Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2022-43414 2022-10-19 MEDIUM 5.3 Jenkins NUnit Plugin 0.27 and earlier implements an agent-to-controller message that parses files inside a user-specified directory as test results, allowing attackers able to control agent processes to…
CVE-2022-43413 2022-10-19 MEDIUM 4.3 Jenkins Job Import Plugin 3.5 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials…
CVE-2022-43412 2022-10-19 MEDIUM 5.3 Jenkins Generic Webhook Trigger Plugin 1.84.1 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers…
CVE-2022-43411 2022-10-19 MEDIUM 5.3 Jenkins GitLab Plugin 1.5.35 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use…
CVE-2022-43410 2022-10-19 MEDIUM 5.3 Jenkins Mercurial Plugin 1251.va_b_121f184902 and earlier provides information about which jobs were triggered or scheduled for polling through its webhook endpoint, including jobs the user has no permission…
CVE-2022-43409 2022-10-19 MEDIUM 5.4 Jenkins Pipeline: Supporting APIs Plugin 838.va_3a_087b_4055b and earlier does not sanitize or properly encode URLs of hyperlinks sending POST requests in build logs, resulting in a stored cross-site…
CVE-2022-43408 2022-10-19 MEDIUM 6.5 Jenkins Pipeline: Stage View Plugin 2.26 and earlier does not correctly encode the ID of 'input' steps when using it to generate URLs to proceed or abort Pipeline…
CVE-2022-43407 2022-10-19 HIGH 8.8 Jenkins Pipeline: Input Step Plugin 451.vf1a_a_4f405289 and earlier does not restrict or sanitize the optionally specified ID of the 'input' step, which is used for the URLs that…
CVE-2022-43283 2022-10-28 MEDIUM 5.5 wasm2c v1.0.29 was discovered to contain an abort in CWriter::Write.
CVE-2022-43282 2022-10-28 HIGH 7.1 wasm-interp v1.0.29 was discovered to contain an out-of-bounds read via the component OnReturnCallIndirectExpr->GetReturnCallDropKeepCount.
CVE-2022-43281 2022-10-28 HIGH 7.8 wasm-interp v1.0.29 was discovered to contain a heap overflow via the component std::vector::size() at /bits/stl_vector.h.
CVE-2022-43185 2022-10-19 MEDIUM 5.4 A stored cross-site scripting (XSS) vulnerability in the Configuration/Holidays module of Rukovoditel v3.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into…
CVE-2022-43184 2022-10-19 CRITICAL 9.8 D-Link DIR878 1.30B08 Hotfix_04 was discovered to contain a command injection vulnerability via the component /bin/proc.cgi.
CVE-2022-43169 2022-10-28 MEDIUM 5.4 A stored cross-site scripting (XSS) vulnerability in the Users Access Groups feature (/index.php?module=users_groups/users_groups) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a…
CVE-2022-43168 2022-10-28 CRITICAL 9.8 Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the reports_id parameter.
CVE-2022-43167 2022-10-28 MEDIUM 5.4 A stored cross-site scripting (XSS) vulnerability in the Users Alerts feature (/index.php?module=users_alerts/users_alerts) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted…
CVE-2022-43166 2022-10-28 MEDIUM 5.4 A stored cross-site scripting (XSS) vulnerability in the Global Entities feature (/index.php?module=entities/entities) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted…
CVE-2022-43165 2022-10-28 MEDIUM 5.4 A stored cross-site scripting (XSS) vulnerability in the Global Variables feature (/index.php?module=global_vars/vars) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted…
CVE-2022-43164 2022-10-28 MEDIUM 5.4 A stored cross-site scripting (XSS) vulnerability in the Global Lists feature (/index.php?module=global_lists/lists) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted…
CVE-2022-43039 2022-10-19 MEDIUM 5.5 GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_isom_meta_restore_items_ref at /isomedia/meta.c.
CVE-2022-43038 2022-10-19 MEDIUM 6.5 Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4_BitReader::ReadCache() function in mp42ts.
CVE-2022-43037 2022-10-19 MEDIUM 6.5 An issue was discovered in Bento4 1.6.0-639. There is a memory leak in the function AP4_File::ParseStream in /Core/Ap4File.cpp.
CVE-2022-43035 2022-10-19 MEDIUM 6.5 An issue was discovered in Bento4 v1.6.0-639. There is a heap-buffer-overflow in AP4_Dec3Atom::AP4_Dec3Atom at Ap4Dec3Atom.cpp, leading to a Denial of Service (DoS), as demonstrated by mp42aac.
CVE-2022-43034 2022-10-19 MEDIUM 6.5 An issue was discovered in Bento4 v1.6.0-639. There is a heap buffer overflow vulnerability in the AP4_BitReader::SkipBits(unsigned int) function in mp42ts.
CVE-2022-43029 2022-10-19 CRITICAL 9.8 Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the time parameter at /goform/SetSysTimeCfg.
CVE-2022-43028 2022-10-19 CRITICAL 9.8 Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the timeZone parameter at /goform/SetSysTimeCfg.
CVE-2022-43033 2022-10-19 MEDIUM 6.5 An issue was discovered in Bento4 1.6.0-639. There is a bad free in the component AP4_HdlrAtom::~AP4_HdlrAtom() which allows attackers to cause a Denial of Service (DoS) via a…
CVE-2022-43032 2022-10-19 MEDIUM 6.5 An issue was discovered in Bento4 v1.6.0-639. There is a memory leak in AP4_DescriptorFactory::CreateDescriptorFromStream in Core/Ap4DescriptorFactory.cpp, as demonstrated by mp42aac.
CVE-2022-43027 2022-10-19 CRITICAL 9.8 Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the firewallEn parameter at /goform/SetFirewallCfg.
CVE-2022-43014 2022-10-19 MEDIUM 6.1 OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the joborderID parameter.
CVE-2022-42466 2022-10-19 MEDIUM 6.1 Prior to 2.0.0-M9, it was possible for an end-user to set the value of an editable string property of a domain object to a value that would be…
CVE-2022-41708 2022-10-19 MEDIUM 4.3 Relatedcode's Messenger version 7bcd20b allows an authenticated external attacker to access existing chats in the workspaces of any user of the application. This is possible because the application…
CVE-2022-42227 2022-10-19 HIGH 7.5 jsonlint 1.0 is vulnerable to heap-buffer-overflow via /home/hjsz/jsonlint/src/lexer.
CVE-2022-41709 2022-10-19 HIGH 7.8 Markdownify version 1.4.1 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Markdownify. This is possible because…
CVE-2022-41707 2022-10-19 MEDIUM 6.5 Relatedcode's Messenger version 7bcd20b allows an authenticated external attacker to access sensitive data of any user of the application. This is possible because the application exposes user data…
CVE-2022-40798 2022-10-19 HIGH 7.5 OcoMon 4.0RC1 is vulnerable to Incorrect Access Control. Through a request the user can obtain the real email, sending the same request with correct email its possible to…
CVE-2024-2739 2024-04-15 HIGH 8.7 The Advanced Search WordPress plugin through 1.1.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via…
CVE-2024-1849 2024-04-15 MEDIUM 5.4 The WP Customer Reviews WordPress plugin before 3.7.1 does not validate a parameter allowing contributor and above users to redirect a page to a malicious URL
CVE-2024-1755 2024-04-15 HIGH 8.8 The NPS computy WordPress plugin through 2.7.5 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via…
CVE-2024-1754 2024-04-15 MEDIUM 4.7 The NPS computy WordPress plugin through 2.7.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored…
CVE-2024-10562 2025-01-07 LOW 2.7 The Form Maker by 10Web WordPress plugin before 1.15.31 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to…
CVE-2024-11223 2024-12-26 MEDIUM 4.7 The WPForms WordPress plugin before 1.9.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site…
CVE-2024-10678 2024-12-13 MEDIUM 5.4 The Ultimate Blocks WordPress plugin before 3.2.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is…
CVE-2024-6136 2024-08-12 MEDIUM 5.4 The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF…
CVE-2024-6134 2024-08-12 MEDIUM 5.4 The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could…
CVE-2024-6133 2024-08-12 MEDIUM 6.5 The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could…
CVE-2024-12568 2025-01-13 MEDIUM 4.8 The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of its Workflow settings, which could allow high privilege users such as…
CVE-2024-12567 2025-01-13 MEDIUM 4.8 The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of its form settings, which could allow high privilege users such as…
CVE-2024-12566 2025-01-13 MEDIUM 4.8 The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of form settings, which could allow high privilege users such as admin…
CVE-2024-12274 2025-01-13 HIGH 7.5 The Appointment Booking Calendar Plugin and Scheduling Plugin WordPress plugin before 1.1.23 export settings functionality exports data to a public folder, with an easily guessable file name, allowing…
« Anterior Página 1259 de 4311 Siguiente »