Total
59 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-0085 | 1 Wpmet | 1 Metform Elementor Contact Form Builder | 2023-03-09 | N/A | 5.3 MEDIUM |
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to reCaptcha Bypass in versions up to, and including, 3.2.1. This is due to insufficient server side checking on the captcha value submitted during a form submission. This makes it possible for unauthenticated attackers to bypass Captcha restrictions and for attackers to utilize bots to submit forms. | |||||
CVE-2022-43403 | 1 Jenkins | 1 Script Security | 2023-02-28 | N/A | 9.9 CRITICAL |
A sandbox bypass vulnerability involving casting an array-like value to an array type in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. | |||||
CVE-2023-25765 | 1 Jenkins | 1 Email Extension | 2023-02-22 | N/A | 9.9 CRITICAL |
In Jenkins Email Extension Plugin 2.93 and earlier, templates defined inside a folder were not subject to Script Security protection, allowing attackers able to define email templates in folders to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. | |||||
CVE-2022-43428 | 1 Jenkins | 2 Compuware Topaz For Total Test, Jenkins | 2023-01-31 | N/A | 5.3 MEDIUM |
Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process. | |||||
CVE-2022-43402 | 1 Jenkins | 1 Pipeline\ | 2023-01-30 | N/A | 9.9 CRITICAL |
A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Pipeline: Groovy Plugin 2802.v5ea_628154b_c2 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. | |||||
CVE-2019-13924 | 1 Siemens | 16 Scalance X-200irt, Scalance X-200irt Firmware, Scalance X-300 and 13 more | 2022-12-13 | 4.3 MEDIUM | 5.4 MEDIUM |
A vulnerability has been identified in SCALANCE S602 (All versions < V4.1), SCALANCE S612 (All versions < V4.1), SCALANCE S623 (All versions < V4.1), SCALANCE S627-2M (All versions < V4.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < 5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-200RNA switch family (All versions < V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < 4.1.3). The device does not send the X-Frame-Option Header in the administrative web interface, which makes it vulnerable to Clickjacking attacks. The security vulnerability could be exploited by an attacker that is able to trick an administrative user with a valid session on the target device into clicking on a website controlled by the attacker. The vulnerability could allow an attacker to perform administrative actions via the web interface. | |||||
CVE-2022-43401 | 1 Jenkins | 1 Script Security | 2022-10-31 | N/A | 9.9 CRITICAL |
A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. | |||||
CVE-2022-43406 | 1 Jenkins | 1 Groovy Libraries | 2022-10-24 | N/A | 9.9 CRITICAL |
A sandbox bypass vulnerability in Jenkins Pipeline: Deprecated Groovy Libraries Plugin 583.vf3b_454e43966 and earlier allows attackers with permission to define untrusted Pipeline libraries and to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. | |||||
CVE-2022-43435 | 1 Jenkins | 1 360 Fireline | 2022-10-24 | N/A | 5.3 MEDIUM |
Jenkins 360 FireLine Plugin 1.7.2 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download. | |||||
CVE-2022-43434 | 1 Jenkins | 1 Neuvector Vulnerability Scanner | 2022-10-24 | N/A | 5.3 MEDIUM |
Jenkins NeuVector Vulnerability Scanner Plugin 1.20 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download. | |||||
CVE-2022-43433 | 1 Jenkins | 1 Screenrecorder | 2022-10-22 | N/A | 4.3 MEDIUM |
Jenkins ScreenRecorder Plugin 0.7 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download. | |||||
CVE-2022-43432 | 1 Jenkins | 1 Xframium Builder | 2022-10-22 | N/A | 4.3 MEDIUM |
Jenkins XFramium Builder Plugin 1.0.22 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download. | |||||
CVE-2022-43429 | 1 Jenkins | 2 Compuware Topaz For Total Test, Jenkins | 2022-10-21 | N/A | 7.5 HIGH |
Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to read arbitrary files on the Jenkins controller file system. | |||||
CVE-2022-43424 | 1 Jenkins | 2 Compuware Xpediter Code, Jenkins | 2022-10-21 | N/A | 5.3 MEDIUM |
Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process. | |||||
CVE-2022-43405 | 1 Jenkins | 1 Groovy Libraries | 2022-10-21 | N/A | 9.9 CRITICAL |
A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Libraries Plugin 612.v84da_9c54906d and earlier allows attackers with permission to define untrusted Pipeline libraries and to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. | |||||
CVE-2022-43404 | 1 Jenkins | 1 Script Security | 2022-10-21 | N/A | 9.9 CRITICAL |
A sandbox bypass vulnerability involving crafted constructor bodies and calls to sandbox-generated synthetic constructors in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. | |||||
CVE-2020-28396 | 1 Siemens | 6 Sicam A8000 Cp-8000, Sicam A8000 Cp-8000 Firmware, Sicam A8000 Cp-8021 and 3 more | 2022-08-05 | 4.9 MEDIUM | 7.3 HIGH |
A vulnerability has been identified in SICAM A8000 CP-8000 (All versions < V16), SICAM A8000 CP-8021 (All versions < V16), SICAM A8000 CP-8022 (All versions < V16). A web server misconfiguration of the affected device can cause insecure ciphers usage by a userĀ“s browser. An attacker in a privileged position could decrypt the communication and compromise confidentiality and integrity of the transmitted information. | |||||
CVE-2022-36900 | 1 Jenkins | 2 Compuware Zadviser Api, Jenkins | 2022-08-03 | N/A | 8.2 HIGH |
Jenkins Compuware zAdviser API Plugin 1.0.3 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties. | |||||
CVE-2022-34181 | 1 Jenkins | 1 Xunit | 2022-06-29 | 6.4 MEDIUM | 9.1 CRITICAL |
Jenkins xUnit Plugin 3.0.8 and earlier implements an agent-to-controller message that creates a user-specified directory if it doesn't exist, and parsing files inside it as test results, allowing attackers able to control agent processes to create an arbitrary directory on the Jenkins controller or to obtain test results from existing files in an attacker-specified directory. | |||||
CVE-2022-22152 | 1 Juniper | 1 Contrail Service Orchestration | 2022-01-24 | 4.0 MEDIUM | 6.5 MEDIUM |
A Protection Mechanism Failure vulnerability in the REST API of Juniper Networks Contrail Service Orchestration allows one tenant on the system to view confidential configuration details of another tenant on the same system. By utilizing the REST API, one tenant is able to obtain information on another tenant's firewall configuration and access control policies, as well as other sensitive information, exposing the tenant to reduced defense against malicious attacks or exploitation via additional undetermined vulnerabilities. This issue affects Juniper Networks Contrail Service Orchestration versions prior to 6.1.0 Patch 3. |