Jenkins Oracle Cloud Infrastructure Compute Plugin 1.0.16 and earlier does not validate SSH host keys when connecting OCI clouds, enabling man-in-the-middle attacks. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
In JetBrains IntelliJ IDEA before 2023.1.4 license dialog could be suppressed in certain cases. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
In music service, there is a missing permission check. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In music service, there is a missing permission check. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.