Total
2641 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-1003037 | 1 Jenkins | 1 Azure Vm Agents | 2023-10-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMCloud.java that allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | |||||
| CVE-2019-1003036 | 1 Jenkins | 1 Azure Vm Agents | 2023-10-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| A data modification vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgent.java that allows attackers with Overall/Read permission to attach a public IP address to an Azure VM agent. | |||||
| CVE-2019-1003035 | 1 Jenkins | 1 Azure Vm Agents | 2023-10-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgentTemplate.java, src/main/java/com/microsoft/azure/vmagent/AzureVMCloud.java that allows attackers with Overall/Read permission to perform the 'verify configuration' form validation action, thereby obtaining limited information about the Azure configuration. | |||||
| CVE-2019-1003025 | 1 Jenkins | 1 Cloud Foundry | 2023-10-25 | 4.0 MEDIUM | 8.8 HIGH |
| A exposure of sensitive information vulnerability exists in Jenkins Cloud Foundry Plugin 2.3.1 and earlier in AbstractCloudFoundryPushDescriptor.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2019-1003006 | 1 Jenkins | 1 Groovy | 2023-10-25 | 6.5 MEDIUM | 8.8 HIGH |
| A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.0 and earlier in src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM. | |||||
| CVE-2023-27792 | 1 Ixpdata | 1 Easyinstall | 2023-10-25 | N/A | 7.8 HIGH |
| An issue found in IXP Data Easy Install v.6.6.14884.0 allows an attacker to escalate privileges via lack of permissions applied to sub directories. | |||||
| CVE-2023-3932 | 1 Gitlab | 1 Gitlab | 2023-10-20 | N/A | 6.5 MEDIUM |
| An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies. | |||||
| CVE-2023-40344 | 1 Jenkins | 1 Delphix | 2023-10-20 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins Delphix Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | |||||
| CVE-2023-44689 | 1 E-gov | 1 E-gov | 2023-10-18 | N/A | 4.3 MEDIUM |
| e-Gov Client Application (Windows version) versions prior to 2.1.1.0 and e-Gov Client Application (macOS version) versions prior to 1.1.1.0 are vulnerable to improper authorization in handler for custom URL scheme. A crafted URL may direct the product to access an arbitrary website. As a result, the user may become a victim of a phishing attack. | |||||
| CVE-2022-36228 | 1 Janusintl | 6 Noke Hd\+ Smart Padlock, Noke Hd\+ Smart Padlock Firmware, Noke Hd Smart Padlock and 3 more | 2023-10-12 | N/A | 6.5 MEDIUM |
| Nokelock Smart padlock O1 Version 5.3.0 is vulnerable to Insecure Permissions. By sending a request, you can add any device and set the device password in the Nokelock app. | |||||
| CVE-2023-5331 | 1 Mattermost | 1 Mattermost Server | 2023-10-12 | N/A | 5.3 MEDIUM |
| Mattermost fails to properly check the creator of an attached file when adding the file to a draft post, potentially exposing unauthorized file information. | |||||
| CVE-2023-21244 | 1 Google | 1 Android | 2023-10-12 | N/A | 6.7 MEDIUM |
| In visitUris of Notification.java, there is a possible bypass of user profile boundaries due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-42473 | 1 Sap | 1 S\/4hana | 2023-10-11 | N/A | 5.4 MEDIUM |
| S/4HANA Manage (Withholding Tax Items) - version 106, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges which has low impact on the confidentiality and integrity of the application. | |||||
| CVE-2023-40654 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-10-11 | N/A | 6.7 MEDIUM |
| In FW-PackageManager, there is a possible missing permission check. This could lead to local escalation of privilege with System execution privileges needed | |||||
| CVE-2023-43700 | 1 Sick | 2 Apu0200, Apu0200 Firmware | 2023-10-11 | N/A | 7.5 HIGH |
| Missing Authorization in RDT400 in SICK APU allows an unprivileged remote attacker to modify data via HTTP requests that no not require authentication. | |||||
| CVE-2023-45247 | 4 Acronis, Apple, Linux and 1 more | 4 Agent, Macos, Linux Kernel and 1 more | 2023-10-11 | N/A | 7.1 HIGH |
| Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 36497. | |||||
| CVE-2023-21291 | 1 Google | 1 Android | 2023-10-11 | N/A | 5.5 MEDIUM |
| In visitUris of Notification.java, there is a possible way to reveal image contents from another user due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-40647 | 2 Google, Unisoc | 2 Android, Sc9863a | 2023-10-11 | N/A | 5.5 MEDIUM |
| In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | |||||
| CVE-2023-40646 | 2 Google, Unisoc | 2 Android, Sc9863a | 2023-10-11 | N/A | 5.5 MEDIUM |
| In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | |||||
| CVE-2023-40645 | 2 Google, Unisoc | 2 Android, Sc9863a | 2023-10-11 | N/A | 5.5 MEDIUM |
| In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | |||||