CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2023-40336 A cross-site request forgery (CSRF) vulnerability in Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier allows attackers to copy folders. | 8.8 | HIGH | — | 0 |
| CVE-2023-40337 A cross-site request forgery (CSRF) vulnerability in Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier allows attackers to copy a view inside a folder. | 4.3 | MEDIUM | — | 0 |
| CVE-2023-40338 Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier displays an error message that includes an absolute path of a log file when attempting to access the Scan Organization Folder Log if no logs are ... | 4.3 | MEDIUM | — | 0 |
| CVE-2023-40339 Jenkins Config File Provider Plugin 952.va_544a_6234b_46 and earlier does not mask (i.e., replace with asterisks) credentials specified in configuration files when they're written to the build log. | 7.5 | HIGH | — | 0 |
| CVE-2023-40340 Jenkins NodeJS Plugin 1.6.0 and earlier does not properly mask (i.e., replace with asterisks) credentials specified in the Npm config file in Pipeline build logs. | 7.5 | HIGH | — | 0 |
| CVE-2023-40341 A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.27.5 and earlier allows attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with... | 8.8 | HIGH | — | 0 |
| CVE-2023-40342 Jenkins Flaky Test Handler Plugin 1.2.2 and earlier does not escape JUnit test contents when showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable ... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-40343 Jenkins Tuleap Authentication Plugin 1.1.20 and earlier uses a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a v... | 5.9 | MEDIUM | — | 0 |
| CVE-2023-40344 A missing permission check in Jenkins Delphix Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 4.3 | MEDIUM | — | 0 |
| CVE-2023-40345 Jenkins Delphix Plugin 3.0.2 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Overall/Read permission to access and capture credentials they are not ent... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-40346 Jenkins Shortcut Job Plugin 0.4 and earlier does not escape the shortcut redirection URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure shor... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-40347 Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.14 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and c... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-40348 The webhook endpoint in Jenkins Gogs Plugin 1.0.15 and earlier provides unauthenticated attackers information about the existence of jobs in its output. | 5.3 | MEDIUM | — | 0 |
| CVE-2023-40349 Jenkins Gogs Plugin 1.0.15 and earlier improperly initializes an option to secure its webhook endpoint, allowing unauthenticated attackers to trigger builds of jobs. | 5.3 | MEDIUM | — | 0 |
| CVE-2023-40350 Jenkins Docker Swarm Plugin 1.11 and earlier does not escape values returned from Docker before inserting them into the Docker Swarm Dashboard view, resulting in a stored cross-site scripting (XSS) vu... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-40351 A cross-site request forgery (CSRF) vulnerability in Jenkins Favorite View Plugin 5.v77a_37f62782d and earlier allows attackers to add or remove views from another user's favorite views tab bar. | 4.3 | MEDIUM | — | 0 |
| CVE-2023-2737 Improper log permissions in SafeNet Authentication Service Version 3.4.0 on Windows allows an authenticated attacker to cause a denial of service via local privilege escalation. | 5.7 | MEDIUM | — | 0 |
| CVE-2023-39250 Dell Storage Integration Tools for VMware (DSITV) and Dell Storage vSphere Client Plugin (DSVCP) versions prior to 6.1.1 and Replay Manager for VMware (RMSV) versions prior to 3.1.2 contain an info... | 7.8 | HIGH | — | 0 |
| CVE-2023-4204 NPort IAW5000A-I/O Series firmware version v2.2 and prior is affected by a hardcoded credential vulnerabilitywhich poses a potential risk to the security and integrity of the affected device. This vul... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-4385 A NULL pointer dereference flaw was found in dbFree in fs/jfs/jfs_dmap.c in the journaling file system (JFS) in the Linux Kernel. This issue may allow a local attacker to crash the system due to a mis... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-38737 IBM WebSphere Application Server Liberty 22.0.0.13 through 23.0.0.7 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerabil... | 5.9 | MEDIUM | — | 0 |
| CVE-2023-4389 A flaw was found in btrfs_get_root_ref in fs/btrfs/disk-io.c in the btrfs filesystem in the Linux Kernel due to a double decrement of the reference count. This issue may allow a local attacker with us... | 7.0 | HIGH | — | 0 |
| CVE-2023-28075 Dell BIOS contain a Time-of-check Time-of-use vulnerability in BIOS. A local authenticated malicious user with physical access to the system could potentially exploit this vulnerability by using a sp... | 6.9 | MEDIUM | — | 0 |
| CVE-2023-32453 Dell BIOS contains an improper authentication vulnerability. A malicious user with physical access to the system may potentially exploit this vulnerability in order to modify a security-critical UEFI... | 4.6 | MEDIUM | — | 0 |
| CVE-2023-4382 A vulnerability, which was classified as problematic, has been found in tdevs Hyip Rio 2.1. Affected by this issue is some unknown functionality of the file /user/settings of the component Profile Set... | 3.5 | LOW | — | 0 |
| CVE-2023-4383 A vulnerability, which was classified as critical, was found in MicroWorld eScan Anti-Virus 7.0.32 on Linux. This affects an unknown part of the file runasroot. The manipulation leads to incorrect exe... | 7.8 | HIGH | — | 0 |
| CVE-2023-4384 A vulnerability has been found in MaximaTech Portal Executivo 21.9.1.140 and classified as problematic. This vulnerability affects unknown code of the component Cookie Handler. The manipulation leads ... | 3.7 | LOW | — | 0 |
| CVE-2022-4894 Certain HP and Samsung Printer software packages may potentially be vulnerable to elevation of privilege due to Uncontrolled Search Path Element. | 7.3 | HIGH | — | 0 |
| CVE-2023-20209 A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with read-write p... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-20228 A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack aga... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-33237 TN-5900 Series firmware version v3.3 and prior is vulnerable to improper-authentication vulnerability. This vulnerability arises from inadequate authentication measures implemented in the web API hand... | 8.8 | HIGH | — | 0 |
| CVE-2023-20242 A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unified Communicatio... | 4.8 | MEDIUM | — | 0 |
| CVE-2023-40021 Oppia is an online learning platform. When comparing a received CSRF token against the expected token, Oppia uses the string equality operator (`==`), which is not safe against timing attacks. By repe... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-40033 Flarum is an open source forum software. Flarum is affected by a vulnerability that allows an attacker to conduct a Blind Server-Side Request Forgery (SSRF) attack or disclose any file on the server, ... | 7.1 | HIGH | — | 0 |
| CVE-2023-40034 Woodpecker is a community fork of the Drone CI system. In affected versions an attacker can post malformed webhook data witch lead to an update of the repository data that can e.g. allow the takeover ... | 8.1 | HIGH | — | 0 |
| CVE-2023-20013 Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, remote attacker to execute arbitrary commands using root-level privileges. The attacker would need ... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-20017 Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, remote attacker to execute arbitrary commands using root-level privileges. The attacker would need ... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-20111 A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access sensitive information. This vulnerability is du... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-20197 A vulnerability in the filesystem image parser for Hierarchical File System Plus (HFS+) of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an aff... | 7.5 | HIGH | — | 0 |
| CVE-2023-20201 Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to cond... | 4.8 | MEDIUM | — | 0 |
| CVE-2023-20203 Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to cond... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-20205 Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to cond... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-20211 A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could al... | 8.1 | HIGH | — | 0 |
| CVE-2023-20217 A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation type, could allow an authenticated, local attacker to elevate privileges on an affected device. Thi... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-20221 A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site ... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-28622 Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in Trident Technolabs Easy Slider Revolution plugin <= 1.0.0 versions. | 5.9 | MEDIUM | — | 0 |
| CVE-2023-20222 A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to conduct a c... | 4.8 | MEDIUM | — | 0 |
| CVE-2023-20224 A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation type, could allow an authenticated, local attacker to elevate privileges to root on an affected device... | 7.8 | HIGH | — | 0 |
| CVE-2023-20229 A vulnerability in the CryptoService function of Cisco Duo Device Health Application for Windows could allow an authenticated, local attacker with low privileges to conduct directory traversal attacks... | 7.1 | HIGH | — | 0 |
| CVE-2023-20232 A vulnerability in the Tomcat implementation for Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to cause a web cache poisoning attack on an affected... | 5.3 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.