Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-43814 | 2023-11-15 | N/A | N/A | ||
| Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | |||||
| CVE-2022-43813 | 2023-11-15 | N/A | N/A | ||
| Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | |||||
| CVE-2022-43812 | 2023-11-15 | N/A | N/A | ||
| Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | |||||
| CVE-2022-43811 | 2023-11-15 | N/A | N/A | ||
| Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | |||||
| CVE-2022-43810 | 2023-11-15 | N/A | N/A | ||
| Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | |||||
| CVE-2022-43809 | 2023-11-15 | N/A | N/A | ||
| Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | |||||
| CVE-2022-43808 | 2023-11-15 | N/A | N/A | ||
| Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | |||||
| CVE-2022-43807 | 2023-11-15 | N/A | N/A | ||
| Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | |||||
| CVE-2022-43806 | 2023-11-15 | N/A | N/A | ||
| Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | |||||
| CVE-2022-43805 | 2023-11-15 | N/A | N/A | ||
| Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | |||||
| CVE-2022-43804 | 2023-11-15 | N/A | N/A | ||
| Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | |||||
| CVE-2022-43803 | 2023-11-15 | N/A | N/A | ||
| Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | |||||
| CVE-2022-43802 | 2023-11-15 | N/A | N/A | ||
| Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | |||||
| CVE-2022-43801 | 2023-11-15 | N/A | N/A | ||
| Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | |||||
| CVE-2022-43800 | 2023-11-15 | N/A | N/A | ||
| Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | |||||
| CVE-2022-43799 | 2023-11-15 | N/A | N/A | ||
| Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | |||||
| CVE-2022-43798 | 2023-11-15 | N/A | N/A | ||
| Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | |||||
| CVE-2022-43797 | 2023-11-15 | N/A | N/A | ||
| Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | |||||
| CVE-2022-43796 | 2023-11-15 | N/A | N/A | ||
| Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | |||||
| CVE-2022-43795 | 2023-11-15 | N/A | N/A | ||
| Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | |||||
| CVE-2022-43794 | 2023-11-15 | N/A | N/A | ||
| Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | |||||
| CVE-2022-43793 | 2023-11-15 | N/A | N/A | ||
| Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | |||||
| CVE-2022-43792 | 2023-11-15 | N/A | N/A | ||
| Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | |||||
| CVE-2022-43791 | 2023-11-15 | N/A | N/A | ||
| Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | |||||
| CVE-2022-43790 | 2023-11-15 | N/A | N/A | ||
| Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | |||||
| CVE-2022-43789 | 2023-11-15 | N/A | N/A | ||
| Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | |||||
| CVE-2022-43788 | 2023-11-15 | N/A | N/A | ||
| Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | |||||
| CVE-2022-43787 | 2023-11-15 | N/A | N/A | ||
| Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | |||||
| CVE-2022-43786 | 2023-11-15 | N/A | N/A | ||
| Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | |||||
| CVE-2022-43785 | 2023-11-15 | N/A | N/A | ||
| Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | |||||
| CVE-2022-43784 | 2023-11-15 | N/A | N/A | ||
| Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | |||||
| CVE-2022-43783 | 2023-11-15 | N/A | N/A | ||
| Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | |||||
| CVE-2022-36827 | 2023-11-15 | N/A | N/A | ||
| Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | |||||
| CVE-2022-27207 | 1 Jenkins | 1 Global-build-stats | 2023-11-15 | 3.5 LOW | 4.8 MEDIUM |
| Jenkins global-build-stats Plugin 1.5 and earlier does not escape multiple fields in the chart configuration on the 'Global Build Stats' page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission. | |||||
| CVE-2022-27206 | 1 Jenkins | 1 Gitlab Authentication | 2023-11-15 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins GitLab Authentication Plugin 1.13 and earlier stores the GitLab client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | |||||
| CVE-2022-23108 | 1 Jenkins | 1 Badge | 2023-11-15 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Badge Plugin 1.9 and earlier does not escape the description and does not check for allowed protocols when creating a badge, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-23107 | 1 Jenkins | 1 Warnings Next Generation | 2023-11-15 | 5.5 MEDIUM | 8.1 HIGH |
| Jenkins Warnings Next Generation Plugin 9.10.2 and earlier does not restrict the name of a file when configuring custom ID, allowing attackers with Item/Configure permission to write and read specific files with a hard-coded suffix on the Jenkins controller file system. | |||||
| CVE-2022-23106 | 1 Jenkins | 1 Configuration As Code | 2023-11-15 | 5.0 MEDIUM | 5.3 MEDIUM |
| Jenkins Configuration as Code Plugin 1.55 and earlier used a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token. | |||||
| CVE-2022-23105 | 1 Jenkins | 1 Active Directory | 2023-11-15 | 2.9 LOW | 6.5 MEDIUM |
| Jenkins Active Directory Plugin 2.25 and earlier does not encrypt the transmission of data between the Jenkins controller and Active Directory servers in most configurations. | |||||
| CVE-2022-25186 | 1 Jenkins | 1 Hashicorp Vault | 2023-11-15 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins HashiCorp Vault Plugin 3.8.0 and earlier implements functionality that allows agent processes to retrieve any Vault secrets for use on the agent, allowing attackers able to control agent processes to obtain Vault secrets for an attacker-specified path and key. | |||||
| CVE-2022-23110 | 1 Jenkins | 1 Publish Over Ssh | 2023-11-15 | 3.5 LOW | 4.8 MEDIUM |
| Jenkins Publish Over SSH Plugin 1.22 and earlier does not escape the SSH server name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission. | |||||
| CVE-2022-23109 | 1 Jenkins | 1 Hashicorp Vault | 2023-11-15 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins HashiCorp Vault Plugin 3.7.0 and earlier does not mask Vault credentials in Pipeline build logs or in Pipeline step descriptions when Pipeline: Groovy Plugin 2.85 or later is installed. | |||||
| CVE-2021-40723 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2023-11-15 | N/A | 5.5 MEDIUM |
| Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-46613 | 1 Add-to-calendar-button | 1 Add To Calendar Button | 2023-11-15 | N/A | 5.4 MEDIUM |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Jens Kuerschner Add to Calendar Button plugin <= 1.5.1 versions. | |||||
| CVE-2023-0549 | 1 Yetanotherforum | 1 Yaf.net | 2023-11-15 | N/A | 5.4 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in YAFNET up to 3.1.10. This issue affects some unknown processing of the file /forum/PostPrivateMessage of the component Private Message Handler. The manipulation of the argument subject/message leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.11 is able to address this issue. The identifier of the patch is 2237a9d552e258a43570bb478a92a5505e7c8797. It is recommended to upgrade the affected component. The identifier VDB-219665 was assigned to this vulnerability. | |||||
| CVE-2023-1449 | 1 Gpac | 1 Gpac | 2023-11-15 | N/A | 7.8 HIGH |
| A vulnerability has been found in GPAC 2.3-DEV-rev35-gbbca86917-master and classified as problematic. This vulnerability affects the function gf_av1_reset_state of the file media_tools/av_parsers.c. The manipulation leads to double free. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-223294 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-1448 | 1 Gpac | 1 Gpac | 2023-11-15 | N/A | 7.8 HIGH |
| A vulnerability, which was classified as problematic, was found in GPAC 2.3-DEV-rev35-gbbca86917-master. This affects the function gf_m2ts_process_sdt of the file media_tools/mpegts.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The identifier VDB-223293 was assigned to this vulnerability. | |||||
| CVE-2018-25063 | 1 Zenoss | 1 Dashboard | 2023-11-15 | N/A | 6.1 MEDIUM |
| A vulnerability classified as problematic was found in Zenoss Dashboard up to 1.3.4. Affected by this vulnerability is an unknown functionality of the file ZenPacks/zenoss/Dashboard/browser/resources/js/defaultportlets.js. The manipulation of the argument HTMLString leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.3.5 is able to address this issue. The identifier of the patch is f462285a0a2d7e1a9255b0820240b94a43b00a44. It is recommended to upgrade the affected component. The identifier VDB-217153 was assigned to this vulnerability. | |||||
| CVE-2023-36054 | 3 Debian, Mit, Netapp | 7 Debian Linux, Kerberos 5, Active Iq Unified Manager and 4 more | 2023-11-15 | N/A | 6.5 MEDIUM |
| lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count. | |||||
| CVE-2023-36806 | 1 Contao | 1 Contao | 2023-11-15 | N/A | 5.4 MEDIUM |
| Contao is an open source content management system. Starting in version 4.0.0 and prior to versions 4.9.42, 4.13.28, and 5.1.10, it is possible for untrusted backend users to inject malicious code into headline fields in the back end, which will be executed both in the element preview (back end) and on the website (front end). Installations are only affected if there are untrusted back end users who have the rights to modify headline fields, or other fields using the input unit widget. Contao 4.9.42, 4.13.28, and 5.1.10 have a patch for this issue. As a workaround, disable the login for all untrusted back end users. | |||||