Total
2641 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-36856 | 1 Google | 1 Android | 2023-07-21 | N/A | 3.3 LOW |
| Improper access control vulnerability in Telecom application prior to SMR Sep-2022 Release 1 allows attacker to start emergency calls via undefined permission. | |||||
| CVE-2022-32220 | 1 Rocket.chat | 1 Rocket.chat | 2023-07-21 | N/A | 6.5 MEDIUM |
| An information disclosure vulnerability exists in Rocket.Chat <v5 due to the getUserMentionsByChannel meteor server method discloses messages from private channels and direct messages regardless of the users access permission to the room. | |||||
| CVE-2022-3451 | 1 Addify | 1 Product Stock Manager | 2023-07-21 | N/A | 4.3 MEDIUM |
| The Product Stock Manager WordPress plugin before 1.0.5 does not have authorisation and proper CSRF checks in multiple AJAX actions, allowing users with a role as low as subscriber to call them. One action in particular could allow to update arbitrary options | |||||
| CVE-2023-21257 | 1 Google | 1 Android | 2023-07-20 | N/A | 7.8 HIGH |
| In updateSettingsInternalLI of InstallPackageHelper.java, there is a possible way to sideload an app in the work profile due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2022-2987 | 1 Ldap Wp Login \/ Active Directory Integration Project | 1 Ldap Wp Login \/ Active Directory Integration | 2023-07-20 | N/A | 7.5 HIGH |
| The Ldap WP Login / Active Directory Integration WordPress plugin before 3.0.2 does not have any authorisation and CSRF checks when updating it's settings (which are hooked to the init action), allowing unauthenticated attackers to update them. Attackers could set their own LDAP server to be used to authenticated users, therefore bypassing the current authentication | |||||
| CVE-2023-37950 | 1 Jenkins | 1 Mabl | 2023-07-20 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins mabl Plugin 0.0.46 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | |||||
| CVE-2023-37949 | 1 Jenkins | 1 Orka By Macstadium | 2023-07-20 | N/A | 7.1 HIGH |
| A missing permission check in Jenkins Orka by MacStadium Plugin 1.33 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2023-37965 | 1 Jenkins | 1 Elasticbox Ci | 2023-07-20 | N/A | 7.1 HIGH |
| A missing permission check in Jenkins ElasticBox CI Plugin 5.0.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2023-37963 | 1 Jenkins | 1 Benchmark Evaluator | 2023-07-20 | N/A | 5.4 MEDIUM |
| A missing permission check in Jenkins Benchmark Evaluator Plugin 1.0.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL and to check for the existence of directories, `.csv`, and `.ycsb` files on the Jenkins controller file system. | |||||
| CVE-2023-33880 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-07-20 | N/A | 3.3 LOW |
| In music service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
| CVE-2023-33879 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-07-20 | N/A | 3.3 LOW |
| In music service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
| CVE-2023-37959 | 1 Jenkins | 1 Sumologic Publisher | 2023-07-20 | N/A | 6.5 MEDIUM |
| A missing permission check in Jenkins Sumologic Publisher Plugin 2.2.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. | |||||
| CVE-2023-37956 | 1 Jenkins | 1 Test Results Aggregator | 2023-07-20 | N/A | 6.5 MEDIUM |
| A missing permission check in Jenkins Test Results Aggregator Plugin 1.2.13 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | |||||
| CVE-2023-30939 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-07-20 | N/A | 5.5 MEDIUM |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
| CVE-2023-30928 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-07-20 | N/A | 7.8 HIGH |
| In telephony service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | |||||
| CVE-2023-30938 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-07-20 | N/A | 5.5 MEDIUM |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
| CVE-2023-30940 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-07-20 | N/A | 5.5 MEDIUM |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
| CVE-2023-30941 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-07-20 | N/A | 5.5 MEDIUM |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
| CVE-2023-30936 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-07-20 | N/A | 5.5 MEDIUM |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
| CVE-2023-30937 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-07-20 | N/A | 5.5 MEDIUM |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||