Total
1466 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-43508 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2023-11-01 | N/A | 6.5 MEDIUM |
| Vulnerabilities in the web-based management interface of ClearPass Policy Manager allow an attacker with read-only privileges to perform actions that change the state of the ClearPass Policy Manager instance. Successful exploitation of these vulnerabilities allow an attacker to complete state-changing actions in the web-based management interface that should not be allowed by their current level of authorization on the platform. | |||||
| CVE-2023-43961 | 1 Dromara | 1 Sa-token | 2023-11-01 | N/A | 8.8 HIGH |
| An issue in Dromara SaToken version 1.3.50RC and before when using Spring dynamic controllers, a specially crafted request may cause an authentication bypass. | |||||
| CVE-2023-34051 | 1 Vmware | 1 Aria Operations For Logs | 2023-10-30 | N/A | 9.8 CRITICAL |
| VMware Aria Operations for Logs contains an authentication bypass vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution. | |||||
| CVE-2023-43119 | 1 Extremenetworks | 1 Exos | 2023-10-27 | N/A | 9.8 CRITICAL |
| An Access Control issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, also fixed in 22.7, 31.7.2 allows attackers to gain escalated privileges using crafted telnet commands via Redis server. | |||||
| CVE-2022-36785 | 1 Dlink | 2 G Integrated Access Device4, G Integrated Access Device4 Firmware | 2023-10-25 | N/A | 7.5 HIGH |
| D-Link – G integrated Access Device4 Information Disclosure & Authorization Bypass. *Information Disclosure – file contains a URL with private IP at line 15 "login.asp" A. The window.location.href = http://192.168.1.1/setupWizard.asp" http://192.168.1.1/setupWizard.asp" ; "admin" – contains default username value "login.asp" B. While accessing the web interface, the login form at *Authorization Bypass – URL by "setupWizard.asp' while it blocks direct access to – the web interface does not properly validate user identity variables values located at the client side, it is available to access it without a "login_glag" and "login_status" checking browser and to read the admin user credentials for the web interface. | |||||
| CVE-2021-21664 | 1 Jenkins | 1 Xebialabs Xl Deploy | 2023-10-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| An incorrect permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Generic Create permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins. | |||||
| CVE-2021-21624 | 1 Jenkins | 1 Role-based Authorization Strategy | 2023-10-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| An incorrect permission check in Jenkins Role-based Authorization Strategy Plugin 3.1 and earlier allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read permission for parent folders. | |||||
| CVE-2021-21623 | 1 Jenkins | 1 Matrix Authorization Strategy | 2023-10-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| An incorrect permission check in Jenkins Matrix Authorization Strategy Plugin 2.6.5 and earlier allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read permission for parent folders. | |||||
| CVE-2021-21609 | 1 Jenkins | 1 Jenkins | 2023-10-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not correctly match requested URLs to the list of always accessible paths, allowing attackers without Overall/Read permission to access some URLs as if they did have Overall/Read permission. | |||||
| CVE-2020-2258 | 1 Jenkins | 1 Health Advisor By Cloudbees | 2023-10-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Health Advisor by CloudBees Plugin 3.2.0 and earlier does not correctly perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to view that HTTP endpoint. | |||||
| CVE-2020-2233 | 1 Jenkins | 1 Pipeline Maven Integration | 2023-10-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | |||||
| CVE-2020-2228 | 1 Jenkins | 1 Gitlab Authentication | 2023-10-25 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins Gitlab Authentication Plugin 1.5 and earlier does not perform group authorization checks properly, resulting in a privilege escalation vulnerability. | |||||
| CVE-2020-2188 | 1 Jenkins | 1 Amazon Ec2 | 2023-10-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins Amazon EC2 Plugin 1.50.1 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | |||||
| CVE-2020-2148 | 1 Jenkins | 1 Mac | 2023-10-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins Mac Plugin 1.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials. | |||||
| CVE-2020-2135 | 1 Jenkins | 1 Script Security | 2023-10-25 | 6.5 MEDIUM | 8.8 HIGH |
| Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted method calls on objects that implement GroovyInterceptable. | |||||
| CVE-2020-2134 | 1 Jenkins | 1 Script Security | 2023-10-25 | 6.5 MEDIUM | 8.8 HIGH |
| Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted constructor calls and crafted constructor bodies. | |||||
| CVE-2020-2104 | 1 Jenkins | 1 Jenkins | 2023-10-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins 2.218 and earlier, LTS 2.204.1 and earlier allowed users with Overall/Read access to view a JVM memory usage chart. | |||||
| CVE-2020-2097 | 1 Jenkins | 1 Sounds | 2023-10-25 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins Sounds Plugin 0.5 and earlier does not perform permission checks in URLs performing form validation, allowing attackers with Overall/Read access to execute arbitrary OS commands as the OS user account running Jenkins. | |||||
| CVE-2019-16538 | 1 Jenkins | 1 Script Security | 2023-10-25 | 6.5 MEDIUM | 8.8 HIGH |
| A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.67 and earlier related to the handling of default parameter expressions in closures allowed attackers to execute arbitrary code in sandboxed scripts. | |||||
| CVE-2023-29484 | 1 Terminalfour | 1 Terminalfour | 2023-10-24 | N/A | 6.5 MEDIUM |
| In Terminalfour before 8.3.16, misconfigured LDAP users are able to login with an invalid password. | |||||