Skip to main content
CVE-2023-30725 MEDIUM This Month

Improper authentication in LocalProvier of Gallery prior to version 14.5.01.2 allows attacker to access the data in content provider. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Gallery
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-30720 MEDIUM This Month

PendingIntent hijacking in LmsAssemblyTrackerCTC prior to SMR Sep-2023 Release 1 allows local attacker to gain arbitrary file access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-30716 MEDIUM This Month

Improper access control vulnerability in SVCAgent prior to SMR Sep-2023 Release 1 allows attackers to trigger certain commands. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-30713 MEDIUM This Month

Improper privilege management vulnerability in FolderLockNotifier in One UI Home prior to SMR Sep-2023 Release 1 allows local attackers to change some settings of the folder lock. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-32438 MEDIUM This Month

This issue was addressed with improved checks to prevent unauthorized actions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados Iphone Os macOS +1
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-32432 MEDIUM This Month

A privacy issue was addressed with improved handling of temporary files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS +2
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-27950 MEDIUM This Month

An out-of-bounds read was addressed with improved input validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-41327 MEDIUM PATCH This Month

WireMock is a tool for mocking HTTP services. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Docker Studio Wiremock
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-41940 MEDIUM This Month

Jenkins TAP Plugin 2.3 and earlier does not escape TAP file contents, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control TAP file contents. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Tap
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-41931 MEDIUM PATCH This Month

Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not property sanitize or escape the timestamp value from history entries when rendering a history entry on the history. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Job Configuration History
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-41150 MEDIUM This Month

F-RevoCRM 7.3 series prior to version7.3.8 contains a cross-site scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS F Revocrm
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-36388 MEDIUM PATCH This Month

Improper REST API permission in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma users to test network connections, possible SSRF. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache SSRF Superset
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2023-36387 MEDIUM PATCH This Month

An improper default REST API permission for Gamma users in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma user to test database connections. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Apache Authentication Bypass Superset
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2023-4498 MEDIUM This Month

Tenda N300 Wireless N VDSL2 Modem Router allows unauthenticated access to pages that in turn should be accessible to authenticated users only. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Tenda N300 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-41934 MEDIUM PATCH This Month

Jenkins Pipeline Maven Integration Plugin 1330.v18e473854496 and earlier does not properly mask (i.e., replace with asterisks) usernames of credentials specified in custom Maven settings in Pipeline. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Pipeline Maven Integration
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-34352 MEDIUM This Month

A permissions issue was addressed with improved redaction of sensitive information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Apple Ipados Iphone Os macOS +2
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-32370 MEDIUM This Month

A logic issue was addressed with improved validation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS Webkitgtk Wpe Webkit
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-4588 MEDIUM This Month

File accessibility vulnerability in Delinea Secret Server, in its v10.9.000002 and v11.4.000002 versions. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Secret Server
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2023-30706 MEDIUM This Month

Improper authorization in Samsung Keyboard prior to SMR Sep-2023 Release 1 allows attacker to read arbitrary file with system privilege. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
4.9
EPSS
0.4%
CVE-2023-40560 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Schedule Posts Calendar
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-40552 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Fitness Calculators Plugin
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-40329 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Custom Admin Login Page Wpzest Plugin
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-40328 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Carrrot
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-40007 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ct Commerce
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-30714 MEDIUM This Month

Improper authorization vulnerability in FolderContainerDragDelegate in One UI Home prior to SMR Sep-2023 Release 1 allows physical attackers to change some settings of the folder lock. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2023-30721 MEDIUM This Month

Insertion of sensitive information into log vulnerability in Locksettings prior to SMR Sep-2023 Release 1 allows a privileged local attacker to get lock screen match information from the log. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-32672 MEDIUM PATCH This Month

An Incorrect authorisation check in SQLLab in Apache Superset versions up to and including 2.1.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Authentication Bypass Superset
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-41947 MEDIUM This Month

A missing permission check in Jenkins Frugal Testing Plugin 1.1 and earlier allows attackers with Overall/Read permission to connect to Frugal Testing using attacker-specified credentials. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Frugal Testing
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-41942 MEDIUM This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers to clear the SQS queue. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Aws Codecommit Trigger
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-41941 MEDIUM This Month

A missing permission check in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Aws Codecommit Trigger
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-41930 MEDIUM PATCH This Month

Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not restrict the 'name' query parameter when rendering a history entry, allowing attackers to have Jenkins render a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Path Traversal Job Configuration History
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2023-39264 MEDIUM PATCH This Month

By default, stack traces for errors were enabled, which resulted in the exposure of internal traces on REST API endpoints to users. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Superset
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2023-27526 MEDIUM PATCH This Month

A non Admin authenticated user could incorrectly create resources using the import charts feature, on Apache Superset up to and including 2.1.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Authentication Bypass Superset
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2023-27523 MEDIUM PATCH This Month

Improper data authorization check on Jinja templated queries in Apache Superset up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Authentication Bypass Superset
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-28208 MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-41946 LOW Monitor

A cross-site request forgery (CSRF) vulnerability in Jenkins Frugal Testing Plugin 1.1 and earlier allows attackers to connect to Frugal Testing using attacker-specified credentials, and to retrieve. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins CSRF Frugal Testing
NVD
CVSS 3.1
3.5
EPSS
0.3%
CVE-2023-41053 LOW PATCH Monitor

Redis is an in-memory database that persists on disk. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Redis
NVD GitHub
CVSS 3.1
3.3
EPSS
0.3%
CVE-2023-40392 LOW Monitor

A privacy issue was addressed with improved private data redaction for log entries. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2023-38605 LOW Monitor

This issue was addressed with improved redaction of sensitive information. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2023-30724 LOW Monitor

Improper authentication in GallerySearchProvider of Gallery prior to version 14.5.01.2 allows attacker to access search history. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Gallery
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2023-30719 LOW Monitor

Exposure of Sensitive Information vulnerability in InboundSmsHandler prior to SMR Sep-2023 Release 1 allows local attackers to access certain message data. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2023-30718 LOW Monitor

Improper export of android application components vulnerability in WifiApAutoHotspotEnablingActivity prior to SMR Sep-2023 Release 1 allows local attacker to change a Auto Hotspot setting. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Google Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2023-30717 LOW Monitor

Sensitive information exposure vulnerability in SVCAgent prior to SMR Sep-2023 Release 1 allows attackers to get unresettable identifiers. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2023-30715 LOW Monitor

Improper access control vulnerability in Weather prior to SMR Sep-2023 Release 1 allows attackers to access location information set in Weather without permission. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2023-30711 LOW Monitor

Improper authentication in Phone and Messaging Storage SMR SEP-2023 Release 1 allows attacker to insert arbitrary data to the provider. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2023-28195 LOW Monitor

A privacy issue was addressed with improved private data redaction for log entries. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
3.3
EPSS
0.2%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy