Skip to main content
CVE-2023-0284 HIGH This Week

Improper Input Validation of LDAP user IDs in Tribe29 Checkmk allows attackers that can control LDAP user IDs to manipulate files on the server. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Checkmk
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2023-20928 HIGH This Week

In binder_vma_close of binder.c, there is a possible use after free due to improper locking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Google Use After Free Privilege Escalation Memory Corruption +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-20925 HIGH This Week

In setUclampMinLocked of PowerSessionManager.cpp, there is a possible way to corrupt memory due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Google Use After Free Privilege Escalation Memory Corruption +1
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-20920 HIGH This Week

In queue of UsbRequest.java, there is a possible way to corrupt memory due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Google Use After Free Privilege Escalation Memory Corruption +1
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-20919 HIGH This Week

In getStringsForPrefix of Settings.java, there is a possible prevention of package uninstallation due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-20916 HIGH This Week

In getMainActivityLaunchIntent of LauncherAppsService.java, there is a possible way to bypass the restrictions on starting activities from the background due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Google Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-20915 HIGH This Week

In addOrReplacePhoneAccount of PhoneAccountRegistrar.java, there is a possible way to enable a phone account without user interaction due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-20913 HIGH This Week

In onCreate of PhoneAccountSettingsActivity.java and related files, there is a possible way to mislead the user into enabling a malicious phone account due to a tapjacking/overlay attack. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Java Privilege Escalation Google XSS Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-20912 HIGH This Week

In onActivityResult of AvatarPickerActivity.java, there is a possible way to access images belonging to other users due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Google Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-20905 HIGH This Week

In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-20904 HIGH This Week

In getTrampolineIntent of SettingsActivity.java, there is a possible launch of arbitrary activity due to an Intent mismatch in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-22500 HIGH This Week

GLPI is a Free Asset and IT Management Software package. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Glpi
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-0451 HIGH This Week

Econolite EOS versions prior to 3.2.23 lack a password requirement for gaining “READONLY” access to log files and certain database and configuration files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Eos
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-0356 HIGH This Week

SOCOMEC MODULYS GP Netvision versions 7.20 and prior lack strong encryption for credentials on HTTP connections, which could result in threat actors obtaining sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Net Vision
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-23609 HIGH PATCH This Week

Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Contiki Ng
NVD GitHub
CVSS 3.1
7.4
EPSS
0.4%
CVE-2023-20921 HIGH This Week

In onPackageRemoved of AccessibilityManagerService.java, there is a possibility to automatically grant accessibility services due to a logic error in the code. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2023-0412 HIGH PATCH This Week

TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Wireshark Debian Linux
NVD
CVSS 3.1
7.1
EPSS
0.8%
CVE-2023-20924 MEDIUM This Month

In (TBD) of (TBD), there is a possible way to bypass the lockscreen due to Biometric Auth Failure. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Google Authentication Bypass Android
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2023-24495 MEDIUM PATCH This Month

A Server Side Request Forgery (SSRF) vulnerability exists in Tenable.sc due to improper validation of session & user-accessible input data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Tenable Sc
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-24459 MEDIUM This Month

A missing permission check in Jenkins BearyChat Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Bearychat
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-24457 MEDIUM PATCH This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Keycloak Authentication Plugin 2.3.0 and earlier allows attackers to trick users into logging in to the attacker's account. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Keycloak Authentication
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-24453 MEDIUM This Month

A missing check in Jenkins TestQuality Updater Plugin 1.3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Testquality Updater
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-24450 MEDIUM This Month

Jenkins view-cloner Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure View Cloner
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-24448 MEDIUM This Month

A missing permission check in Jenkins RabbitMQ Consumer Plugin 2.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified AMQP(S) URL using attacker-specified. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Rabbitmq Consumer
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-24438 MEDIUM This Month

A missing permission check in Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Atlassian Jira Pipeline Steps
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-24435 MEDIUM This Month

A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Github Pull Request Builder
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-24433 MEDIUM PATCH This Month

Missing permission checks in Jenkins Orka by MacStadium Plugin 1.31 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Orka By Macstadium
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-24425 MEDIUM PATCH This Month

Jenkins Kubernetes Credentials Provider Plugin 1.208.v128ee9800c04 and earlier does not set the appropriate context for Kubernetes credentials lookup, allowing attackers with Item/Configure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Jenkins Authentication Bypass Kubernetes Credentials Provider
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-24423 MEDIUM PATCH This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Gerrit Trigger Plugin 2.38.0 and earlier allows attackers to rebuild previous builds triggered by Gerrit. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Gerrit Trigger
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-23613 MEDIUM PATCH This Month

OpenSearch is an open source distributed and RESTful search engine. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Opensearch
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-23610 MEDIUM This Month

GLPI is a Free Asset and IT Management Software package. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Glpi
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-22739 MEDIUM This Month

Discourse is an open source platform for community discussion. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Discourse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-0476 MEDIUM PATCH This Month

A LDAP injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Code Injection Tenable Sc
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-0417 MEDIUM PATCH This Month

Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Wireshark
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-0416 MEDIUM PATCH This Month

GNW dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Wireshark
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-0415 MEDIUM PATCH This Month

iSCSI dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Wireshark
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-0414 MEDIUM PATCH This Month

Crash in the EAP dissector in Wireshark 4.0.0 to 4.0.2 allows denial of service via packet injection or crafted capture file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Wireshark
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-0413 MEDIUM PATCH This Month

Dissection engine bug in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Wireshark
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-0411 MEDIUM PATCH This Month

Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Wireshark
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-0229 MEDIUM PATCH This Month

A flaw was found in github.com/openshift/apiserver-library-go, used in OpenShift 4.12 and 4.11, that contains an issue that can allow low-privileged users to set the seccomp profile for pods they. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Openshift
NVD
CVSS 3.1
6.3
EPSS
0.6%
CVE-2023-24445 MEDIUM This Month

Jenkins OpenID Plugin 2.4 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Open Redirect Openid
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-23951 MEDIUM This Month

Ability to enumerate the Oracle LDAP attributes for the current user by modifying the query used by the application. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle XSS Symantec Identity Governance And Administration Symantec Identity Manager
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-23950 MEDIUM This Month

User’s supplied input (usually a CRLF sequence) can be used to split a returning response into two responses. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Symantec Identity Governance And Administration Symantec Identity Manager
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-22722 MEDIUM This Month

GLPI is a Free Asset and IT Management Software package. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Glpi
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-24493 MEDIUM PATCH This Month

A formula injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity.

Code Injection Tenable Sc
NVD
CVSS 3.1
5.7
EPSS
0.7%
CVE-2023-24428 MEDIUM PATCH This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket OAuth Plugin 0.12 and earlier allows attackers to trick users into logging in to the attacker's account. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins CSRF Bitbucket Oauth
NVD
CVSS 3.1
5.7
EPSS
0.5%
CVE-2023-24454 MEDIUM This Month

Jenkins TestQuality Updater Plugin 1.3 and earlier stores the TestQuality Updater password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Testquality Updater
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-24442 MEDIUM This Month

Jenkins GitHub Pull Request Coverage Status Plugin 2.2.0 and earlier stores the GitHub Personal Access Token, Sonar access token and Sonar password unencrypted in its global configuration file on the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Github Pull Request Coverage Status
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-24440 MEDIUM This Month

Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier transmits the private key in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Atlassian Jira Pipeline Steps
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-24439 MEDIUM This Month

Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier stores the private keys unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Atlassian Jira Pipeline Steps
NVD
CVSS 3.1
5.5
EPSS
0.2%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy