Total
1438 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-2233 | 1 Jenkins | 1 Pipeline Maven Integration | 2023-10-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | |||||
| CVE-2020-2228 | 1 Jenkins | 1 Gitlab Authentication | 2023-10-25 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins Gitlab Authentication Plugin 1.5 and earlier does not perform group authorization checks properly, resulting in a privilege escalation vulnerability. | |||||
| CVE-2020-2188 | 1 Jenkins | 1 Amazon Ec2 | 2023-10-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins Amazon EC2 Plugin 1.50.1 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | |||||
| CVE-2020-2148 | 1 Jenkins | 1 Mac | 2023-10-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins Mac Plugin 1.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials. | |||||
| CVE-2020-2135 | 1 Jenkins | 1 Script Security | 2023-10-25 | 6.5 MEDIUM | 8.8 HIGH |
| Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted method calls on objects that implement GroovyInterceptable. | |||||
| CVE-2020-2134 | 1 Jenkins | 1 Script Security | 2023-10-25 | 6.5 MEDIUM | 8.8 HIGH |
| Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted constructor calls and crafted constructor bodies. | |||||
| CVE-2020-2104 | 1 Jenkins | 1 Jenkins | 2023-10-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins 2.218 and earlier, LTS 2.204.1 and earlier allowed users with Overall/Read access to view a JVM memory usage chart. | |||||
| CVE-2020-2097 | 1 Jenkins | 1 Sounds | 2023-10-25 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins Sounds Plugin 0.5 and earlier does not perform permission checks in URLs performing form validation, allowing attackers with Overall/Read access to execute arbitrary OS commands as the OS user account running Jenkins. | |||||
| CVE-2019-16538 | 1 Jenkins | 1 Script Security | 2023-10-25 | 6.5 MEDIUM | 8.8 HIGH |
| A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.67 and earlier related to the handling of default parameter expressions in closures allowed attackers to execute arbitrary code in sandboxed scripts. | |||||
| CVE-2023-29484 | 1 Terminalfour | 1 Terminalfour | 2023-10-24 | N/A | 6.5 MEDIUM |
| In Terminalfour before 8.3.16, misconfigured LDAP users are able to login with an invalid password. | |||||
| CVE-2023-40829 | 1 Tencent | 1 Enterprise Wechat Privatization | 2023-10-24 | N/A | 7.5 HIGH |
| There is an interface unauthorized access vulnerability in the background of Tencent Enterprise Wechat Privatization 2.5.x and 2.6.930000. | |||||
| CVE-2023-36387 | 1 Apache | 1 Superset | 2023-10-19 | N/A | 5.4 MEDIUM |
| An improper default REST API permission for Gamma users in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma user to test database connections. | |||||
| CVE-2023-41882 | 1 Vantage6 | 1 Vantage6 | 2023-10-18 | N/A | 4.3 MEDIUM |
| vantage6 is privacy preserving federated learning infrastructure. The endpoint /api/collaboration/{id}/task is used to collect all tasks from a certain collaboration. To get such tasks, a user should have permission to view the collaboration and to view the tasks in it. However, prior to version 4.0.0, it is only checked if the user has permission to view the collaboration. Version 4.0.0 contains a patch. There are no known workarounds. | |||||
| CVE-2023-28635 | 1 Vantage6 | 1 Vantage6 | 2023-10-17 | N/A | 5.4 MEDIUM |
| vantage6 is privacy preserving federated learning infrastructure. Prior to version 4.0.0, malicious users may try to get access to resources they are not allowed to see, by creating resources with integers as names. One example where this is a risk, is when users define which users are allowed to run algorithms on their node. This may be defined by username or user id. Now, for example, if user id 13 is allowed to run tasks, and an attacker creates a username with username '13', they would be wrongly allowed to run an algorithm. There may also be other places in the code where such a mixup of resource ID or name leads to issues. Version 4.0.0 contains a patch for this issue. The best solution is to check when resources are created or modified, that the resource name always starts with a character. | |||||
| CVE-2023-35653 | 1 Google | 1 Android | 2023-10-14 | N/A | 4.4 MEDIUM |
| In TBD of TBD, there is a possible way to access location information due to a permissions bypass. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-5521 | 1 Kernelsu | 1 Kernelsu | 2023-10-13 | N/A | 9.8 CRITICAL |
| Incorrect Authorization in GitHub repository tiann/kernelsu prior to v0.6.9. | |||||
| CVE-2023-30995 | 2 Ibm, Linux | 2 Aspera Faspex, Linux Kernel | 2023-10-10 | N/A | 7.5 HIGH |
| IBM Aspera Faspex 4.0 through 4.4.2 and 5.0 through 5.0.5 could allow a malicious actor to bypass IP whitelist restrictions using a specially crafted HTTP request. IBM X-Force ID: 254268. | |||||
| CVE-2023-4997 | 1 Prointegra | 1 Uptimedc | 2023-10-05 | N/A | 8.8 HIGH |
| Improper authorisation of regular users in ProIntegra Uptime DC software (versions below 2.0.0.33940) allows them to change passwords of all other users including administrators leading to a privilege escalation. | |||||
| CVE-2023-41078 | 1 Apple | 1 Macos | 2023-10-05 | N/A | 5.5 MEDIUM |
| An authorization issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14. An app may be able to bypass certain Privacy preferences. | |||||
| CVE-2023-5195 | 1 Mattermost | 1 Mattermost | 2023-10-03 | N/A | 5.4 MEDIUM |
| Mattermost fails to properly validate the permissions when soft deleting a team allowing a team member to soft delete other teams that they are not part of | |||||