocket server receives an invalid frame. A malicious user could leverage this bug to crash Directus. This issue has been addressed in version 10.6.2. Users are advised to upgrade. Users unable to upgrade should avoid using websockets. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-45820 |
CVE-2023-45826 | Leantime is an open source project management system. A 'userId' variable in `app/domain/files/repositories/class.files.php` is not parameterized. An authenticated attacker can send a carefully crafted POST request to `/api/jsonrpc` to exploit an SQL injection vulnerability. Confidentiality is impacted as it allows for dumping information from the database. This issue has been addressed in version 2.4-beta-4. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-45826 |
CVE-2023-4274 | The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 0.9.89. This allows authenticated attackers with administrative privileges to delete the contents of arbitrary directories on the server, which can be a critical issue in a shared environments. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-4274 |
CVE-2023-4598 | The Slimstat Analytics plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 5.0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-4598 |
CVE-2023-5070 | The Social Media Share Buttons & Social Sharing Icons plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.8.5 via the sfsi_save_export function. This can allow subscribers to export plugin settings that include social media authentication tokens and secrets as well as app passwords. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5070 |
CVE-2023-44256 | A server-side request forgery vulnerability [CWE-918] in Fortinet FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 and FortiManager version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 allows a remote attacker with low privileges to view sensitive data from internal servers or perform a local port scan via a crafted HTTP request. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-44256 |
CVE-2023-44483 | All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.\n | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-44483 |
CVE-2023-38735 | IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a victim to a phishing site. IBM X-Force ID: 262482. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-38735 |
CVE-2021-46897 | views.py in Wagtail CRX CodeRed Extensions (formerly CodeRed CMS or coderedcms) before 0.22.3 allows upward protected/..%2f..%2f path traversal when serving protected media. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-46897 |
CVE-2023-28803 | An authentication bypass by spoofing of a device with a synthetic IP address is possible in Zscaler Client Connector on Windows, allowing a functionality bypass. This issue affects Client Connector: before 3.9.\n\n | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28803 |
CVE-2023-43067 | \nDell Unity prior to 5.3 contains an XML External Entity injection vulnerability. An XXE attack could potentially exploit this vulnerability disclosing local files in the file system.\n\n | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43067 |
CVE-2022-38485 | A directory traversal vulnerability exists in the AgeVolt Portal prior to version 0.1 that leads to Information Disclosure. A remote authenticated attacker could leverage this vulnerability to read files from any location on the target operating system with web server privileges. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-38485 |
CVE-2023-27261 | Missing authentication in the DeleteAssignments method in IDAttend’s IDWeb application 3.1.052 and earlier allows deletion of data by unauthenticated attackers. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-27261 |
CVE-2023-37911 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 9.4-rc-1 and prior to versions 14.10.8 and 15.3-rc-1, when a document has been deleted and re-created, it is possible for users with view right on the re-created document but not on the deleted document to view the contents of the deleted document. Such a situation might arise when rights were added to the deleted document. This can be exploited through the diff feature and, partially, through the REST API by using versions such as `deleted:1` (where the number counts the deletions in the wiki and is thus guessable). Given sufficient rights, the attacker can also re-create the deleted document, thus extending the scope to any deleted document as long as the attacker has edit right in the location of the deleted document. This vulnerability has been patched in XWiki 14.10.8 and 15.3 RC1 by properly checking rights when deleted revisions of a document are accessed. The only workaround is to regularly clean deleted documents to minimize the potential exposure. Extra care should be taken when deleting sensitive documents that are protected individually (and not, e.g., by being placed in a protected space) or deleting a protected space as a whole. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-37911 |
CVE-2023-39231 | PingFederate using the PingOne MFA adapter allows a new MFA device to be paired without requiring second factor authentication from an existing registered device. A threat actor may be able to exploit this vulnerability to register their own MFA device if they have knowledge of a victim user's first factor credentials. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-39231 |
CVE-2023-43281 | Double Free vulnerability in Nothings Stb Image.h v.2.28 allows a remote attacker to cause a denial of service via a crafted file to the stbi_load_gif_main function. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43281 |
CVE-2023-31130 | c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1.\n | 6.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-31130 |
CVE-2019-10359 | A cross-site request forgery vulnerability in Jenkins Maven Release Plugin 0.14.0 and earlier in the M2ReleaseAction#doSubmit method allowed attackers to perform releases with attacker-specified options. | 6.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-10359 |
CVE-2023-36671 | An issue was discovered in the Clario VPN client through 5.9.1.1662 for macOS. The VPN client insecurely configures the operating system such that all IP traffic to the VPN server's IP address is sent in plaintext outside the VPN tunnel even if this traffic is not generated by the VPN client. This allows an adversary to trick the victim into sending plaintext traffic to the VPN server's IP address and thereby deanonymize the victim. NOTE: the tunnelcrack.mathyvanhoef.com website uses this CVE ID to refer more generally to "ServerIP attack for only traffic to the real IP address of the VPN server" rather than to only Clario. | 6.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-36671 |
CVE-2023-45821 | Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which the `registryIsDockerHub` function was only checking that the registry domain had the `docker.io` suffix. Artifact Hub allows providing some Docker credentials that are used to increase the rate limit applied when interacting with the Docker Hub registry API to read publicly available content. Due to the incorrect check described above, it'd be possible to hijack those credentials by purchasing a domain which ends with `docker.io` and deploying a fake OCI registry on it. <https://artifacthub.io/> uses some credentials that only have permissions to read public content available in the Docker Hub. However, even though credentials for private repositories (disabled on `artifacthub.io`) are handled in a different way, other Artifact Hub deployments could have been using them for a different purpose. This issue has been resolved in version `1.16.0`. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 6.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-45821 |
CVE-2021-4335 | The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized access to data and modification of plugin settings due to a missing capability check on multiple AJAX functions in versions up to, and including, 4.6.9. This makes it possible for authenticated attackers with subscriber-level permissions to modify plugin settings, including retrieving arbitrary order information or creating/updating/deleting products, orders, or other sensitive information not associated with their own account. | 6.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-4335 |
CVE-2019-1003023 | A cross-site scripting vulnerability exists in Jenkins Warnings Next Generation Plugin 1.0.1 and earlier in src/main/java/io/jenkins/plugins/analysis/core/model/DetailsTableModel.java, src/main/java/io/jenkins/plugins/analysis/core/model/SourceDetail.java, src/main/java/io/jenkins/plugins/analysis/core/model/SourcePrinter.java, src/main/java/io/jenkins/plugins/analysis/core/util/Sanitizer.java, src/main/java/io/jenkins/plugins/analysis/warnings/DuplicateCodeScanner.java that allows attackers with the ability to control warnings parser input to have Jenkins render arbitrary HTML. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003023 |
CVE-2019-10336 | A reflected cross site scripting vulnerability in Jenkins ElectricFlow Plugin 1.1.6 and earlier allowed attackers able to control the output of the ElectricFlow API to inject arbitrary HTML and JavaScript in job configuration forms containing post-build steps provided by this plugin. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-10336 |
CVE-2019-10346 | A reflected cross site scripting vulnerability in Jenkins Embeddable Build Status Plugin 2.0.1 and earlier allowed attackers inject arbitrary HTML and JavaScript into the response of this plugin. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-10346 |
CVE-2019-10372 | An open redirect vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows attackers to redirect users to a URL outside Jenkins after successful login. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-10372 |
CVE-2019-10376 | A reflected cross-site scripting vulnerability in Jenkins Wall Display Plugin 0.6.34 and earlier allows attackers to inject arbitrary HTML and JavaScript into web pages provided by this plugin. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-10376 |
CVE-2016-10893 | The crayon-syntax-highlighter plugin before 2.8.4 for WordPress has multiple XSS issues via AJAX requests. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2016-10893 |
CVE-2019-10475 | A reflected cross-site scripting vulnerability in Jenkins build-metrics Plugin allows attackers to inject arbitrary HTML and JavaScript into web pages provided by this plugin. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-10475 |
CVE-2020-2096 | Jenkins Gitlab Hook Plugin 1.4.2 and earlier does not escape project names in the build_now endpoint, resulting in a reflected XSS vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-2096 |
CVE-2020-2140 | Jenkins Audit Trail Plugin 3.2 and earlier does not escape the error message for the URL Patterns field form validation, resulting in a reflected cross-site scripting vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-2140 |
CVE-2020-2152 | Jenkins Subversion Release Manager Plugin 1.2 and earlier does not escape the error message for the Repository URL field form validation, resulting in a reflected cross-site scripting vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-2152 |
CVE-2020-2169 | A form validation endpoint in Jenkins Queue cleanup Plugin 1.3 and earlier does not properly escape a query parameter displayed in an error message, resulting in a reflected XSS vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-2169 |
CVE-2020-2174 | Jenkins AWSEB Deployment Plugin 0.3.19 and earlier does not escape various values printed as part of form validation output, resulting in a reflected cross-site scripting vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-2174 |
CVE-2020-2199 | Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier does not escape the error message for the repository URL field form validation, resulting in a reflected cross-site scripting vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-2199 |
CVE-2020-2206 | Jenkins VncRecorder Plugin 1.25 and earlier does not escape a parameter value in the checkVncServ form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-2206 |
CVE-2020-2207 | Jenkins VncViewer Plugin 1.7 and earlier does not escape a parameter value in the checkVncServ form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-2207 |
CVE-2020-2217 | Jenkins Compatibility Action Storage Plugin 1.0 and earlier does not escape the content coming from the MongoDB in the testConnection form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-2217 |
CVE-2020-2248 | Jenkins JSGames Plugin 0.2 and earlier evaluates part of a URL as code, resulting in a reflected cross-site scripting (XSS) vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-2248 |
CVE-2021-21610 | Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not implement any restrictions for the URL rendering a formatted preview of markup passed as a query parameter, resulting in a reflected cross-site scripting (XSS) vulnerability if the configured markup formatter does not prohibit unsafe elements (JavaScript) in markup. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-21610 |
CVE-2021-21613 | Jenkins TICS Plugin 2020.3.0.6 and earlier does not escape TICS service responses, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to control TICS service response content. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-21613 |
CVE-2021-21648 | Jenkins Credentials Plugin 2.3.18 and earlier does not escape user-controlled information on a view it provides, resulting in a reflected cross-site scripting (XSS) vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-21648 |
CVE-2021-21666 | Jenkins Kiuwan Plugin 1.6.0 and earlier does not escape query parameters in an error message for a form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-21666 |
CVE-2021-21673 | Jenkins CAS Plugin 1.6.0 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-21673 |
CVE-2021-21684 | Jenkins Git Plugin 4.8.2 and earlier does not escape the Git SHA-1 checksum parameters provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting (XSS) vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-21684 |
CVE-2022-24227 | A cross-site scripting (XSS) vulnerability in BoltWire v7.10 and v 8.00 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the name and lastname parameters. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-24227 |
CVE-2022-25321 | An issue was discovered in Cerebrate through 1.4. XSS could occur in the bookmarks component. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-25321 |
CVE-2022-29533 | An issue was discovered in MISP before 2.4.158. There is XSS in app/Controller/OrganisationsController.php in a situation with a "weird single checkbox page." | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-29533 |
CVE-2022-34170 | In Jenkins 2.320 through 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive) the help icon does not escape the feature name that is part of its tooltip, effectively undoing the fix for SECURITY-1955, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-34170 |
CVE-2022-34171 | In Jenkins 2.321 through 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive) the HTML output generated for new symbol-based SVG icons includes the 'title' attribute of 'l:ionicon' (until Jenkins 2.334) and 'alt' attribute of 'l:icon' (since Jenkins 2.335) without further escaping, resulting in a cross-site scripting (XSS) vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-34171 |
CVE-2022-34172 | In Jenkins 2.340 through 2.355 (both inclusive) symbol-based icons unescape previously escaped values of 'tooltip' parameters, resulting in a cross-site scripting (XSS) vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-34172 |
CVE-2022-34173 | In Jenkins 2.340 through 2.355 (both inclusive) the tooltip of the build button in list views supports HTML without escaping the job display name, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-34173 |
CVE-2022-34178 | Jenkins Embeddable Build Status Plugin 2.0.3 allows specifying a 'link' query parameter that build status badges will link to, without restricting possible values, resulting in a reflected cross-site scripting (XSS) vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-34178 |
CVE-2022-34182 | Jenkins Nested View Plugin 1.20 through 1.25 (both inclusive) does not escape search parameters, resulting in a reflected cross-site scripting (XSS) vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-34182 |
CVE-2022-34133 | Benjamin BALET Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Comment parameter at application/controllers/Leaves.php. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-34133 |
CVE-2022-36922 | Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not escape the search query parameter displayed on the 'search' result page, resulting in a reflected cross-site scripting (XSS) vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-36922 |
CVE-2022-2518 | The Stockists Manager for Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.2.1. This is due to missing nonce validation on the stockist_settings_main() function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-2518 |
CVE-2022-39020 | \nMultiple instances of XSS (stored and reflected) was found in the application. For example, features such as student assessment submission, file upload, news, ePortfolio and calendar event creation were found to be vulnerable to cross-site scripting.\n\n | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-39020 |
CVE-2022-40290 | \nThe application was vulnerable to an unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability in the barcode generation functionality, allowing attackers to generate an unsafe link that could compromise users.\n\n | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-40290 |
CVE-2022-33322 | Cross-site scripting vulnerability in Mitsubishi Electric consumer electronics products (Air Conditioning, Wi-Fi Interface, Refrigerator, HEMS adapter, Remote control with Wi-Fi Interface, BATHROOM THERMO VENTILATOR, Rice cooker, Mitsubishi Electric HEMS control adapter, Energy Recovery Ventilator, Smart Switch and Air Purifier) allows a remote unauthenticated attacker to execute an malicious script on a user's browser to disclose information, etc. The wide range of models/versions of Mitsubishi Electric consumer electronics products are affected by this vulnerability. As for the affected product models/versions, see the Mitsubishi Electric's advisory which is listed in [References] section.\n\n | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-33322 |
CVE-2022-39181 | \nGLPI - Reports plugin for GLPI Reflected Cross-Site-Scripting (RXSS).\nType 1: Reflected XSS (or Non-Persistent) - The server reads data directly from the HTTP request and reflects it back in\nthe HTTP response. Reflected XSS exploits occur when an attacker causes a victim to supply dangerous content to a\nvulnerable web application, which is then reflected back to the victim and executed by the web browser. The most\ncommon mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or emailed directly to the victim. URLs constructed in this manner constitute the core of many phishing schemes, whereby\nan attacker convinces a victim to visit a URL that refers to a vulnerable site. After the site reflects the attacker's content\nback to the victim, the content is executed by the victim's browser. \n\n | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-39181 |
CVE-2022-47928 | In MISP before 2.4.167, there is XSS in the template file uploads in app/View/Templates/upload_file.ctp. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-47928 |
CVE-2022-4859 | A vulnerability, which was classified as problematic, has been found in Joget up to 7.0.33. This issue affects the function submitForm of the file wflow-core/src/main/java/org/joget/plugin/enterprise/UserProfileMenu.java of the component User Profile Menu. The manipulation of the argument firstName/lastName leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 7.0.34 is able to address this issue. The patch is named 9a77f508a2bf8cf661d588f37a4cc29ecaea4fc8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217055. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-4859 |
CVE-2019-25094 | A vulnerability, which was classified as problematic, was found in innologi appointments Extension up to 2.0.5 on TYPO3. This affects an unknown part of the component Appointment Handler. The manipulation of the argument formfield leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 2.0.6 is able to address this issue. The identifier of the patch is 986d3cb34e5e086c6f04e061f600ffc5837abe7f. It is recommended to upgrade the affected component. The identifier VDB-217353 was assigned to this vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-25094 |
CVE-2022-4875 | A vulnerability has been found in fossology and classified as problematic. This vulnerability affects unknown code. The manipulation of the argument sql/VarValue leads to cross site scripting. The attack can be initiated remotely. The patch is identified as 8e0eba001662c7eb35f045b70dd458a4643b4553. It is recommended to apply a patch to fix this issue. VDB-217426 is the identifier assigned to this vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-4875 |
CVE-2022-4876 | A vulnerability was found in Kaltura mwEmbed up to 2.96.rc1 and classified as problematic. This issue affects some unknown processing of the file includes/DefaultSettings.php. The manipulation of the argument HTTP_X_FORWARDED_HOST leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.96.rc2 is able to address this issue. The patch is named 13b8812ebc8c9fa034eed91ab35ba8423a528c0b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217427. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-4876 |
CVE-2019-25095 | A vulnerability, which was classified as problematic, was found in kakwa LdapCherry up to 0.x. Affected is an unknown function of the component URL Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.0.0 is able to address this issue. The patch is identified as 6f98076281e9452fdb1adcd1bcbb70a6f968ade9. It is recommended to upgrade the affected component. VDB-217434 is the identifier assigned to this vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-25095 |
CVE-2019-25096 | A vulnerability has been found in soerennb eXtplorer up to 2.1.12 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 2.1.13 is able to address this issue. The patch is named b8fcb888f4ff5e171c16797a4b075c6c6f50bf46. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217435. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-25096 |
CVE-2018-25064 | A vulnerability was found in OSM Lab show-me-the-way. It has been rated as problematic. This issue affects some unknown processing of the file js/site.js. The manipulation leads to cross site scripting. The attack may be initiated remotely. The patch is named 4bed3b34dcc01fe6661f39c0e5d2285b340f7cac. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217439. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2018-25064 |
CVE-2018-25065 | A vulnerability was found in Wikimedia mediawiki-extensions-I18nTags and classified as problematic. This issue affects some unknown processing of the file I18nTags_body.php of the component Unlike Parser. The manipulation leads to cross site scripting. The attack may be initiated remotely. The identifier of the patch is b4bc3cbbb099eab50cf2b544cf577116f1867b94. It is recommended to apply a patch to fix this issue. The identifier VDB-217445 was assigned to this vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2018-25065 |
CVE-2021-4309 | A vulnerability, which was classified as problematic, has been found in 01-Scripts 01ACP. This issue affects some unknown processing. The manipulation of the argument $_SERVER['SCRIPT_NAME'] leads to cross site scripting. The attack may be initiated remotely. The identifier of the patch is a16eb7da46ed22bc61067c212635394f2571d3c4. It is recommended to apply a patch to fix this issue. The identifier VDB-217649 was assigned to this vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-4309 |
CVE-2021-4310 | A vulnerability was found in 01-Scripts 01-Artikelsystem. It has been classified as problematic. Affected is an unknown function of the file 01article.php. The manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. It is possible to launch the attack remotely. The patch is identified as ae849b347a58c2cb1be38d04bbe56fc883d5d84a. It is recommended to apply a patch to fix this issue. VDB-217662 is the identifier assigned to this vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-4310 |
CVE-2018-25073 | A vulnerability has been found in Newcomer1989 TSN-Ranksystem up to 1.2.6 and classified as problematic. This vulnerability affects the function getlog of the file webinterface/bot.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.2.7 is able to address this issue. The patch is identified as b3a3cd8efe2cd3bd3c5b3b7abf2fe80dbee51b77. It is recommended to upgrade the affected component. VDB-218002 is the identifier assigned to this vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2018-25073 |
CVE-2023-24070 | app/View/AuthKeys/authkey_display.ctp in MISP through 2.4.167 has an XSS in authkey add via a Referer field. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-24070 |
CVE-2022-48118 | Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Acronym parameter. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-48118 |
CVE-2018-25080 | A vulnerability, which was classified as problematic, has been found in MobileDetect 2.8.31. This issue affects the function initLayoutType of the file examples/session_example.php of the component Example. The manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.8.32 is able to address this issue. The identifier of the patch is 31818a441b095bdc4838602dbb17b8377d1e5cce. It is recommended to upgrade the affected component. The identifier VDB-220061 was assigned to this vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2018-25080 |
CVE-2023-0748 | Open Redirect in GitHub repository btcpayserver/btcpayserver prior to 1.7.6.\n\n | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-0748 |
CVE-2023-22932 | In Splunk Enterprise 9.0 versions before 9.0.4, a View allows for Cross-Site Scripting (XSS) through the error message in a Base64-encoded image. The vulnerability affects instances with Splunk Web enabled. It does not affect Splunk Enterprise versions below 9.0. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-22932 |
CVE-2023-22933 | In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a View allows for Cross-Site Scripting (XSS) in an extensible mark-up language (XML) View through the ‘layoutPanel’ attribute in the ‘module’ tag’. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-22933 |
CVE-2020-36663 | A vulnerability, which was classified as problematic, was found in Artesãos SEOTools up to 0.17.1. This affects the function makeTag of the file OpenGraph.php. The manipulation of the argument value leads to open redirect. Upgrading to version 0.17.2 is able to address this issue. The patch is named ca27cd0edf917e0bc805227013859b8b5a1f01fb. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222231. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-36663 |
CVE-2020-36665 | A vulnerability was found in Artesãos SEOTools up to 0.17.1 and classified as critical. This issue affects the function eachValue of the file TwitterCards.php. The manipulation of the argument value leads to open redirect. Upgrading to version 0.17.2 is able to address this issue. The identifier of the patch is ca27cd0edf917e0bc805227013859b8b5a1f01fb. It is recommended to upgrade the affected component. The identifier VDB-222233 was assigned to this vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-36665 |
CVE-2023-28884 | In MISP 2.4.169, app/Lib/Tools/CustomPaginationTool.php allows XSS in the community index. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-28884 |
CVE-2018-25084 | A vulnerability, which was classified as problematic, has been found in Ping Identity Self-Service Account Manager 1.1.2. Affected by this issue is some unknown functionality of the file src/main/java/com/unboundid/webapp/ssam/SSAMController.java. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.1.3 is able to address this issue. The patch is identified as f64b10d63bb19ca2228b0c2d561a1a6e5a3bf251. It is recommended to upgrade the affected component. VDB-225362 is the identifier assigned to this vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2018-25084 |
CVE-2017-20183 | A vulnerability was found in External Media without Import Plugin up to 1.0.0 on WordPress. It has been declared as problematic. This vulnerability affects the function print_media_new_panel of the file external-media-without-import.php. The manipulation of the argument url/error/width/height/mime-type leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.0.1 is able to address this issue. The patch is identified as 9d2ecd159a6e2e3f710b4f1c28e2714f66502746. It is recommended to upgrade the affected component. VDB-227950 is the identifier assigned to this vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2017-20183 |
CVE-2023-29023 | \nA cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability.\n\n | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-29023 |
CVE-2018-25086 | A vulnerability was found in sea75300 FanPress CM up to 3.6.3. It has been classified as problematic. This affects the function getArticlesPreview of the file inc/controller/action/system/templatepreview.php of the component Template Preview. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 3.6.4 is able to address this issue. The patch is named c380d343c2107fcee55ab00eb8d189ce5e03369b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230235. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2018-25086 |
CVE-2023-3134 | The Forminator WordPress plugin before 1.24.4 does not properly escape values that are being reflected inside form fields that use pre-populated query parameters, which could lead to reflected XSS attacks. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-3134 |
CVE-2023-4111 | A vulnerability was found in PHP Jabbers Bus Reservation System 1.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument index/pickup_id leads to cross site scripting. The attack may be launched remotely. VDB-235958 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-4111 |
CVE-2023-38964 | Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting (XSS) vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-38964 |
CVE-2023-3042 | In dotCMS, versions mentioned, a flaw in the NormalizationFilter does not strip double slashes (//) from URLs, potentially enabling bypasses for XSS and access controls. An example affected URL is https://demo.dotcms.com//html/portlet/ext/files/edit_text_inc.jsp https://demo.dotcms.com//html/portlet/ext/files/edit_text_inc.jsp , which should return a 404 response but didn't. \n\nThe oversight in the default invalid URL character list can be viewed at the provided GitHub link https://github.com/dotCMS/core/blob/master/dotCMS/src/main/java/com/dotcms/filters/NormalizationFilter.java#L37 . \n\nTo mitigate, users can block URLs with double slashes at firewalls or utilize dotCMS config variables.\n\nSpecifically, they can use the DOT_URI_NORMALIZATION_FORBIDDEN_STRINGS environmental variable to add // to the list of invalid strings. \n\nAdditionally, the DOT_URI_NORMALIZATION_FORBIDDEN_REGEX variable offers more detailed control, for instance, to block //html.* URLs.\n\nFix Version:23.06+, LTS 22.03.7+, LTS 23.01.4+\n | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-3042 |
CVE-2023-5538 | The MpOperationLogs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the IP Request Headers in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-5538 |
CVE-2023-25476 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ezoic AmpedSense – AdSense Split Tester plugin <= 4.68 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-25476 |
CVE-2023-45054 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in AWESOME TOGI Product Category Tree plugin <= 2.5 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-45054 |
CVE-2023-45062 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Thomas Scholl canvasio3D Light plugin <= 2.4.6 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-45062 |
CVE-2023-45064 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Daisuke Takahashi(Extend Wings) OPcache Dashboard plugin <= 0.3.1 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-45064 |
CVE-2023-32087 | \nPega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with task creation\n\n\n\n\n\n | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-32087 |
CVE-2023-32088 | \nPega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with ad-hoc case creation\n\n\n\n\n\n | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-32088 |
CVE-2023-32089 | \nPega Platform versions 8.1 to 8.8.2 are affected by an XSS issue with Pin description\n\n\n\n\n\n | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-32089 |
CVE-2023-45065 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Mad Fish Digital Bulk NoIndex & NoFollow Toolkit plugin <= 1.42 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-45065 |
CVE-2023-45070 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 10Web Form Builder Team Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin <= 1.15.18 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-45070 |
CVE-2023-45071 | Unauth. Stored Cross-Site Scripting (XSS) vulnerability in 10Web Form Builder Team Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin <= 1.15.18 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-45071 |
CVE-2023-30781 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Theme Blvd Tweeple plugin <= 0.9.5 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-30781 |
CVE-2023-45602 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Shopfiles Ltd Ebook Store plugin <= 5.785 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-45602 |
CVE-2023-45630 | Unauth. Stored Cross-Site Scripting (XSS) vulnerability in wpdevart Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-45630 |
CVE-2023-45632 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WebDorado SpiderVPlayer plugin <= 1.5.22 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-45632 |
CVE-2023-45958 | Thirty Bees Core v1.4.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the backup_pagination parameter at /controller/AdminController.php. This vulnerability allows attackers to execute arbitrary JavaScript in the web browser of a user via a crafted payload. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-45958 |
CVE-2023-45909 | zzzcms v2.2.0 was discovered to contain an open redirect vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-45909 |
CVE-2023-45281 | An issue in Yamcs 5.8.6 allows attackers to obtain the session cookie via upload of crafted HTML file. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-45281 |
CVE-2023-40153 | \nThe affected product is vulnerable to a cross-site scripting vulnerability, which could allow an attacker to access the web application to introduce arbitrary Java Script by injecting an XSS payload into the 'hostname' parameter of the vulnerable software.\n\n | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-40153 |
CVE-2023-43341 | Cross-site scripting (XSS) vulnerability in evolution evo v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected uid parameter. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-43341 |
CVE-2023-43875 | Multiple Cross-Site Scripting (XSS) vulnerabilities in installation of Subrion CMS v.4.2.1 allows a local attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost, dbname, dbuser, adminusername and adminemail. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-43875 |
CVE-2023-45818 | TinyMCE is an open source rich text editor. A mutation cross-site scripting (mXSS) vulnerability was discovered in TinyMCE’s core undo and redo functionality. When a carefully-crafted HTML snippet passes the XSS sanitisation layer, it is manipulated as a string by internal trimming functions before being stored in the undo stack. If the HTML snippet is restored from the undo stack, the combination of the string manipulation and reparative parsing by either the browser's native [DOMParser API](https://developer.mozilla.org/en-US/docs/Web/API/DOMParser) (TinyMCE 6) or the SaxParser API (TinyMCE 5) mutates the HTML maliciously, allowing an XSS payload to be executed. This vulnerability has been patched in TinyMCE 5.10.8 and TinyMCE 6.7.1 by ensuring HTML is trimmed using node-level manipulation instead of string manipulation. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-45818 |
CVE-2023-45819 | TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s Notification Manager API. The vulnerability exploits TinyMCE's unfiltered notification system, which is used in error handling. The conditions for this exploit requires carefully crafted malicious content to have been inserted into the editor and a notification to have been triggered. When a notification was opened, the HTML within the text argument was displayed unfiltered in the notification. The vulnerability allowed arbitrary JavaScript execution when an notification presented in the TinyMCE UI for the current user. This issue could also be exploited by any integration which uses a TinyMCE notification to display unfiltered HTML content. This vulnerability has been patched in TinyMCE 5.10.8 and TinyMCE 6.7.1 by ensuring that the HTML displayed in the notification is sanitized, preventing the exploit. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-45819 |
CVE-2022-4712 | The WP Cerber Security plugin for WordPress is vulnerable to stored cross-site scripting via the log parameter when logging in to the site in versions up to, and including, 9.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-4712 |
CVE-2023-46287 | XSS exists in NagVis before 1.9.38 via the select function in share/server/core/functions/html.php. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-46287 |
CVE-2023-3933 | The Your Journey theme for WordPress is vulnerable to Reflected Cross-Site Scripting via prototype pollution in versions up to, and including, 1.9.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-3933 |
CVE-2023-3962 | The Winters theme for WordPress is vulnerable to Reflected Cross-Site Scripting via prototype pollution in versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-3962 |
CVE-2023-3965 | The nsc theme for WordPress is vulnerable to Reflected Cross-Site Scripting via prototype pollution in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-3965 |
CVE-2023-38191 | An issue was discovered in SuperWebMailer 9.00.0.01710. It allows spamtest_external.php XSS via a crafted filename. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-38191 |
CVE-2023-38192 | An issue was discovered in SuperWebMailer 9.00.0.01710. It allows superadmincreate.php XSS via crafted incorrect passwords. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-38192 |
CVE-2023-38194 | An issue was discovered in SuperWebMailer 9.00.0.01710. It allows keepalive.php XSS via a GET parameter. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-38194 |
CVE-2023-4635 | The EventON plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-4635 |
CVE-2021-46898 | views/switch.py in django-grappelli (aka Django Grappelli) before 2.15.2 attempts to prevent external redirection with startswith("/") but this does not consider a protocol-relative URL (e.g., //example.com) attack. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-46898 |
CVE-2023-5694 | A vulnerability was found in CodeAstro Internet Banking System 1.0. It has been classified as problematic. Affected is an unknown function of the file pages_system_settings.php. The manipulation of the argument sys_name with the input <ScRiPt >alert(991)</ScRiPt> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243132. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-5694 |
CVE-2023-5695 | A vulnerability was found in CodeAstro Internet Banking System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file pages_reset_pwd.php. The manipulation of the argument email with the input testing%40example.com'%26%25<ScRiPt%20>alert(9860)</ScRiPt> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243133 was assigned to this vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-5695 |
CVE-2023-5696 | A vulnerability was found in CodeAstro Internet Banking System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file pages_transfer_money.php. The manipulation of the argument account_number with the input 357146928--><ScRiPt%20>alert(9206)</ScRiPt><!-- leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-243134 is the identifier assigned to this vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-5696 |
CVE-2023-5697 | A vulnerability classified as problematic has been found in CodeAstro Internet Banking System 1.0. This affects an unknown part of the file pages_withdraw_money.php. The manipulation of the argument account_number with the input 287359614--><ScRiPt%20>alert(1234)</ScRiPt><!-- leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243135. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-5697 |
CVE-2023-5698 | A vulnerability classified as problematic was found in CodeAstro Internet Banking System 1.0. This vulnerability affects unknown code of the file pages_deposit_money.php. The manipulation of the argument account_number with the input 421873905--><ScRiPt%20>alert(9523)</ScRiPt><!-- leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243136. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-5698 |
CVE-2023-5699 | A vulnerability, which was classified as problematic, has been found in CodeAstro Internet Banking System 1.0. This issue affects some unknown processing of the file pages_view_client.php. The manipulation of the argument acc_name with the input Johnnie Reyes'"()&%<zzz><ScRiPt >alert(5646)</ScRiPt> leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243137 was assigned to this vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-5699 |
CVE-2023-5701 | A vulnerability has been found in vnotex vnote up to 3.17.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Markdown File Handler. The manipulation with the input <xss onclick="alert(1)" style=display:block>Click here</xss> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243139. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-5701 |
CVE-2023-1356 | Reflected cross-site scripting in the StudentSearch component in IDAttend’s IDWeb application 3.1.052 and earlier allows hijacking of a user’s browsing session by attackers who have convinced the said user to click on a malicious link. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-1356 |
CVE-2023-34446 | iTop is an open source, web-based IT service management platform. Prior to versions 3.0.4 and 3.1.0, when displaying `pages/preferences.php`, cross site scripting is possible. This issue is fixed in versions 3.0.4 and 3.1.0.\n | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-34446 |
CVE-2023-34447 | iTop is an open source, web-based IT service management platform. Prior to versions 3.0.4 and 3.1.0, on `pages/UI.php`, cross site scripting is possible. This issue is fixed in versions 3.0.4 and 3.1.0. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-34447 |
CVE-2023-36085 | The sisqualWFM 7.1.319.103 thru 7.1.319.111 for Android, has a host header injection vulnerability in its "/sisqualIdentityServer/core/" endpoint. By modifying the HTTP Host header, an attacker can change webpage links and even redirect users to arbitrary or malicious locations. This can lead to phishing attacks, malware distribution, and unauthorized access to sensitive resources. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-36085 |
CVE-2023-3010 | Grafana is an open-source platform for monitoring and observability. \n\nThe WorldMap panel plugin, versions before 1.0.4 contains a DOM XSS vulnerability.\n\n | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-3010 |
CVE-2023-45634 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Biztechc Copy or Move Comments plugin <= 5.0.4 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-45634 |
CVE-2023-45637 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in EventPrime EventPrime – Events Calendar, Bookings and Tickets plugin <= 3.1.5 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-45637 |
CVE-2023-45750 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in POSIMYTH Nexter Extension plugin <= 2.0.3 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-45750 |
CVE-2023-45756 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Spider Teams ApplyOnline – Application Form Builder and Manager plugin <= 2.5.2 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-45756 |
CVE-2023-45761 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Joovii Sendle Shipping Plugin plugin <= 5.13 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-45761 |
CVE-2023-45769 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Alex Raven WP Report Post plugin <= 2.1.2 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-45769 |
CVE-2023-45770 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Fastwpspeed Fast WP Speed plugin <= 1.0.0 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-45770 |
CVE-2023-45772 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Scribit Proofreading plugin <= 1.0.11 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-45772 |
CVE-2023-46074 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Borbis Media FreshMail For WordPress plugin <= 2.3.2 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-46074 |
CVE-2023-46076 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RedNao WooCommerce PDF Invoice Builder, Create invoices, packing slips and more plugin <= 1.2.102 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-46076 |
CVE-2023-46077 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Arrow Plugins The Awesome Feed – Custom Feed plugin <= 2.2.5 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-46077 |
CVE-2023-46081 | Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Lavacode Lava Directory Manager plugin <= 1.1.34 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-46081 |
CVE-2023-5791 | A vulnerability, which was classified as problematic, was found in SourceCodester Sticky Notes App 1.0. This affects an unknown part of the file endpoint/add-note.php. The manipulation of the argument noteTitle/noteContent leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243597 was assigned to this vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-5791 |
CVE-2023-46208 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in StylemixThemes Motors – Car Dealer, Classifieds & Listing plugin <= 1.4.6 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-46208 |
CVE-2023-46209 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in G5Theme Grid Plus – Unlimited grid plugin <= 1.3.2 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-46209 |
CVE-2023-44484 | Online Blood Donation Management System v1.0 is vulnerable to multiple Store Cross-Site Scripting vulnerabilities. The 'firstName' parameter of the users/register.php resource is copied into the users/member.php document as plain text between tags. Any input is echoed unmodified in the users/member.php response.\n\n | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-44484 |
CVE-2023-44485 | Online Blood Donation Management System v1.0 is vulnerable to multiple Store Cross-Site Scripting vulnerabilities. The 'lastName' parameter of the users/register.php resource is copied into the users/member.php document as plain text between tags. Any input is echoed unmodified in the users/member.php response.\n\n | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-44485 |
CVE-2023-44486 | Online Blood Donation Management System v1.0 is vulnerable to multiple Store Cross-Site Scripting vulnerabilities. The 'address' parameter of the users/register.php resource is copied into the users/member.php document as plain text between tags. Any input is echoed unmodified in the users/member.php response.\n\n | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-44486 |
CVE-2023-5306 | Online Blood Donation Management System v1.0 is vulnerable to multiple Store Cross-Site Scripting vulnerabilities. The 'city' parameter of the users/register.php resource is copied into the users/member.php document as plain text between tags. Any input is echoed unmodified in the users/member.php response.\n\n | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-5306 |
CVE-2023-34044 | VMware Workstation( 17.x prior to 17.5) and Fusion(13.x prior to 13.5) contain an out-of-bounds \nread vulnerability that exists in the functionality for sharing host \nBluetooth devices with the virtual machine. A malicious actor with local administrative privileges on a virtual \nmachine may be able to read privileged information contained in \nhypervisor memory from a virtual machine. | 6 | https://nvd.nist.gov/vuln/detail/CVE-2023-34044 |
CVE-2019-1003019 | An session fixation vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm.java that allows unauthorized attackers to impersonate another user if they can control the pre-authentication session. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003019 |
CVE-2019-10314 | Jenkins Koji Plugin disables SSL/TLS and hostname verification globally for the Jenkins master JVM. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2019-10314 |
CVE-2019-10317 | Jenkins SiteMonitor Plugin 0.5 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2019-10317 |
CVE-2019-16546 | Jenkins Google Compute Engine Plugin 4.1.1 and earlier does not verify SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2019-16546 |
CVE-2020-28972 | In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2020-28972 |
CVE-2023-21967 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-21967 |
CVE-2023-29025 | \nA cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product \n\nthat could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.\n\n\n\n | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-29025 |
CVE-2020-22217 | Buffer overflow vulnerability in c-ares before 1_16_1 thru 1_17_0 via function ares_parse_soa_reply in ares_parse_soa_reply.c. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2020-22217 |
CVE-2023-4806 | A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-4806 |
CVE-2022-24400 | A flaw in the TETRA authentication procecure allows a MITM adversary that can predict the MS challenge RAND2 to set session key DCK to zero. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2022-24400 |
CVE-2023-31580 | light-oauth2 before version 2.1.27 obtains the public key without any verification. This could allow attackers to authenticate to the application with a crafted JWT token. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-31580 |
CVE-2020-2100 | Jenkins 2.218 and earlier, LTS 2.204.1 and earlier was vulnerable to a UDP amplification reflection denial of service attack on port 33848. | 5.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2100 |
CVE-2022-34212 | A missing permission check in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request to an attacker-specified URL. | 5.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-34212 |
CVE-2022-41231 | Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers with Item/Configure permission to create or replace any config.xml file on the Jenkins controller file system by providing a crafted file name to an API endpoint. | 5.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-41231 |
CVE-2023-22940 | In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, aliases of the ‘collect’ search processing language (SPL) command, including ‘summaryindex’, ‘sumindex’, ‘stash’,’ mcollect’, and ‘meventcollect’, were not designated as safeguarded commands. The commands could potentially allow for the exposing of data to a summary index that unprivileged users could access. The vulnerability requires a higher privileged user to initiate a request within their browser, and only affects instances with Splunk Web enabled. | 5.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-22940 |
CVE-2023-35838 | The WireGuard client 0.5.3 on Windows insecurely configures the operating system and firewall such that traffic to a local network that uses non-RFC1918 IP addresses is blocked. This allows an adversary to trick the victim into blocking IP traffic to selected IP addresses and services even while the VPN is enabled. NOTE: the tunnelcrack.mathyvanhoef.com website uses this CVE ID to refer more generally to "LocalNet attack resulting in the blocking of traffic" rather than to only WireGuard. | 5.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-35838 |
CVE-2023-36672 | An issue was discovered in the Clario VPN client through 5.9.1.1662 for macOS. The VPN client insecurely configures the operating system such that traffic to the local network is sent in plaintext outside the VPN tunnel even if the local network is using a non-RFC1918 IP subnet. This allows an adversary to trick the victim into sending arbitrary IP traffic in plaintext outside the VPN tunnel. NOTE: the tunnelcrack.mathyvanhoef.com website uses this CVE ID to refer more generally to "LocalNet attack resulting in leakage of traffic in plaintext" rather than to only Clario. | 5.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-36672 |
CVE-2020-2185 | Jenkins Amazon EC2 Plugin 1.50.1 and earlier does not validate SSH host keys when connecting agents, enabling man-in-the-middle attacks. | 5.6 | https://nvd.nist.gov/vuln/detail/CVE-2020-2185 |
CVE-2020-2187 | Jenkins Amazon EC2 Plugin 1.50.1 and earlier unconditionally accepts self-signed certificates and does not perform hostname validation, enabling man-in-the-middle attacks. | 5.6 | https://nvd.nist.gov/vuln/detail/CVE-2020-2187 |
CVE-2019-10345 | Jenkins Configuration as Code Plugin 1.20 and earlier did not treat the proxy password as a secret to be masked when logging or encrypted for export. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10345 |
CVE-2019-10361 | Jenkins Maven Release Plugin 0.14.0 and earlier stored credentials unencrypted on the Jenkins master where they could be viewed by users with access to the master file system. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10361 |
CVE-2019-10364 | Jenkins Amazon EC2 Plugin 1.43 and earlier wrote the beginning of private keys to the Jenkins system log. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10364 |
CVE-2019-10367 | Due to an incomplete fix of CVE-2019-10343, Jenkins Configuration as Code Plugin 1.26 and earlier did not properly apply masking to some values expected to be hidden when logging the configuration being applied. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10367 |
CVE-2019-10398 | Jenkins Beaker Builder Plugin 1.9 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10398 |
CVE-2019-10419 | Jenkins vFabric Application Director Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10419 |
CVE-2019-10420 | Jenkins Assembla Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10420 |
CVE-2019-10423 | Jenkins CodeScan Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10423 |
CVE-2019-10424 | Jenkins elOyente Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10424 |
CVE-2019-10426 | Jenkins Gem Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10426 |
CVE-2019-10429 | Jenkins GitLab Logo Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10429 |
CVE-2019-10430 | Jenkins NeuVector Vulnerability Scanner Plugin 1.5 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10430 |
CVE-2019-16543 | Jenkins Spira Importer Plugin 3.2.2 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-16543 |
CVE-2019-16572 | Jenkins Weibo Plugin 1.0.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-16572 |
CVE-2020-2145 | Jenkins Zephyr Enterprise Test Management Plugin 1.9.1 and earlier stores its Zephyr password in plain text on the Jenkins master file system. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2145 |
CVE-2020-2154 | Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier stores its credentials in plain text in a global configuration file on the Jenkins master file system. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2154 |
CVE-2020-2274 | Jenkins ElasTest Plugin 1.2.1 and earlier stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2274 |
CVE-2020-2314 | Jenkins AppSpider Plugin 1.0.12 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-2314 |
CVE-2021-21612 | Jenkins TraceTronic ECU-TEST Plugin 2.23.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-21612 |
CVE-2021-21614 | Jenkins Bumblebee HP ALM Plugin 4.1.5 and earlier stores credentials unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-21614 |
CVE-2021-21681 | Jenkins Nomad Plugin 0.7.4 and earlier stores Docker passwords unencrypted in the global config.xml file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-21681 |
CVE-2022-20621 | Jenkins Metrics Plugin 4.0.2.8 and earlier stores an access key unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-20621 |
CVE-2022-0529 | A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-0529 |
CVE-2022-0530 | A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-0530 |
CVE-2022-27195 | Jenkins Parameterized Trigger Plugin 2.43 and earlier captures environment variables passed to builds triggered using Jenkins Parameterized Trigger Plugin, including password parameter values, in their `build.xml` files. These values are stored unencrypted and can be viewed by users with access to the Jenkins controller file system. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-27195 |
CVE-2022-45386 | Jenkins Violations Plugin 0.7.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-45386 |
CVE-2023-1638 | A vulnerability was found in IObit Malware Fighter 9.4.0.776. It has been rated as problematic. Affected by this issue is the function 0x8001E024/0x8001E040 in the library ImfRegistryFilter.sys of the component IOCTL Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-224018 is the identifier assigned to this vulnerability. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-1638 |
CVE-2023-1639 | A vulnerability classified as problematic has been found in IObit Malware Fighter 9.4.0.776. This affects the function 0x8001E04C in the library ImfRegistryFilter.sys of the component IOCTL Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224019. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-1639 |
CVE-2023-1640 | A vulnerability classified as problematic was found in IObit Malware Fighter 9.4.0.776. This vulnerability affects the function 0x222010 in the library ObCallbackProcess.sys of the component IOCTL Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224020. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-1640 |
CVE-2023-1641 | A vulnerability, which was classified as problematic, has been found in IObit Malware Fighter 9.4.0.776. This issue affects the function 0x222018 in the library ObCallbackProcess.sys of the component IOCTL Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier VDB-224021 was assigned to this vulnerability. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-1641 |
CVE-2023-1642 | A vulnerability, which was classified as problematic, was found in IObit Malware Fighter 9.4.0.776. Affected is the function 0x222034/0x222038/0x22203C/0x222040 in the library ObCallbackProcess.sys of the component IOCTL Handler. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. VDB-224022 is the identifier assigned to this vulnerability. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-1642 |
CVE-2023-1643 | A vulnerability has been found in IObit Malware Fighter 9.4.0.776 and classified as problematic. Affected by this vulnerability is the function 0x8001E000/0x8001E004/0x8001E018/0x8001E01C/0x8001E024/0x8001E040 in the library ImfHpRegFilter.sys of the component IOCTL Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224023. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-1643 |
CVE-2023-1644 | A vulnerability was found in IObit Malware Fighter 9.4.0.776 and classified as problematic. Affected by this issue is the function 0x8018E010 in the library IMFCameraProtect.sys of the component IOCTL Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224024. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-1644 |
CVE-2023-1645 | A vulnerability was found in IObit Malware Fighter 9.4.0.776. It has been classified as problematic. This affects the function 0x8018E008 in the library IMFCameraProtect.sys of the component IOCTL Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier VDB-224025 was assigned to this vulnerability. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-1645 |
CVE-2023-21929 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21929 |
CVE-2023-30774 | A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-30774 |
CVE-2023-4132 | A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs during device initialization when the siano device is plugged in. This flaw allows a local user to crash the system, causing a denial of service condition. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-4132 |
CVE-2023-4194 | A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized access to some resources. The original patches fixing CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits - a096ccca6e50 ("tun: tun_chr_open(): correctly initialize socket uid"), - 66b2c338adce ("tap: tap_open(): correctly initialize socket uid"), pass "inode->i_uid" to sock_init_data_uid() as the last parameter and that turns out to not be accurate. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-4194 |
CVE-2023-32611 | A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-32611 |
CVE-2023-4753 | OpenHarmony v3.2.1 and prior version has a system call function usage error. Local attackers can crash kernel by the error input. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-4753 |
CVE-2023-43782 | Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/.cadence-aloop-daemon.x Temporary File. The file is used even if it has been created by a local adversary before Cadence started. The adversary can then delete the file, disrupting Cadence. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43782 |
CVE-2023-43898 | Nothings stb 2.28 was discovered to contain a Null Pointer Dereference via the function stbi__convert_format. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted pic file. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43898 |
CVE-2023-45825 | ydb-go-sdk is a pure Go native and database/sql driver for the YDB platform. Since ydb-go-sdk v3.48.6 if you use a custom credentials object (implementation of interface Credentials it may leak into logs. This happens because this object could be serialized into an error message using `fmt.Errorf("something went wrong (credentials: %q)", credentials)` during connection to the YDB server. If such logging occurred, a malicious user with access to logs could read sensitive information (i.e. credentials) information and use it to get access to the database. ydb-go-sdk contains this problem in versions from v3.48.6 to v3.53.2. The fix for this problem has been released in version v3.53.3. Users are advised to upgrade. Users unable to upgrade should implement the `fmt.Stringer` interface in your custom credentials type with explicit stringify of object state. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-45825 |
CVE-2023-46115 | Tauri is a framework for building binaries for all major desktop platforms. This advisory is not describing a vulnerability in the Tauri code base itself but a commonly used misconfiguration which could lead to leaking of the private key and updater key password into bundled Tauri applications using the Vite frontend in a specific configuration. The Tauri documentation used an insecure example configuration in the `Vite guide` to showcase how to use Tauri together with Vite. Copying the following snippet `envPrefix: ['VITE_', 'TAURI_'],` from this guide into the `vite.config.ts` of a Tauri project leads to bundling the `TAURI_PRIVATE_KEY` and `TAURI_KEY_PASSWORD` into the Vite frontend code and therefore leaking this value to the released Tauri application. Using the `envPrefix: ['VITE_'],` or any other framework than Vite means you are not impacted by this advisory. Users are advised to rotate their updater private key if they are affected by this (requires Tauri CLI >=1.5.5). After updating the envPrefix configuration, generate a new private key with `tauri signer generate`, saving the new private key and updating the updater's `pubkey` value on `tauri.conf.json` with the new public key. To update your existing application, the next application build must be signed with the older private key in order to be accepted by the existing application. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-46115 |
CVE-2023-45663 | stb_image is a single file MIT licensed library for processing images. The stbi__getn function reads a specified number of bytes from context (typically a file) into the specified buffer. In case the file stream points to the end, it returns zero. There are two places where its return value is not checked: In the `stbi__hdr_load` function and in the `stbi__tga_load` function. The latter of the two is likely more exploitable as an attacker may also control the size of an uninitialized buffer. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-45663 |
CVE-2023-45680 | stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, the `f->comment_list` is set to `NULL`, but `f->comment_list_length` is not reset. Later in `vorbis_deinit` it tries to dereference the `NULL` pointer. This issue may lead to denial of service. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-45680 |
CVE-2021-26734 | Zscaler Client Connector Installer on Windows before version 3.4.0.124 improperly handled directory junctions during uninstallation. A local adversary may be able to delete folders in an elevated context.\n\n\n\n\n\n | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-26734 |
CVE-2023-46332 | WebAssembly wabt 1.0.33 contains an Out-of-Bound Memory Write in DataSegment::Drop(), which lead to segmentation fault. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-46332 |
CVE-2023-46331 | WebAssembly wabt 1.0.33 has an Out-of-Bound Memory Read in in DataSegment::IsValidRange(), which lead to segmentation fault. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-46331 |
CVE-2023-40121 | In appendEscapedSQLString of DatabaseUtils.java, there is a possible SQL injection due to unsafe deserialization. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40121 |
CVE-2023-40123 | In updateActionViews of PipMenuView.java, there is a possible bypass of a multi user security boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40123 |
CVE-2023-40133 | In multiple locations of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40133 |
CVE-2023-44323 | Adobe Acrobat for Edge version 118.0.2088.46 (and earlier) is affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-44323 |
CVE-2019-1003013 | An cross-site scripting vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/Export.java, blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/export/ExportConfig.java, blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/export/JSONDataWriter.java, blueocean-rest-impl/src/main/java/io/jenkins/blueocean/service/embedded/UserStatePreloader.java, blueocean-web/src/main/resources/io/jenkins/blueocean/PageStatePreloadDecorator/header.jelly that allows attackers with permission to edit a user's description in Jenkins to have Blue Ocean render arbitrary HTML when using it as that user. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003013 |
CVE-2019-1003042 | A cross site scripting vulnerability in Jenkins Lockable Resources Plugin 2.4 and earlier allows attackers able to control resource names to inject arbitrary JavaScript in web pages rendered by the plugin. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003042 |
CVE-2019-1003050 | The f:validateButton form control for the Jenkins UI did not properly escape job URLs in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, resulting in a cross-site scripting (XSS) vulnerability exploitable by users with the ability to control job names. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003050 |
CVE-2019-10325 | A cross-site scripting vulnerability in Jenkins Warnings NG Plugin 5.0.0 and earlier allowed attacker with Job/Configure permission to inject arbitrary JavaScript in build overview pages. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-10325 |
CVE-2019-10335 | A stored cross site scripting vulnerability in Jenkins ElectricFlow Plugin 1.1.5 and earlier allowed attackers able to configure jobs in Jenkins or control the output of the ElectricFlow API to inject arbitrary HTML and JavaScript in the plugin-provided output on build status pages. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-10335 |
CVE-2019-10349 | A stored cross site scripting vulnerability in Jenkins Dependency Graph Viewer Plugin 0.13 and earlier allowed attackers able to configure jobs in Jenkins to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-10349 |
CVE-2019-10360 | A stored cross site scripting vulnerability in Jenkins Maven Release Plugin 0.14.0 and earlier allowed attackers to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-10360 |
CVE-2019-10362 | Jenkins Configuration as Code Plugin 1.24 and earlier did not escape values resulting in variable interpolation during configuration import when exporting, allowing attackers with permission to change Jenkins system configuration to obtain the values of environment variables. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-10362 |
CVE-2019-10373 | A stored cross-site scripting vulnerability in Jenkins Build Pipeline Plugin 1.5.8 and earlier allows attackers able to edit the build pipeline description to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-10373 |
CVE-2019-10374 | A stored cross-site scripting vulnerability in Jenkins PegDown Formatter Plugin 1.3 and earlier allows attackers able to edit descriptions and other fields rendered using the configured markup formatter to insert links with the javascript scheme into the Jenkins UI. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-10374 |
CVE-2019-10395 | Jenkins Build Environment Plugin 1.6 and earlier did not escape variables shown on its views, resulting in a cross-site scripting vulnerability in Jenkins 2.145, 2.138.1, or older, exploitable by users able to change various job/build properties. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-10395 |
CVE-2019-10396 | Jenkins Dashboard View Plugin 2.11 and earlier did not escape build descriptions, resulting in a cross-site scripting vulnerability exploitable by users able to change build descriptions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-10396 |
CVE-2019-10401 | In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:expandableTextBox form control interpreted its content as HTML when expanded, resulting in a stored XSS vulnerability exploitable by users with permission to define its contents (typically Job/Configure). | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-10401 |
CVE-2019-10402 | In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:combobox form control interpreted its item labels as HTML, resulting in a stored XSS vulnerability exploitable by users with permission to define its contents. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-10402 |
CVE-2019-10403 | Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the SCM tag name on the tooltip for SCM tag actions, resulting in a stored XSS vulnerability exploitable by users able to control SCM tag names for these actions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-10403 |
CVE-2019-10404 | Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the reason why a queue items is blcoked in tooltips, resulting in a stored XSS vulnerability exploitable by users able to control parts of the reason a queue item is blocked, such as label expressions not matching any idle executors. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-10404 |
CVE-2019-10405 | Jenkins 2.196 and earlier, LTS 2.176.3 and earlier printed the value of the "Cookie" HTTP request header on the /whoAmI/ URL, allowing attackers exploiting another XSS vulnerability to obtain the HTTP session cookie despite it being marked HttpOnly. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-10405 |
CVE-2019-10410 | Jenkins Log Parser Plugin 2.0 and earlier did not escape an error message, resulting in a cross-site scripting vulnerability exploitable by users able to define log parsing rules. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-10410 |
CVE-2019-10432 | Jenkins HTML Publisher Plugin 1.20 and earlier did not escape the project and build display names in the HTML report frame, resulting in a cross-site scripting vulnerability exploitable by users able to change those. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-10432 |
CVE-2019-16552 | A missing permission check in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials, or determine the existence of a file with a given path on the Jenkins master. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-16552 |
CVE-2019-16559 | A missing permission check in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers with Overall/Read permission to perform connection tests and determine whether files with an attacker-specified path exist on the Jenkins master file system. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-16559 |
CVE-2019-16562 | Jenkins buildgraph-view Plugin 1.8 and earlier does not escape the description of builds shown in its view, resulting in a stored XSS vulnerability exploitable by users able to change build descriptions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-16562 |
CVE-2019-16563 | Jenkins Mission Control Plugin 0.9.16 and earlier does not escape job display names and build names shown on its view, resulting in a stored XSS vulnerability exploitable by attackers able to change these properties. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-16563 |
CVE-2019-16564 | Jenkins Pipeline Aggregator View Plugin 1.8 and earlier does not escape information shown on its view, resulting in a stored XSS vulnerability exploitable by attackers able to affects view content such as job display name or pipeline stage names. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-16564 |
CVE-2020-2103 | Jenkins 2.218 and earlier, LTS 2.204.1 and earlier exposed session identifiers on a user's detail object in the whoAmI diagnostic page. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2103 |
CVE-2020-2105 | REST API endpoints in Jenkins 2.218 and earlier, LTS 2.204.1 and earlier were vulnerable to clickjacking attacks. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2105 |
CVE-2020-2106 | Jenkins Code Coverage API Plugin 1.1.2 and earlier does not escape the filename of the coverage report used in its view, resulting in a stored XSS vulnerability exploitable by users able to change job configurations. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2106 |
CVE-2020-2111 | Jenkins Subversion Plugin 2.13.0 and earlier does not escape the error message for the Project Repository Base URL field form validation, resulting in a stored cross-site scripting vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2111 |
CVE-2020-2112 | Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the parameter name shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2112 |
CVE-2020-2113 | Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the default value shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2113 |
CVE-2020-2122 | Jenkins Brakeman Plugin 0.12 and earlier did not escape values received from parsed JSON files when rendering them, resulting in a stored cross-site scripting vulnerability exploitable by users able to control the Brakeman post-build step input data. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2122 |
CVE-2020-2136 | Jenkins Git Plugin 4.2.0 and earlier does not escape the error message for the repository URL for Microsoft TFS field form validation, resulting in a stored cross-site scripting vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2136 |
CVE-2020-2161 | Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not properly escape node labels that are shown in the form validation for label expressions on job configuration pages, resulting in a stored XSS vulnerability exploitable by users able to define node labels. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2161 |
CVE-2020-2162 | Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not set Content-Security-Policy headers for files uploaded as file parameters to a build, resulting in a stored XSS vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2162 |
CVE-2020-2163 | Jenkins 2.227 and earlier, LTS 2.204.5 and earlier improperly processes HTML content of list view column headers, resulting in a stored XSS vulnerability exploitable by users able to control column headers. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2163 |
CVE-2020-2170 | Jenkins RapidDeploy Plugin 4.2 and earlier does not escape package names in the table of packages obtained from a remote server, resulting in a stored XSS vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2170 |
CVE-2020-2173 | Jenkins Gatling Plugin 1.2.7 and earlier prevents Content-Security-Policy headers from being set for Gatling reports served by the plugin, resulting in an XSS vulnerability exploitable by users able to change report content. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2173 |
CVE-2020-2175 | Jenkins FitNesse Plugin 1.31 and earlier does not correctly escape report contents before showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users able to control the XML input files processed by the plugin. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2175 |
CVE-2020-2176 | Multiple form validation endpoints in Jenkins useMango Runner Plugin 1.4 and earlier do not escape values received from the useMango service, resulting in a cross-site scripting (XSS) vulnerability exploitable by users able to control the values returned from the useMango service. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2176 |
CVE-2020-2190 | Jenkins Script Security Plugin 1.72 and earlier does not correctly escape pending or approved classpath entries on the In-process Script Approval page, resulting in a stored cross-site scripting vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2190 |
CVE-2020-2193 | Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the parser identifier when rendering charts, resulting in a stored cross-site scripting vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2193 |
CVE-2020-2194 | Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the display name of the builds in the trend chart, resulting in a stored cross-site scripting vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2194 |
CVE-2020-2195 | Jenkins Compact Columns Plugin 1.11 and earlier displays the unprocessed job description in tooltips, resulting in a stored cross-site scripting vulnerability that can be exploited by users with Job/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2195 |
CVE-2020-2201 | Jenkins Sonargraph Integration Plugin 3.0.0 and earlier does not escape the file path for the Log file field form validation, resulting in a stored cross-site scripting vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2201 |
CVE-2020-2204 | A missing permission check in Jenkins Fortify on Demand Plugin 5.0.1 and earlier allows attackers with Overall/Read permission to connect to the globally configured Fortify on Demand endpoint using attacker-specified credentials IDs. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2204 |
CVE-2020-2214 | Jenkins ZAP Pipeline Plugin 1.9 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2214 |
CVE-2020-2219 | Jenkins Link Column Plugin 1.0 and earlier does not filter URLs of links created by users with View/Configure permission, resulting in a stored cross-site scripting vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2219 |
CVE-2020-2220 | Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the agent name in the build time trend page, resulting in a stored cross-site scripting vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2220 |
CVE-2020-2221 | Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the upstream job's display name shown as part of a build cause, resulting in a stored cross-site scripting vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2221 |
CVE-2020-2222 | Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the job name in the 'Keep this build forever' badge tooltip, resulting in a stored cross-site scripting vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2222 |
CVE-2020-2223 | Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape correctly the 'href' attribute of links to downstream jobs displayed in the build console page, resulting in a stored cross-site scripting vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2223 |
CVE-2020-2224 | Jenkins Matrix Project Plugin 1.16 and earlier does not escape the node names shown in tooltips on the overview page of builds with a single axis, resulting in a stored cross-site scripting vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2224 |
CVE-2020-2225 | Jenkins Matrix Project Plugin 1.16 and earlier does not escape the axis names shown in tooltips on the overview page of builds with multiple axes, resulting in a stored cross-site scripting vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2225 |
CVE-2020-2226 | Jenkins Matrix Authorization Strategy Plugin 2.6.1 and earlier does not escape user names shown in the configuration, resulting in a stored cross-site scripting vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2226 |
CVE-2020-2227 | Jenkins Deployer Framework Plugin 1.2 and earlier does not escape the URL displayed in the build home page, resulting in a stored cross-site scripting vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2227 |
CVE-2020-2229 | Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the tooltip content of help icons, resulting in a stored cross-site scripting (XSS) vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2229 |
CVE-2020-2230 | Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the project naming strategy description, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Overall/Manage permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2230 |
CVE-2020-2231 | Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the remote address of the host starting a build via 'Trigger builds remotely', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Job/Configure permission or knowledge of the Authentication Token. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2231 |
CVE-2020-2236 | Jenkins Yet Another Build Visualizer Plugin 1.11 and earlier does not escape tooltip content, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Run/Update permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2236 |
CVE-2020-2238 | Jenkins Git Parameter Plugin 0.9.12 and earlier does not escape the repository field on the 'Build with Parameters' page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2238 |
CVE-2020-2243 | Jenkins Cadence vManager Plugin 3.0.4 and earlier does not escape build descriptions in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2243 |
CVE-2020-2244 | Jenkins Build Failure Analyzer Plugin 1.27.0 and earlier does not escape matching text in a form validation response, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to provide console output for builds used to test build log indications. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2244 |
CVE-2020-2246 | Jenkins Valgrind Plugin 0.28 and earlier does not escape content in Valgrind XML reports, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control Valgrind XML report contents. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2246 |
CVE-2020-2256 | Jenkins Pipeline Maven Integration Plugin 3.9.2 and earlier does not escape the upstream job's display name shown as part of a build cause, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2256 |
CVE-2020-2257 | Jenkins Validating String Parameter Plugin 2.4 and earlier does not escape various user-controlled fields, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2257 |
CVE-2020-2259 | Jenkins computer-queue-plugin Plugin 1.5 and earlier does not escape the agent name in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2259 |
CVE-2020-2262 | Jenkins Android Lint Plugin 2.6 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide report files to the plugin's post-build step. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2262 |
CVE-2020-2263 | Jenkins Radiator View Plugin 1.29 and earlier does not escape the full name of the jobs in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2263 |
CVE-2020-2264 | Jenkins Custom Job Icon Plugin 0.2 and earlier does not escape the job descriptions in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2264 |
CVE-2020-2265 | Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does not escape the method information in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide report files to the plugin's post-build step. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2265 |
CVE-2020-2266 | Jenkins Description Column Plugin 1.3 and earlier does not escape the job description in the column tooltip, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2266 |
CVE-2020-2269 | Jenkins chosen-views-tabbar Plugin 1.2 and earlier does not escape view names in the dropdown to select views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with the ability to configure views. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2269 |
CVE-2020-2270 | Jenkins ClearCase Release Plugin 0.3 and earlier does not escape the composite baseline in badge tooltip, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2270 |
CVE-2020-2271 | Jenkins Locked Files Report Plugin 1.6 and earlier does not escape locked files' names in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2271 |
CVE-2020-2281 | A cross-site request forgery (CSRF) vulnerability in Jenkins Lockable Resources Plugin 2.8 and earlier allows attackers to reserve, unreserve, unlock, and reset resources. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2281 |
CVE-2020-2283 | Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not escape changeset contents, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users able to control changeset files evaluated by the plugin. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2283 |
CVE-2020-2289 | Jenkins Active Choices Plugin 2.4 and earlier does not escape the name and description of build parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2289 |
CVE-2020-2290 | Jenkins Active Choices Plugin 2.4 and earlier does not escape some return values of sandboxed scripts for Reactive Reference Parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2290 |
CVE-2020-2292 | Jenkins Release Plugin 2.10.2 and earlier does not escape the release version in badge tooltip, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Release/Release permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2292 |
CVE-2020-2316 | Jenkins Static Analysis Utilities Plugin 1.96 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2316 |
CVE-2020-2317 | Jenkins FindBugs Plugin 5.0.0 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide report files to Jenkins FindBugs Plugin's post build step. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-2317 |
CVE-2021-21603 | Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape notification bar response contents, resulting in a cross-site scripting (XSS) vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-21603 |
CVE-2021-21608 | Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape button labels in the Jenkins UI, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with the ability to control button labels. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-21608 |
CVE-2021-21611 | Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape display names and IDs of item types shown on the New Item page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to specify display names or IDs of item types. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-21611 |
CVE-2021-21618 | Jenkins Repository Connector Plugin 2.0.2 and earlier does not escape parameter names and descriptions for past builds, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-21618 |
CVE-2021-21619 | Jenkins Claim Plugin 2.18.1 and earlier does not escape the user display name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers who are able to control the display names of Jenkins users, either via the security realm, or directly inside Jenkins. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-21619 |
CVE-2021-21622 | Jenkins Artifact Repository Parameter Plugin 1.0.0 and earlier does not escape parameter names and descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-21622 |
CVE-2021-21628 | Jenkins Build With Parameters Plugin 1.5 and earlier does not escape parameter names and descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-21628 |
CVE-2021-21630 | Jenkins Extra Columns Plugin 1.22 and earlier does not escape parameter values in the build parameters column, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-21630 |
CVE-2021-21635 | Jenkins REST List Parameter Plugin 1.3.0 and earlier does not escape a parameter name reference in embedded JavaScript, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-21635 |
CVE-2021-21644 | A cross-site request forgery (CSRF) vulnerability in Jenkins Config File Provider Plugin 3.7.0 and earlier allows attackers to delete configuration files corresponding to an attacker-specified ID. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-21644 |
CVE-2021-21649 | Jenkins Dashboard View Plugin 2.15 and earlier does not escape URLs referenced in Image Dashboard Portlets, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-21649 |
CVE-2021-21660 | Jenkins Markdown Formatter Plugin 0.1.0 and earlier does not sanitize crafted link target URLs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with the ability to edit any description rendered using the configured markup formatter. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-21660 |
CVE-2021-21667 | Jenkins Scriptler Plugin 3.2 and earlier does not escape parameter names shown in job configuration forms, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Scriptler/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-21667 |
CVE-2021-21668 | Jenkins Scriptler Plugin 3.1 and earlier does not escape script content, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Scriptler/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-21668 |
CVE-2021-21699 | Jenkins Active Choices Plugin 2.5.6 and earlier does not escape the parameter name of reactive parameters and dynamic reference parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-21699 |
CVE-2021-21700 | Jenkins Scriptler Plugin 3.3 and earlier does not escape the name of scripts on the UI when asking to confirm their deletion, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by exploitable by attackers able to create Scriptler scripts. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-21700 |
CVE-2022-20615 | Jenkins Matrix Project Plugin 1.19 and earlier does not escape HTML metacharacters in node and label names, and label descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-20615 |
CVE-2022-23108 | Jenkins Badge Plugin 1.9 and earlier does not escape the description and does not check for allowed protocols when creating a badge, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-23108 |
CVE-2022-23115 | Cross-site request forgery (CSRF) vulnerabilities in Jenkins batch task Plugin 1.19 and earlier allows attackers with Overall/Read access to retrieve logs, build or delete a batch task. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-23115 |
CVE-2022-25185 | Jenkins Generic Webhook Trigger Plugin 1.81 and earlier does not escape the build cause when using the webhook, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-25185 |
CVE-2022-25189 | Jenkins Custom Checkbox Parameter Plugin 1.1 and earlier does not escape parameter names of custom checkbox parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-25189 |
CVE-2022-25191 | Jenkins Agent Server Parameter Plugin 1.0 and earlier does not escape parameter names of agent server parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-25191 |
CVE-2022-25196 | Jenkins GitLab Authentication Plugin 1.13 and earlier records the HTTP Referer header as part of the URL query parameters when the authentication process starts, allowing attackers with access to Jenkins to craft a URL that will redirect users to an attacker-specified URL after logging in. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-25196 |
CVE-2022-25203 | Jenkins Team Views Plugin 0.9.0 and earlier does not escape team names, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Read permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-25203 |
CVE-2022-25204 | Jenkins Doktor Plugin 0.4.1 and earlier implements functionality that allows agent processes to render files on the controller as Markdown or Asciidoc, and error messages allow attackers able to control agent processes to determine whether a file with a given name exists. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-25204 |
CVE-2022-27196 | Jenkins Favorite Plugin 2.4.0 and earlier does not escape the names of jobs in the favorite column, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure or Item/Create permissions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-27196 |
CVE-2022-27197 | Jenkins Dashboard View Plugin 2.18 and earlier does not perform URL validation for the Iframe Portlet's Iframe source URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure views. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-27197 |
CVE-2022-27202 | Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier does not escape the value and description of extended choice parameters of radio buttons or check boxes type, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-27202 |
CVE-2022-27212 | Jenkins List Git Branches Parameter Plugin 0.0.9 and earlier does not escape the name of the 'List Git branches (and more)' parameter, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-27212 |
CVE-2022-27213 | Jenkins Environment Dashboard Plugin 1.1.10 and earlier does not escape the Environment order and the Component order configuration values in its views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-27213 |
CVE-2022-28133 | Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not limit URL schemes for callback URLs on OAuth consumers, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create BitBucket Server consumers. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-28133 |
CVE-2022-28134 | Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to create, view, and delete BitBucket Server consumers. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-28134 |
CVE-2022-28145 | Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier does not apply Content-Security-Policy headers to report files it serves, resulting in a stored cross-site scripting (XSS) exploitable by attackers with Item/Configure permission or otherwise able to control report contents. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-28145 |
CVE-2022-28149 | Jenkins Job and Node ownership Plugin 0.13.0 and earlier does not escape the names of the secondary owners, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-28149 |
CVE-2022-28153 | Jenkins SiteMonitor Plugin 0.6 and earlier does not escape URLs of sites to monitor in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-28153 |
CVE-2022-28159 | Jenkins Tests Selector Plugin 1.3.3 and earlier does not escape the Properties File Path option for Choosing Tests parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-28159 |
CVE-2022-29036 | Jenkins Credentials Plugin 1111.v35a_307992395 and earlier, except 1087.1089.v2f1b_9a_b_040e4, 1074.1076.v39c30cecb_0e2, and 2.6.1.1, does not escape the name and description of Credentials parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-29036 |
CVE-2022-29037 | Jenkins CVS Plugin 2.19 and earlier does not escape the name and description of CVS Symbolic Name parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-29037 |
CVE-2022-29038 | Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier does not escape the name and description of Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-29038 |
CVE-2022-29039 | Jenkins Gerrit Trigger Plugin 2.35.2 and earlier does not escape the name and description of Base64 Encoded String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-29039 |
CVE-2022-29040 | Jenkins Git Parameter Plugin 0.9.15 and earlier does not escape the name and description of Git parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-29040 |
CVE-2022-29041 | Jenkins Jira Plugin 3.7 and earlier, except 3.6.1, does not escape the name and description of Jira Issue and Jira Release Version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-29041 |
CVE-2022-29042 | Jenkins Job Generator Plugin 1.22 and earlier does not escape the name and description of Generator Parameter and Generator Choice parameters on Job Generator jobs' Build With Parameters views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-29042 |
CVE-2022-29043 | Jenkins Mask Passwords Plugin 3.0 and earlier does not escape the name and description of Non-Stored Password parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-29043 |
CVE-2022-29044 | Jenkins Node and Label parameter Plugin 1.10.3 and earlier does not escape the name and description of Node and Label parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-29044 |
CVE-2022-29045 | Jenkins promoted builds Plugin 873.v6149db_d64130 and earlier, except 3.10.1, does not escape the name and description of Promoted Build parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-29045 |
CVE-2022-29046 | Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags (and more) parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-29046 |
CVE-2022-29049 | Jenkins promoted builds Plugin 873.v6149db_d64130 and earlier, except 3.10.1, does not validate the names of promotions defined in Job DSL, allowing attackers with Job/Configure permission to create a promotion with an unsafe name. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-29049 |
CVE-2022-29529 | An issue was discovered in MISP before 2.4.158. There is stored XSS via the LinOTP login field. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-29529 |
CVE-2022-29530 | An issue was discovered in MISP before 2.4.158. There is stored XSS in the galaxy clusters. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-29530 |
CVE-2022-29531 | An issue was discovered in MISP before 2.4.158. There is stored XSS in the event graph via a tag name. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-29531 |
CVE-2022-30956 | Jenkins Rundeck Plugin 3.6.10 and earlier does not restrict URL schemes in Rundeck webhook submissions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to submit crafted Rundeck webhook payloads. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-30956 |
CVE-2022-30960 | Jenkins Application Detector Plugin 1.0.8 and earlier does not escape the name of Chois Application Version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-30960 |
CVE-2022-30961 | Jenkins Autocomplete Parameter Plugin 1.1 and earlier does not escape the name of Dropdown Autocomplete and Auto Complete String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-30961 |
CVE-2022-30962 | Jenkins Global Variable String Parameter Plugin 1.2 and earlier does not escape the name and description of Global Variable String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-30962 |
CVE-2022-30963 | Jenkins JDK Parameter Plugin 1.0 and earlier does not escape the name and description of JDK parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-30963 |
CVE-2022-30964 | Jenkins Multiselect parameter Plugin 1.3 and earlier does not escape the name and description of Multiselect parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-30964 |
CVE-2022-30965 | Jenkins Promoted Builds (Simple) Plugin 1.9 and earlier does not escape the name and description of Promotion Level parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-30965 |
CVE-2022-30966 | Jenkins Random String Parameter Plugin 1.0 and earlier does not escape the name and description of Random String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-30966 |
CVE-2022-30967 | Jenkins Selection tasks Plugin 1.0 and earlier does not escape the name and description of Script Selection task variable parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-30967 |
CVE-2022-30968 | Jenkins vboxwrapper Plugin 1.3 and earlier does not escape the name and description of VBox node parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-30968 |
CVE-2022-30970 | Jenkins Autocomplete Parameter Plugin 1.1 and earlier references Dropdown Autocomplete parameter and Auto Complete String parameter names in an unsafe manner from Javascript embedded in view definitions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-30970 |
CVE-2022-34176 | Jenkins JUnit Plugin 1119.va_a_5e9068da_d7 and earlier does not escape descriptions of test results, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-34176 |
CVE-2022-34183 | Jenkins Agent Server Parameter Plugin 1.1 and earlier does not escape the name and description of Agent Server parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-34183 |
CVE-2022-34184 | Jenkins CRX Content Package Deployer Plugin 1.9 and earlier does not escape the name and description of CRX Content Package Choice parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-34184 |
CVE-2022-34185 | Jenkins Date Parameter Plugin 0.0.4 and earlier does not escape the name and description of Date parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-34185 |
CVE-2022-34186 | Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape the name and description of Moded Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-34186 |
CVE-2022-34187 | Jenkins Filesystem List Parameter Plugin 0.0.7 and earlier does not escape the name and description of File system objects list parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-34187 |
CVE-2022-34188 | Jenkins Hidden Parameter Plugin 0.0.4 and earlier does not escape the name and description of Hidden Parameter parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-34188 |
CVE-2022-34189 | Jenkins Image Tag Parameter Plugin 1.10 and earlier does not escape the name and description of Image Tag parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-34189 |
CVE-2022-34190 | Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.1 and earlier does not escape the name and description of List maven artifact versions parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-34190 |
CVE-2022-34191 | Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.77 and earlier does not escape the name of NetStorm Test parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-34191 |
CVE-2022-34192 | Jenkins ontrack Jenkins Plugin 4.0.0 and earlier does not escape the name of Ontrack: Multi Parameter choice, Ontrack: Parameter choice, and Ontrack: SingleParameter parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-34192 |
CVE-2022-34193 | Jenkins Package Version Plugin 1.0.1 and earlier does not escape the name of Package version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-34193 |
CVE-2022-34194 | Jenkins Readonly Parameter Plugin 1.0.0 and earlier does not escape the name and description of Readonly String and Readonly Text parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-34194 |
CVE-2022-34195 | Jenkins Repository Connector Plugin 2.2.0 and earlier does not escape the name and description of Maven Repository Artifact parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-34195 |
CVE-2022-34196 | Jenkins REST List Parameter Plugin 1.5.2 and earlier does not escape the name and description of REST list parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-34196 |
CVE-2022-34197 | Jenkins Sauce OnDemand Plugin 1.204 and earlier does not escape the name and description of Sauce Labs Browsers parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-34197 |
CVE-2022-34198 | Jenkins Stash Branch Parameter Plugin 0.3.0 and earlier does not escape the name and description of Stash Branch parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-34198 |
CVE-2022-34777 | Jenkins GitLab Plugin 1.5.34 and earlier does not escape multiple fields inserted into the description of webhook-triggered builds, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-34777 |
CVE-2022-34778 | Jenkins TestNG Results Plugin 554.va4a552116332 and earlier renders the unescaped test descriptions and exception messages provided in test results if certain job-level options are set, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs or control test results. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-34778 |
CVE-2022-34783 | Jenkins Plot Plugin 2.1.10 and earlier does not escape plot descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-34783 |
CVE-2022-34784 | Jenkins build-metrics Plugin 1.3 does not escape the build description on one of its views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Build/Update permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-34784 |
CVE-2022-34786 | Jenkins Rich Text Publisher Plugin 1.4 and earlier does not escape the HTML message set by its post-build step, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-34786 |
CVE-2022-34787 | Jenkins Project Inheritance Plugin 21.04.03 and earlier does not escape the reason a build is blocked in tooltips, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to control the reason a queue item is blocked. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-34787 |
CVE-2022-34788 | Jenkins Matrix Reloaded Plugin 1.1.3 and earlier does not escape the agent name in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-34788 |
CVE-2022-34790 | Jenkins eXtreme Feedback Panel Plugin 2.0.1 and earlier does not escape the job names used in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-34790 |
CVE-2022-34791 | Jenkins Validating Email Parameter Plugin 1.10 and earlier does not escape the name and description of its parameter type, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-34791 |
CVE-2022-34795 | Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not escape environment names on its Deployment Dashboard view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-34795 |
CVE-2022-36902 | Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape several fields of Moded Extended Choice parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-36902 |
CVE-2022-36905 | Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.2 and earlier does not perform URL validation for the Repository Base URL of List maven artifact versions parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-36905 |
CVE-2022-36910 | Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to reindex the database and to obtain information about jobs otherwise inaccessible to them. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-36910 |
CVE-2022-38664 | Jenkins Job Configuration History Plugin 1165.v8cc9fd1f4597 and earlier does not escape the job name on the System Configuration History page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure job names. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-38664 |
CVE-2022-41224 | Jenkins 2.367 through 2.369 (both inclusive) does not escape tooltips of the l:helpIcon UI component used for some help icons on the Jenkins web UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control tooltips for this component. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-41224 |
CVE-2022-41225 | Jenkins Anchore Container Image Scanner Plugin 1.0.24 and earlier does not escape content provided by the Anchore engine API, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control API responses by Anchore engine. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-41225 |
CVE-2022-41229 | Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.134 and earlier does not escape configuration options of the Execute NetStorm/NetCloud Test build step, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-41229 |
CVE-2022-41239 | Jenkins DotCi Plugin 2.40.00 and earlier does not escape the GitHub user name parameter provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting (XSS) vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-41239 |
CVE-2022-41240 | Jenkins Walti Plugin 1.0.1 and earlier does not escape the information provided by the Walti API, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide malicious API responses from Walti. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-41240 |
CVE-2022-41242 | A missing permission check in Jenkins extreme-feedback Plugin 1.7 and earlier allows attackers with Overall/Read permission to discover information about job names attached to lamps, discover MAC and IP addresses of existing lamps, and rename lamps. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-41242 |
CVE-2022-43409 | Jenkins Pipeline: Supporting APIs Plugin 838.va_3a_087b_4055b and earlier does not sanitize or properly encode URLs of hyperlinks sending POST requests in build logs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create Pipelines. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-43409 |
CVE-2022-43420 | Jenkins Contrast Continuous Application Security Plugin 3.9 and earlier does not escape data returned from the Contrast service when generating a report, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control or modify Contrast service API responses. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-43420 |
CVE-2022-43425 | Jenkins Custom Checkbox Parameter Plugin 1.4 and earlier does not escape the name and description of Custom Checkbox Parameter parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-43425 |
CVE-2022-39017 | \n\n\nImproper input validation and output encoding in all comments fields, in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to introduce cross-site scripting attacks via specially crafted comments.\n\n | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-39017 |
CVE-2022-45380 | Jenkins JUnit Plugin 1159.v0b_396e1e07dd and earlier converts HTTP(S) URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-45380 |
CVE-2022-45382 | Jenkins Naginator Plugin 1.18.1 and earlier does not escape display names of source builds in builds that were triggered via Retry action, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to edit build display names. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-45382 |
CVE-2022-45387 | Jenkins BART Plugin 1.0.3 and earlier does not escape the parsed content of build logs before rendering it on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-45387 |
CVE-2022-45401 | Jenkins Associated Files Plugin 0.2.1 and earlier does not escape names of associated files, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-45401 |
CVE-2023-0028 | Cross-site Scripting (XSS) - Stored in GitHub repository linagora/twake prior to 2023.Q1.1200+.\n\n | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-0028 |
CVE-2019-25093 | A vulnerability, which was classified as problematic, was found in dragonexpert Recent Threads on Index. Affected is the function recentthread_list_threads of the file inc/plugins/recentthreads/hooks.php of the component Setting Handler. The manipulation of the argument recentthread_forumskip leads to cross site scripting. It is possible to launch the attack remotely. The patch is identified as 051465d807a8fcc6a8b0f4bcbb19299672399f48. It is recommended to apply a patch to fix this issue. VDB-217182 is the identifier assigned to this vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-25093 |
CVE-2022-4881 | A vulnerability was found in CapsAdmin PAC3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file lua/pac3/core/shared/http.lua. The manipulation of the argument url leads to cross site scripting. The attack may be launched remotely. The patch is identified as 8fc9e12dfa21d757be6eb4194c763e848b299ac0. It is recommended to apply a patch to fix this issue. VDB-217646 is the identifier assigned to this vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-4881 |
CVE-2023-25761 | Jenkins JUnit Plugin 1166.va_436e268e972 and earlier does not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control test case class names in the JUnit resources processed by the plugin. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-25761 |
CVE-2023-25762 | Jenkins Pipeline: Build Step Plugin 2.18 and earlier does not escape job names in a JavaScript expression used in the Pipeline Snippet Generator, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control job names. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-25762 |
CVE-2023-25763 | Jenkins Email Extension Plugin 2.93 and earlier does not escape various fields included in bundled email templates, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control affected fields. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-25763 |
CVE-2023-25764 | Jenkins Email Extension Plugin 2.93 and earlier does not escape, sanitize, or sandbox rendered email template output or log output generated during template rendering, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create or change custom email templates. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-25764 |
CVE-2023-0879 | Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.12.\n\n | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-0879 |
CVE-2023-0377 | The Scriptless Social Sharing WordPress plugin before 3.2.2 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-0377 |
CVE-2023-2718 | The Contact Form Email WordPress plugin before 1.3.38 does not escape submitted values before displaying them in the HTML, leading to a Stored XSS vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-2718 |
CVE-2023-3575 | The Quiz And Survey Master WordPress plugin before 8.1.11 does not properly sanitize and escape question titles, which could allow users with the Contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-3575 |
CVE-2023-43191 | SpringbootCMS 1.0 foreground message can be embedded malicious code saved in the database. When users browse the comments, these malicious codes embedded in the HTML will be executed, and the user's browser will be controlled by the attacker, so as to achieve the special purpose of the attacker, such as cookie theft | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43191 |
CVE-2023-43872 | A File upload vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS). | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43872 |
CVE-2023-5496 | A vulnerability was found in Translator PoqDev Add-On 1.0.11 on Firefox. It has been rated as problematic. This issue affects some unknown processing of the component Select Text Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-241649 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5496 |
CVE-2023-22082 | Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Pod Admin). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-22082 |
CVE-2023-45049 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Ciprian Popescu YouTube Playlist Player plugin <= 4.6.7 versions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-45049 |
CVE-2023-45059 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Gumroad plugin <= 3.1.0 versions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-45059 |
CVE-2023-31217 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in MyTechTalky User Location and IP plugin <= 1.6 versions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-31217 |
CVE-2023-45067 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Ashish Ajani WordPress Simple HTML Sitemap plugin <= 2.1 versions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-45067 |
CVE-2023-45608 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Nicola Modugno Smart Cookie Kit plugin <= 2.3.1 versions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-45608 |
CVE-2023-45607 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Hector Cabrera WordPress Popular Posts plugin <= 6.3.2 versions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-45607 |
CVE-2023-45628 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in QROkes QR Twitter Widget plugin <= 0.2.3 versions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-45628 |
CVE-2023-5631 | \nRoundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcube_washtml.php behavior. This could allow a remote attacker\n\nto load arbitrary JavaScript code.\n\n\n\n\n\n\n\n | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5631 |
CVE-2023-5638 | The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wcj_image' shortcode in versions up to, and including, 7.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5638 |
CVE-2023-5639 | The Team Showcase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tmfshortcode' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5639 |
CVE-2023-43342 | Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Languages Menu component. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43342 |
CVE-2023-43344 | Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the SEO - Meta description parameter in the Pages Menu component. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43344 |
CVE-2023-43359 | Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Page Specific Metadata and Smarty data parameters in the Content Manager Menu component. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43359 |
CVE-2023-45279 | Yamcs 5.8.6 allows XSS (issue 1 of 2). It comes with a Bucket as its primary storage mechanism. Buckets allow for the upload of any file. There's a way to upload a display referencing a malicious JavaScript file to the bucket. The user can then open the uploaded display by selecting Telemetry from the menu and navigating to the display. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-45279 |
CVE-2023-45280 | Yamcs 5.8.6 allows XSS (issue 2 of 2). It comes with a Bucket as its primary storage mechanism. Buckets allow for the upload of any file. There's a way to upload an HTML file containing arbitrary JavaScript and then navigate to it. Once the user opens the file, the browser will execute the arbitrary JavaScript. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-45280 |
CVE-2023-45815 | ArchiveBox is an open source self-hosted web archiving system. Any users who are using the `wget` extractor and view the content it outputs. The impact is potentially severe if you are logged in to the ArchiveBox admin site in the same browser session and view an archived malicious page designed to target your ArchiveBox instance. Malicious Javascript could potentially act using your logged-in admin credentials and add/remove/modify snapshots, add/remove/modify ArchiveBox users, and generally do anything an admin user could do. The impact is less severe for non-logged-in users, as malicious Javascript cannot *modify* any archives, but it can still *read* all the other archived content by fetching the snapshot index and iterating through it. Because all of ArchiveBox's archived content is served from the same host and port as the admin panel, when archived pages are viewed the JS executes in the same context as all the other archived pages (and the admin panel), defeating most of the browser's usual CORS/CSRF security protections and leading to this issue. A patch is being developed in https://github.com/ArchiveBox/ArchiveBox/issues/239. As a mitigation for this issue would be to disable the wget extractor by setting `archivebox config --set SAVE_WGET=False`, ensure you are always logged out, or serve only a [static HTML version](https://github.com/ArchiveBox/ArchiveBox/wiki/Publishing-Your-Archive#2-export-and-host-it-as-static-html) of your archive. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-45815 |
CVE-2023-41893 | Home assistant is an open source home automation. The audit team’s analyses confirmed that the `redirect_uri` and `client_id` are alterable when logging in. Consequently, the code parameter utilized to fetch the `access_token` post-authentication will be sent to the URL specified in the aforementioned parameters. Since an arbitrary URL is permitted and `homeassistant.local` represents the preferred, default domain likely used and trusted by many users, an attacker could leverage this weakness to manipulate a user and retrieve account access. Notably, this attack strategy is plausible if the victim has exposed their Home Assistant to the Internet, since after acquiring the victim’s `access_token` the adversary would need to utilize it directly towards the instance to achieve any pertinent malicious actions. To achieve this compromise attempt, the attacker must send a link with a `redirect_uri` that they control to the victim’s own Home Assistant instance. In the eventuality the victim authenticates via said link, the attacker would obtain code sent to the specified URL in `redirect_uri`, which can then be leveraged to fetch an `access_token`. Pertinently, an attacker could increase the efficacy of this strategy by registering a near identical domain to `homeassistant.local`, which at first glance may appear legitimate and thereby obfuscate any malicious intentions. This issue has been addressed in version 2023.9.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-41893 |
CVE-2023-45394 | Stored Cross-Site Scripting (XSS) vulnerability in the Company field in the "Request a Quote" Section of Small CRM v3.0 allows an attacker to store and execute malicious javascript code in the Admin panel which leads to Admin account takeover. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-45394 |
CVE-2023-45471 | The QAD Search Server is vulnerable to Stored Cross-Site Scripting (XSS) in versions up to, and including, 1.0.0.315 due to insufficient checks on indexes. This makes it possible for unauthenticated attackers to create a new index and inject a malicious web script into its name, that will execute whenever a user accesses the search page. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-45471 |
CVE-2023-5613 | The Super Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tpsscode' shortcode in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5613 |
CVE-2023-5614 | The Theme Switcha plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'theme_switcha_list' shortcode in all versions up to, and including, 3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5614 |
CVE-2023-5668 | The WhatsApp Share Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'whatsapp' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5668 |
CVE-2023-2325 | Stored XSS Vulnerability in M-Files Classic Web versions before 23.10 and LTS Service Release Versions before 23.2 LTS SR4 and 23.8 LTS SR1allows attacker to execute script on users browser via stored HTML document.\n\n | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-2325 |
CVE-2023-4482 | The Auto Amazon Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the style parameter in versions up to, and including, 5.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-4482 |
CVE-2023-4919 | The iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `iframe` shortcode in versions up to, and including, 4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permission and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This was partially patched in version 4.6 and fully patched in version 4.7. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-4919 |
CVE-2023-5050 | The Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5050 |
CVE-2023-5071 | The Sitekit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'sitekit_iframe' shortcode in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5071 |
CVE-2023-5200 | The flowpaper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'flipbook' shortcode in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5200 |
CVE-2023-5308 | The Podcast Subscribe Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'podcast_subscribe' shortcode in versions up to, and including, 1.4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5308 |
CVE-2023-4961 | The Poptin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'poptin-form' shortcode in versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-4961 |
CVE-2023-5086 | The Copy Anything to Clipboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'copy' shortcode in versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5086 |
CVE-2023-5109 | The WP Mailto Links – Protect Email Addresses plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wpml_mailto' shortcode in versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This was partially patched in version 3.1.3 and fully patched in version 3.1.4. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5109 |
CVE-2023-5231 | The Magic Action Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 2.17.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5231 |
CVE-2023-5292 | The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'acfe_form' shortcode in versions up to, and including, 0.8.9.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5292 |
CVE-2023-5337 | The Contact form Form For All plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'formforall' shortcode in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5337 |
CVE-2023-5534 | The AI ChatBot plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.8.9 and 4.9.2. This is due to missing or incorrect nonce validation on the corresponding functions. This makes it possible for unauthenticated attackers to invoke those functions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5534 |
CVE-2023-5615 | The Skype Legacy Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'skype-status' shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5615 |
CVE-2023-5618 | The Modern Footnotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in versions up to, and including, 1.4.16 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5618 |
CVE-2023-5688 | Cross-site Scripting (XSS) - DOM in GitHub repository modoboa/modoboa prior to 2.2.2. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5688 |
CVE-2023-5689 | Cross-site Scripting (XSS) - DOM in GitHub repository modoboa/modoboa prior to 2.2.2. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5689 |
CVE-2023-43353 | Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the extra parameter in the news menu component. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43353 |
CVE-2023-43354 | Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Profiles parameter in the Extensions -MicroTiny WYSIWYG editor component. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43354 |
CVE-2023-43355 | Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the password and password again parameters in the My Preferences - Add user component. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43355 |
CVE-2023-43356 | Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Global Meatadata parameter in the Global Settings Menu component. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43356 |
CVE-2023-43357 | Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the Manage Shortcuts component. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43357 |
CVE-2023-43346 | Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Backend - Dashboard parameter in the Languages Menu component. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43346 |
CVE-2023-46003 | I-doit pro 25 and below is vulnerable to Cross Site Scripting (XSS) via index.php. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-46003 |
CVE-2023-46054 | Cross Site Scripting (XSS) vulnerability in WBCE CMS v.1.6.1 and before allows a remote attacker to escalate privileges via a crafted script to the website_footer parameter in the admin/settings/save.php component. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-46054 |
CVE-2023-5205 | The Add Custom Body Class plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'add_custom_body_class' value in versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5205 |
CVE-2023-43065 | \nDell Unity prior to 5.3 contains a Cross-site scripting vulnerability. A low-privileged authenticated attacker can exploit these issues to obtain escalated privileges.\n\n | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43065 |
CVE-2023-46127 | Frappe is a full-stack web application framework that uses Python and MariaDB on the server side and an integrated client side library. A malicious Frappe user with desk access could create documents containing HTML payloads allowing HTML Injection. This vulnerability has been patched in version 14.49.0. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-46127 |
CVE-2023-38722 | IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 262174. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-38722 |
CVE-2023-37636 | A stored cross-site scripting (XSS) vulnerability in UVDesk Community Skeleton v1.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Message field when creating a ticket. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-37636 |
CVE-2023-43358 | Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the News Menu component. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43358 |
CVE-2023-44760 | Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS v.9.2.1 allow an attacker to execute arbitrary code via a crafted script to the Header and Footer Tracking Codes of the SEO & Statistics. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-44760 |
CVE-2023-45998 | kodbox 1.44 is vulnerable to Cross Site Scripting (XSS). Customizing global HTML results in storing XSS. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-45998 |
CVE-2023-26577 | Stored cross-site scripting in the IDAttend’s IDWeb application 3.1.052 and earlier allows attackers to hijack the browsing session of the logged in user. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-26577 |
CVE-2023-43360 | Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Top Directory parameter in the File Picker Menu component. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43360 |
CVE-2023-45646 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Henryholtgeerts PDF Block plugin <= 1.1.0 versions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-45646 |
CVE-2023-45829 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in HappyBox Newsletter & Bulk Email Sender – Email Newsletter Plugin for WordPress plugin <= 2.0.1 versions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-45829 |
CVE-2023-30492 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Vark Minimum Purchase for WooCommerce plugin <= 2.0.0.1 versions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-30492 |
CVE-2023-46450 | Sourcecodester Free and Open Source inventory management system 1.0 is vulnerable to Cross Site Scripting (XSS) via the Add supplier function. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-46450 |
CVE-2023-46211 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Brainstorm Force Ultimate Addons for WPBakery Page Builder plugin <= 3.19.14 versions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-46211 |
CVE-2019-1003017 | A data modification vulnerability exists in Jenkins Job Import Plugin 3.0 and earlier in JobImportAction.java that allows attackers to copy jobs from a preconfigured other Jenkins instance, potentially installing additional plugins necessary to load the imported job's configuration. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-1003017 |
CVE-2019-10378 | Jenkins TestLink Plugin 3.16 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-10378 |
CVE-2019-10427 | Jenkins Aqua MicroScanner Plugin 1.0.7 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-10427 |
CVE-2019-16568 | Jenkins SCTMExecutor Plugin 2.2 and earlier transmits previously configured service credentials in plain text as part of the global configuration, as well as individual jobs' configurations. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-16568 |
CVE-2020-2101 | Jenkins 2.218 and earlier, LTS 2.204.1 and earlier did not use a constant-time comparison function for validating connection secrets, which could potentially allow an attacker to use a timing attack to obtain this secret. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2101 |
CVE-2020-2102 | Jenkins 2.218 and earlier, LTS 2.204.1 and earlier used a non-constant time comparison function when validating an HMAC. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2102 |
CVE-2020-2119 | Jenkins Azure AD Plugin 1.1.2 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2119 |
CVE-2020-2143 | Jenkins Logstash Plugin 2.3.1 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2143 |
CVE-2020-2149 | Jenkins Repository Connector Plugin 1.2.6 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2149 |
CVE-2020-2150 | Jenkins Sonar Quality Gates Plugin 1.3.1 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2150 |
CVE-2020-2151 | Jenkins Quality Gates Plugin 2.5 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2151 |
CVE-2020-2155 | Jenkins OpenShift Deployer Plugin 1.2.0 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2155 |
CVE-2020-2287 | Jenkins Audit Trail Plugin 3.6 and earlier applies pattern matching to a different representation of request URL paths than the Stapler web framework uses for dispatching requests, which allows attackers to craft URLs that bypass request logging of any target URL. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2287 |
CVE-2020-2288 | In Jenkins Audit Trail Plugin 3.6 and earlier, the default regular expression pattern could be bypassed in many cases by adding a suffix to the URL that would be ignored during request handling. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2288 |
CVE-2020-2323 | Jenkins Chaos Monkey Plugin 0.4 and earlier does not perform permission checks in an HTTP endpoint, allowing attackers with Overall/Read permission to access the Chaos Monkey page and to see the history of actions. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-2323 |
CVE-2021-21609 | Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not correctly match requested URLs to the list of always accessible paths, allowing attackers without Overall/Read permission to access some URLs as if they did have Overall/Read permission. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-21609 |
CVE-2021-21615 | Jenkins 2.275 and LTS 2.263.2 allows reading arbitrary files using the file browser for workspaces and archived artifacts due to a time-of-check to time-of-use (TOCTOU) race condition. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-21615 |
CVE-2021-21621 | Jenkins Support Core Plugin 2.72 and earlier provides the serialized user authentication as part of the "About user (basic authentication details only)" information, which can include the session ID of the user creating the support bundle in some configurations. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-21621 |
CVE-2022-23106 | Jenkins Configuration as Code Plugin 1.55 and earlier used a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-23106 |
CVE-2022-25319 | An issue was discovered in Cerebrate through 1.4. Endpoints could be open even when not enabled. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-25319 |
CVE-2022-25320 | An issue was discovered in Cerebrate through 1.4. Username enumeration could occur. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-25320 |
CVE-2022-29047 | Jenkins Pipeline: Shared Groovy Libraries Plugin 564.ve62a_4eb_b_e039 and earlier, except 2.21.3, allows attackers able to submit pull requests (or equivalent), but not able to commit directly to the configured SCM, to effectively change the Pipeline behavior by changing the definition of a dynamically retrieved library in their pull request, even if the Pipeline is configured to not trust them. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-29047 |
CVE-2022-30949 | Jenkins REPO Plugin 1.14.0 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-30949 |
CVE-2022-36884 | The webhook endpoint in Jenkins Git Plugin 4.11.3 and earlier provide unauthenticated attackers information about the existence of jobs configured to use an attacker-specified Git repository. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-36884 |
CVE-2022-36885 | Jenkins GitHub Plugin 1.34.4 and earlier uses a non-constant time comparison function when checking whether the provided and computed webhook signatures are equal, allowing attackers to use statistical methods to obtain a valid webhook signature. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-36885 |
CVE-2022-2461 | The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient permissions checking on the 'tp_translation' AJAX action and default settings which makes it possible for unauthenticated attackers to influence the data shown on the site. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-2461 |
CVE-2022-41235 | Jenkins WildFly Deployer Plugin 1.0.2 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-41235 |
CVE-2022-41248 | Jenkins BigPanda Notifier Plugin 1.4.0 and earlier does not mask the BigPanda API key on the global configuration form, increasing the potential for attackers to observe and capture it. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-41248 |
CVE-2022-38398 | Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-38398 |
CVE-2022-38648 | Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-38648 |
CVE-2022-43410 | Jenkins Mercurial Plugin 1251.va_b_121f184902 and earlier provides information about which jobs were triggered or scheduled for polling through its webhook endpoint, including jobs the user has no permission to access. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-43410 |
CVE-2022-43411 | Jenkins GitLab Plugin 1.5.35 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-43411 |
CVE-2022-43412 | Jenkins Generic Webhook Trigger Plugin 1.84.1 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-43412 |
CVE-2022-43414 | Jenkins NUnit Plugin 0.27 and earlier implements an agent-to-controller message that parses files inside a user-specified directory as test results, allowing attackers able to control agent processes to obtain test results from files in an attacker-specified directory on the Jenkins controller. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-43414 |
CVE-2022-43421 | A missing permission check in Jenkins Tuleap Git Branch Source Plugin 3.2.4 and earlier allows unauthenticated attackers to trigger Tuleap projects whose configured repository matches the attacker-specified value. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-43421 |
CVE-2022-43422 | Jenkins Compuware Topaz Utilities Plugin 1.0.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-43422 |
CVE-2022-43423 | Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-43423 |
CVE-2022-43424 | Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-43424 |
CVE-2022-43426 | Jenkins S3 Explorer Plugin 1.0.8 and earlier does not mask the AWS_SECRET_ACCESS_KEY form field, increasing the potential for attackers to observe and capture it. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-43426 |
CVE-2022-43428 | Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-43428 |
CVE-2022-43434 | Jenkins NeuVector Vulnerability Scanner Plugin 1.20 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-43434 |
CVE-2022-43435 | Jenkins 360 FireLine Plugin 1.7.2 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-43435 |
CVE-2022-40292 | \nThe application allowed for Unauthenticated User Enumeration by interacting with an unsecured endpoint to retrieve information on each account within the system.\n\n | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-40292 |
CVE-2022-45389 | A missing permission check in Jenkins XP-Dev Plugin 1.0 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to an attacker-specified repository. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-45389 |
CVE-2022-39178 | \nWebvendome - webvendome Internal Server IP Disclosure.\nSend GET Request to the request which is shown in the picture.\nInternal Server IP and Full path disclosure. \n\n | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-39178 |
CVE-2022-43557 | The BD BodyGuard™ infusion pumps specified allow for access through the RS-232 (serial) port interface. If exploited, threat actors with physical access, specialized equipment and knowledge may be able to configure or disable the pump. No electronic protected health information (ePHI), protected health information (PHI) or personally identifiable information (PII) is stored in the pump. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-43557 |
CVE-2019-25099 | A vulnerability classified as critical was found in Arthmoor QSF-Portal. This vulnerability affects unknown code of the file index.php. The manipulation of the argument a leads to path traversal. The patch is identified as ea4f61e23ecb83247d174bc2e2cbab521c751a7d. It is recommended to apply a patch to fix this issue. VDB-217558 is the identifier assigned to this vulnerability. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-25099 |
CVE-2020-36647 | A vulnerability classified as critical has been found in YunoHost-Apps transmission_ynh. Affected is an unknown function of the file conf/nginx.conf. The manipulation leads to path traversal. The patch is identified as f136dfd44eda128129e5fd2d850a3a3c600e6a4a. It is recommended to apply a patch to fix this issue. VDB-217638 is the identifier assigned to this vulnerability. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-36647 |
CVE-2023-22943 | In Splunk Add-on Builder (AoB) versions below 4.1.2 and the Splunk CloudConnect SDK versions below 3.1.3, requests to third-party APIs through the REST API Modular Input incorrectly revert to using HTTP to connect after a failure to connect over HTTPS occurs. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-22943 |
CVE-2023-32675 | Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In contracts with more than one regular nonpayable function, it is possible to send funds to the default function, even if the default function is marked `nonpayable`. This applies to contracts compiled with vyper versions prior to 0.3.8. This issue was fixed by the removal of the global `calldatasize` check in commit `02339dfda`. Users are advised to upgrade to version 0.3.8. Users unable to upgrade should avoid use of nonpayable default functions. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-32675 |
CVE-2023-2541 | The Web Frontend of KNIME Business Hub before 1.4.0 allows an unauthenticated remote attacker to access internals about the application such as versions, host names, or IP addresses. No personal information or application data was exposed.\n\n\n\n | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-2541 |
CVE-2023-3817 | Issue summary: Checking excessively long DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_check(), DH_check_ex()\nor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\ndelays. Where the key or parameters that are being checked have been obtained\nfrom an untrusted source this may lead to a Denial of Service.\n\nThe function DH_check() performs various checks on DH parameters. After fixing\nCVE-2023-3446 it was discovered that a large q parameter value can also trigger\nan overly long computation during some of these checks. A correct q value,\nif present, cannot be larger than the modulus p parameter, thus it is\nunnecessary to perform these checks if q is larger than p.\n\nAn application that calls DH_check() and supplies a key or parameters obtained\nfrom an untrusted source could be vulnerable to a Denial of Service attack.\n\nThe function DH_check() is itself called by a number of other OpenSSL functions.\nAn application calling any of those other functions may similarly be affected.\nThe other functions affected by this are DH_check_ex() and\nEVP_PKEY_param_check().\n\nAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\nwhen using the "-check" option.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-3817 |
CVE-2023-20190 | A vulnerability in the classic access control list (ACL) compression feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass the protection that is offered by a configured ACL on an affected device.\r\n\r This vulnerability is due to incorrect destination address range encoding in the compression module of an ACL that is applied to an interface of an affected device. An attacker could exploit this vulnerability by sending traffic through the affected device that should be denied by the configured ACL. A successful exploit could allow the attacker to bypass configured ACL protections on the affected device, allowing the attacker to access trusted networks that the device might be protecting.\r\n\r There are workarounds that address this vulnerability.\r\n\r \r\n\r \r This advisory is part of the September 2023 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2023 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication . | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-20190 |
CVE-2023-41295 | Vulnerability of improper permission management in the displayengine module. Successful exploitation of this vulnerability may cause the screen to turn dim. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-41295 |
CVE-2023-44188 | \nA Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in telemetry processing of Juniper Networks Junos OS allows a network-based authenticated attacker to flood the system with multiple telemetry requests, causing the Junos Kernel Debugging Streaming Daemon (jkdsd) process to crash, leading to a Denial of Service (DoS). Continued receipt and processing of telemetry requests will repeatedly crash the jkdsd process and sustain the Denial of Service (DoS) condition.\n\nThis issue is seen on all Junos platforms. The crash is triggered when multiple telemetry requests come from different collectors. As the load increases, the Dynamic Rendering Daemon (drend) decides to defer processing and continue later, which results in a timing issue accessing stale memory, causing the jkdsd process to crash and restart.\n\nNote: jkdsd is not shipped with SRX Series devices and therefore are not affected by this vulnerability.\nThis issue affects:\n\nJuniper Networks Junos OS:\n\n\n\n * 20.4 versions prior to 20.4R3-S9;\n * 21.1 versions 21.1R1 and later;\n * 21.2 versions prior to 21.2R3-S6;\n * 21.3 versions prior to 21.3R3-S5;\n * 21.4 versions prior to 21.4R3-S5;\n * 22.1 versions prior to 22.1R3-S4;\n * 22.2 versions prior to 22.2R3-S2;\n * 22.3 versions prior to 22.3R2-S1, 22.3R3-S1;\n * 22.4 versions prior to 22.4R2-S2, 22.4R3;\n * 23.1 versions prior to 23.1R2;\n * 23.2 versions prior to 23.2R2.\n\n\n\n\nThis issue does not affect Juniper Networks Junos OS versions prior to 19.4R1.\n\n\n\n | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-44188 |
CVE-2023-22067 | Vulnerability in Oracle Java SE (component: CORBA). Supported versions that are affected are Oracle Java SE: 8u381 and 8u381-perf. Easily exploitable vulnerability allows unauthenticated attacker with network access via CORBA to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-22067 |
CVE-2023-22081 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8 and 21. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-22081 |
CVE-2023-45814 | Bunkum is an open-source protocol-agnostic request server for custom game servers. First, a little bit of background. So, in the beginning, Bunkum's `AuthenticationService` only supported injecting `IUser`s. However, as Refresh and SoundShapesServer implemented permissions systems support for injecting `IToken`s into endpoints was added. All was well until 4.0. Bunkum 4.0 then changed to enforce relations between `IToken`s and `IUser`s. This wasn't implemented in a very good way in the `AuthenticationService`, and ended up breaking caching in such a way that cached tokens would persist after the lifetime of the request - since we tried to cache both tokens and users. From that point until now, from what I understand, Bunkum was attempting to use that cached token at the start of the next request once cached. Naturally, when that token expired, downstream projects like Refresh would remove the object from Realm - and cause the object in the cache to be in a detached state, causing an exception from invalid use of `IToken.User`. So in other words, a use-after-free since Realm can't manage the lifetime of the cached token. Security-wise, the scope is fairly limited, can only be pulled off on a couple endpoints given a few conditions, and you can't guarantee which token you're going to get. Also, the token *would* get invalidated properly if the endpoint had either a `IToken` usage or a `IUser` usage. The fix is to just wipe the token cache after the request was handled, which is now in `4.2.1`. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-45814 |
CVE-2023-4645 | The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the ai_ajax function. This can allow unauthenticated attackers to extract sensitive data such as post titles and slugs (including those of protected posts along with their passwords), usernames, available roles, the plugin license key provided the remote debugging option is enabled. In the default state it is disabled. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-4645 |
CVE-2023-5254 | The ChatBot plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.8.9 via the qcld_wb_chatbot_check_user function. This can allow unauthenticated attackers to extract sensitive data including confirmation as to whether a user name exists on the site as well as order information for existing users. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-5254 |
CVE-2023-42666 | \n\n\n\n\n\n\n\n\n\n\n\n\nThe affected product is vulnerable to an exposure of sensitive information to an unauthorized actor vulnerability, which may allow an attacker to create malicious requests for obtaining the information of the version about the web server used.\n\n\n\n\n\n\n\n\n\n\n\n\n\n | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-42666 |
CVE-2023-30633 | An issue was discovered in TrEEConfigDriver in Insyde InsydeH2O with kernel 5.0 through 5.5. It can report false TPM PCR values, and thus mask malware activity. Devices use Platform Configuration Registers (PCRs) to record information about device and software configuration to ensure that the boot process is secure. (For example, Windows uses these PCR measurements to determine device health.) A vulnerable device can masquerade as a healthy device by extending arbitrary values into Platform Configuration Register (PCR) banks. This requires physical access to a target victim's device, or compromise of user credentials for a device. This issue is similar to CVE-2021-42299 (on Surface Pro devices). | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-30633 |
CVE-2023-45822 | Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which a default unsafe rego built-in was allowed to be used when defining authorization policies. Artifact Hub includes a fine-grained authorization mechanism that allows organizations to define what actions can be performed by their members. It is based on customizable authorization policies that are enforced by the `Open Policy Agent`. Policies are written using `rego` and their data files are expected to be json documents. By default, `rego` allows policies to make HTTP requests, which can be abused to send requests to internal resources and forward the responses to an external entity. In the context of Artifact Hub, this capability should have been disabled. This issue has been resolved in version `1.16.0`. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-45822 |
CVE-2023-39731 | The leakage of the client secret in Kaibutsunosato v13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-39731 |
CVE-2023-41894 | Home assistant is an open source home automation. The assessment verified that webhooks available in the webhook component are triggerable via the `*.ui.nabu.casa` URL without authentication, even when the webhook is marked as Only accessible from the local network. This issue is facilitated by the SniTun proxy, which sets the source address to 127.0.0.1 on all requests sent to the public URL and forwarded to the local Home Assistant. This issue has been addressed in version 2023.9.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-41894 |
CVE-2021-4353 | The WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to unauthenticated settings export in versions up to, and including, 2.4.1. This is due to missing authorization on the export() function which makes makes it possible for unauthenticated attackers to export the plugin's settings. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-4353 |
CVE-2022-4943 | The miniOrange's Google Authenticator plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when changing plugin settings in versions up to, and including, 5.6.5. This makes it possible for unauthenticated attackers to change the plugin's settings. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-4943 |
CVE-2023-3869 | The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the voteOnComment function in versions up to, and including, 7.6.3. This makes it possible for unauthenticated attackers to increase or decrease the rating of a comment. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-3869 |
CVE-2023-3998 | The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the userRate function in versions up to, and including, 7.6.3. This makes it possible for unauthenticated attackers to increase or decrease the rating of a post. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-3998 |
CVE-2023-4939 | The SALESmanago plugin for WordPress is vulnerable to Log Injection in versions up to, and including, 3.2.4. This is due to the use of a weak authentication token for the /wp-json/salesmanago/v1/callbackApiV3 API endpoint which is simply a SHA1 hash of the site URL and client ID found in the page source of the website. This makes it possible for unauthenticated attackers to inject arbitrary content into the log files, and when combined with another vulnerability this could have significant consequences. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-4939 |
CVE-2023-28804 | An Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows replacing binaries.This issue affects Linux Client Connector: before 1.4.0.105 | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-28804 |
CVE-2023-26579 | Missing authentication in the DeleteStaff method in IDAttend’s IDWeb application 3.1.013 allows deletion of staff information by unauthenticated attackers. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-26579 |
CVE-2023-27256 | Missing authentication in the GetLogFiles method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of sensitive log files by unauthenticated attackers. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-27256 |
CVE-2023-41339 | GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The WMS specification defines an ``sld=<url>`` parameter for GetMap, GetLegendGraphic and GetFeatureInfo operations for user supplied "dynamic styling". Enabling the use of dynamic styles, without also configuring URL checks, provides the opportunity for Service Side Request Forgery. This vulnerability can be used to steal user NetNTLMv2 hashes which could be relayed or cracked externally to gain further access. This vulnerability has been patched in versions 2.22.5 and 2.23.2. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-41339 |
CVE-2023-41721 | Instances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are versions 7.5.176. and earlier, implement device adoption with improper access control logic, creating a risk of access to device configuration information by a malicious actor with preexisting access to the network.\n\nAffected Products:\nUDM\nUDM-PRO\nUDM-SE\nUDR\nUDW\n \nMitigation:\nUpdate UniFi Network to Version 7.5.187 or later.\n | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-41721 |
CVE-2023-43340 | Cross-site scripting (XSS) vulnerability in evolution v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected into the cmsadmin, cmsadminemail, cmspassword and cmspasswordconfim parameters | 5.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-43340 |
CVE-2019-10363 | Jenkins Configuration as Code Plugin 1.24 and earlier did not reliably identify sensitive values expected to be exported in their encrypted form. | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2019-10363 |
CVE-2022-2943 | The WordPress Infinite Scroll – Ajax Load More plugin for Wordpress is vulnerable to arbitrary file reading in versions up to, and including, 5.5.3 due to insufficient file path validation on the alm_repeaters_export() function. This makes it possible for authenticated attackers, with administrative privileges, to download arbitrary files hosted on the server that may contain sensitive content, such as the wp-config.php file. | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2022-2943 |
CVE-2022-40295 | \nThe application was vulnerable to an authenticated information disclosure, allowing administrators to view unsalted user passwords, which could lead to the compromise of plaintext passwords via offline attacks.\n\n | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2022-40295 |
CVE-2023-21920 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-21920 |
CVE-2023-21933 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-21933 |
CVE-2023-21935 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-21935 |
CVE-2023-21945 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-21945 |
CVE-2023-21955 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-21955 |
CVE-2023-21962 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-21962 |
CVE-2023-22008 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS |