Total
2747 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-43501 | 1 Jenkins | 1 Build Failure Analyzer | 2023-09-22 | N/A | 6.5 MEDIUM |
| A missing permission check in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password. | |||||
| CVE-2023-43135 | 1 Tp-link | 2 Tl-er5120g, Tl-er5120g Firmware | 2023-09-22 | N/A | 9.8 CRITICAL |
| There is an unauthorized access vulnerability in TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel.80868n, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management. | |||||
| CVE-2023-43134 | 1 Netis-systems | 2 360r, 360r Firmware | 2023-09-22 | N/A | 9.8 CRITICAL |
| There is an unauthorized access vulnerability in Netis 360RAC1200 v1.3.4517, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management. | |||||
| CVE-2023-42469 | 1 Fulldive | 1 Full Dialer | 2023-09-18 | N/A | 3.3 LOW |
| The com.full.dialer.top.secure.encrypted application through 1.0.1 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.full.dialer.top.secure.encrypted.activities.DialerActivity component. | |||||
| CVE-2020-25718 | 2 Fedoraproject, Samba | 2 Fedora, Samba | 2023-09-17 | 6.5 MEDIUM | 8.8 HIGH |
| A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC (read-only domain controller). This would allow an RODC to print administrator tickets. | |||||
| CVE-2023-40309 | 1 Sap | 9 Commoncryptolib, Content Server, Extended Application Services And Runtime and 6 more | 2023-09-15 | N/A | 9.8 CRITICAL |
| SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Depending on the application and the level of privileges acquired, an attacker could abuse functionality restricted to a particular user group as well as read, modify or delete restricted data. | |||||
| CVE-2023-39073 | 1 Voltronicpower | 1 Snmp Web Pro | 2023-09-15 | N/A | 9.8 CRITICAL |
| An issue in SNMP Web Pro v.1.1 allows a remote attacker to execute arbitrary code and obtain senstive information via a crafted request. | |||||
| CVE-2023-4104 | 1 Mozilla | 1 Vpn | 2023-09-13 | N/A | 5.5 MEDIUM |
| An invalid Polkit Authentication check and missing authentication requirements for D-Bus methods allowed any local user to configure arbitrary VPN setups. *This bug only affects Mozilla VPN on Linux. Other operating systems are unaffected.* This vulnerability affects Mozilla VPN client for Linux < v2.16.1. | |||||
| CVE-2023-40625 | 1 Sap | 1 S4core | 2023-09-13 | N/A | 5.4 MEDIUM |
| S4CORE (Manage Purchase Contracts App) - versions 102, 103, 104, 105, 106, 107, does not perform necessary authorization checks for an authenticated user. This could allow an attacker to perform unintended actions resulting in escalation of privileges which has low impact on confidentiality and integrity with no impact on availibility of the system. | |||||
| CVE-2023-40040 | 2 Google, Mycrops | 2 Android, Higrade | 2023-09-13 | N/A | 5.3 MEDIUM |
| An issue was discovered in the MyCrops HiGrade "THC Testing & Cannabi" application 1.0.337 for Android. A remote attacker can start the camera feed via the com.cordovaplugincamerapreview.CameraActivity component in some situations. NOTE: this is only exploitable on Android versions that lack runtime permission checks, and of those only Android SDK 5.1.1 API 22 is consistent with the manifest. Thus, this applies only to Android Lollipop, affecting less than five percent of Android devices as of 2023. | |||||
| CVE-2023-35665 | 1 Google | 1 Android | 2023-09-13 | N/A | 7.8 HIGH |
| In multiple files, there is a possible way to import a contact from another user due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-41945 | 1 Jenkins | 1 Assembla Auth | 2023-09-11 | N/A | 8.8 HIGH |
| Jenkins Assembla Auth Plugin 1.14 and earlier does not verify that the permissions it grants are enabled, resulting in users with EDIT permissions to be granted Overall/Manage and Overall/SystemRead permissions, even if those permissions are disabled and should not be granted. | |||||
| CVE-2023-41947 | 1 Jenkins | 1 Frugal Testing | 2023-09-11 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins Frugal Testing Plugin 1.1 and earlier allows attackers with Overall/Read permission to connect to Frugal Testing using attacker-specified credentials. | |||||
| CVE-2023-41941 | 1 Jenkins | 1 Aws Codecommit Trigger | 2023-09-11 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins. | |||||
| CVE-2023-41943 | 1 Jenkins | 1 Aws Codecommit Trigger | 2023-09-11 | N/A | 6.5 MEDIUM |
| Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to clear the SQS queue. | |||||
| CVE-2023-39966 | 1 Fit2cloud | 1 1panel | 2023-09-08 | N/A | 9.8 CRITICAL |
| 1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, an arbitrary file write vulnerability could lead to direct control of the server. In the `api/v1/file.go` file, there is a function called `SaveContentthat,It `recieves JSON data sent by users in the form of a POST request. And the lack of parameter filtering allows for arbitrary file write operations. Version 1.5.0 contains a patch for this issue. | |||||
| CVE-2022-48452 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-09-08 | N/A | 4.4 MEDIUM |
| In Ifaa service, there is a possible missing permission check. This could lead to local denial of service with System execution privileges needed | |||||
| CVE-2023-41908 | 1 Cerebrate-project | 1 Cerebrate | 2023-09-08 | N/A | 5.3 MEDIUM |
| Cerebrate before 1.15 lacks the Secure attribute for the session cookie. | |||||
| CVE-2023-33915 | 2 Google, Unisoc | 5 Android, S8000, T760 and 2 more | 2023-09-08 | N/A | 7.5 HIGH |
| In LTE protocol stack, there is a possible missing permission check. This could lead to remote information disclosure no additional execution privileges needed | |||||
| CVE-2023-38466 | 2 Google, Unisoc | 13 Android, S8000, Sc9832e and 10 more | 2023-09-08 | N/A | 5.5 MEDIUM |
| In ims service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges | |||||