Skip to main content
CVE-2023-20923 MEDIUM This Month

In exported content providers of ShannonRcs, there is a possible way to get access to protected content providers due to a permissions bypass. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Google Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-20922 MEDIUM This Month

In setMimeGroup of PackageManagerService.java, there is a possible crash loop due to resource exhaustion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Google Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-20908 MEDIUM This Month

In several functions of SettingsState.java, there is a possible system crash loop due to resource exhaustion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Google Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-0394 MEDIUM PATCH This Month

A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2023-24494 MEDIUM PATCH This Month

A stored cross-site scripting (XSS) vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Tenable Sc
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-23949 MEDIUM This Month

An authenticated user can supply malicious HTML and JavaScript code that will be executed in the client browser. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Symantec Identity Governance And Administration Symantec Identity Manager
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-23611 MEDIUM PATCH This Month

LTI Consumer XBlock implements the consumer side of the LTI specification enabling integration of third-party LTI provider tools. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Xblock Lti Consumer
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-22468 MEDIUM This Month

Discourse is an open source platform for community discussion. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Discourse
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0452 MEDIUM This Month

Econolite EOS versions prior to 3.2.23 use a weak hash algorithm for encrypting privileged user credentials. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Eos
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-22725 MEDIUM This Month

GLPI is a Free Asset and IT Management Software package. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Glpi
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-22724 MEDIUM This Month

GLPI is a Free Asset and IT Management Software package. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Glpi
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-24455 MEDIUM This Month

Jenkins visualexpert Plugin 1.3 and earlier does not restrict the names of files in methods implementing form validation, allowing attackers with Item/Configure permission to check for the existence. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Path Traversal Visual Expert
NVD
CVSS 3.1
4.3
EPSS
1.2%
CVE-2023-24451 MEDIUM This Month

A missing permission check in Jenkins Cisco Spark Notifier Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Cisco Authentication Bypass Cisco Spark
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-24449 MEDIUM This Month

Jenkins PWauth Security Realm Plugin 0.4 and earlier does not restrict the names of files in methods implementing form validation, allowing attackers with Overall/Read permission to check for the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Path Traversal Pwauth Security Realm
NVD
CVSS 3.1
4.3
EPSS
1.2%
CVE-2023-24436 MEDIUM This Month

A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Github Pull Request Builder
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-24431 MEDIUM PATCH This Month

A missing permission check in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Orka By Macstadium
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-0463 LOW Monitor

The force offline MFA prompt setting is not respected when switching to offline mode in Devolutions Remote Desktop Manager 2022.3.29 to 2022.3.30 allows a user to save sensitive data on disk. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Remote Desktop Manager
NVD
CVSS 3.1
3.3
EPSS
0.2%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy