CVE-2022-43429 Compuware Topaz for Total Test Plugin 2.4.8 and earlier allows attackers to read arbitrary files on the Jenkins controller file.
This issue is likely to be exploited in situations such as a cross-site request forgery (CSRF) attack, where a Jenkins master running on attacker-controlled hardware
CVE-2022-43407 Jenkins Input Step Plugin 451.vf1a_a_4f405289 doesn't restrict or sanitize the ID of the input step, which is used for URLs that process user interactions.
This issue does not affect Pipelines. As of Jenkins Pipeline: Input Step Plugin 451.vf1a_a_4f405289 and earlier, this issue can be exploited by
CVE-2022-43418
This issue occurs when the victim has installed the plugin on a Jenkins instance. Attackers can exploit this by tricking a victim into visiting an
CVE-2022-43184 D-Link DIR878 1.30B08 Hotfix_04 had a command injection vulnerability.
D-Link DIR878 1.30B08 Hotfix_04 was discovered to be vulnerable to command injection attacks when it was accessed via the component /bin/proc.cgi.
CVE-2020-23648 Asus RT-N12E 2.0.0.39 is affected by an incorrect access control vulnerability
Moreover, the hack utility of Asus RT-N12E 2.0.0.39 allows remote attackers to cause a denial of service (DoS) or remote code execution
Episode
00:00:00
00:00:00