Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2023-37957 A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline restFul API Plugin 0.11 and earlier allows attackers to connect to an attacker-specified URL, capturing a newly generated JCLI tok... | 8.8 | HIGH | — | 0 |
| CVE-2023-37958 A cross-site request forgery (CSRF) vulnerability in Jenkins Sumologic Publisher Plugin 2.2.1 and earlier allows attackers to connect to an attacker-specified URL. | 8.8 | HIGH | — | 0 |
| CVE-2023-37959 A missing permission check in Jenkins Sumologic Publisher Plugin 2.2.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. | 6.5 | MEDIUM | — | 0 |
| CVE-2023-37960 Jenkins MathWorks Polyspace Plugin 1.0.5 and earlier allows attackers with Item/Configure permission to send emails with arbitrary files from the Jenkins controller file systems. | 6.5 | MEDIUM | — | 0 |
| CVE-2023-37961 A cross-site request forgery (CSRF) vulnerability in Jenkins Assembla Auth Plugin 1.14 and earlier allows attackers to trick users into logging in to the attacker's account. | 8.8 | HIGH | — | 0 |
| CVE-2023-31824 An issue found in DERICIA Co. Ltd, DELICIA v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp DELICIA function. | 7.5 | HIGH | — | 0 |
| CVE-2023-37962 A cross-site request forgery (CSRF) vulnerability in Jenkins Benchmark Evaluator Plugin 1.0.1 and earlier allows attackers to connect to an attacker-specified URL and to check for the existence of dir... | 8.8 | HIGH | — | 0 |
| CVE-2023-37963 A missing permission check in Jenkins Benchmark Evaluator Plugin 1.0.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL and to check for the existence ... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-37964 A cross-site request forgery (CSRF) vulnerability in Jenkins ElasticBox CI Plugin 5.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs ob... | 8.8 | HIGH | — | 0 |
| CVE-2023-37965 A missing permission check in Jenkins ElasticBox CI Plugin 5.0.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials ... | 7.1 | HIGH | — | 0 |
| CVE-2023-37628 Online Piggery Management System 1.0 is vulnerable to SQL Injection. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-37629 Online Piggery Management System 1.0 is vulnerable to File Upload. An unauthenticated user can upload a php file by sending a POST request to "add-pig.php." | 9.8 | CRITICAL | — | 0 |
| CVE-2023-37630 Online Piggery Management System 1.0 is vulnerable to Cross Site Scripting (XSS). An unauthenticated user can POST JavaScript code to "manage-breed.php" resulting in Persistent XSS. | 6.1 | MEDIUM | — | 0 |
| CVE-2023-38046 A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated administrator with the privilege to commit a specifically created configuration to read local files and resou... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-3641 A vulnerability has been found in khodakhah NodCMS 3.4.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /en/blog-comment-4 of the component POST ... | 4.3 | MEDIUM | — | 0 |
| CVE-2023-3642 A vulnerability was found in GZ Scripts Vacation Rental Website 1.8 and classified as problematic. Affected by this issue is some unknown functionality of the file /VacationRentalWebsite/property/8/ad... | 4.3 | MEDIUM | — | 0 |
| CVE-2023-3643 A vulnerability was found in Boss Mini 1.4.0 Build 6221. It has been classified as critical. This affects an unknown part of the file boss/servlet/document. The manipulation of the argument path leads... | 7.3 | HIGH | — | 0 |
| CVE-2023-3644 A vulnerability was found in SourceCodester Service Provider Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /classes/Master.php?f=save_inq... | 6.3 | MEDIUM | — | 0 |
| CVE-2023-3635 GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client when handling a crafted GZIP archive, by using ... | 5.9 | MEDIUM | — | 0 |
| CVE-2023-26563 The Syncfusion EJ2 Node File Provider 0102271 is vulnerable to filesystem-server.js directory traversal. As a result, an unauthenticated attacker can: - On Windows, list files in any directory, read a... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-26564 The Syncfusion EJ2 ASPCore File Provider 3ac357f is vulnerable to Models/PhysicalFileProvider.cs directory traversal. As a result, an unauthenticated attacker can list files within a directory, downlo... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-33274 The authentication mechanism in PowerShield SNMP Web Pro 1.1 contains a vulnerability that allows unauthenticated users to directly access Common Gateway Interface (CGI) scripts without proper identif... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-0948 The PVRSRVBridgeGetMultiCoreInfo ioctl in the PowerVR kernel driver can return uninitialized kernel memory to user space. The contents of this memory could contain sensitive information. | 5.5 | MEDIUM | — | 0 |
| CVE-2023-20918 In getPendingIntentLaunchFlags of ActivityOptions.java, there is a possible elevation of privilege due to a confused deputy with no additional execution privileges needed. User interaction is not need... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-20942 In openMmapStream of AudioFlinger.cpp, there is a possible way to record audio without displaying the microphone privacy indicator due to a logic error in the code. This could lead to local escalation... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-21145 In updatePictureInPictureMode of ActivityRecord.java, there is a possible bypass of background launch restrictions due to a logic error in the code. This could lead to local escalation of privilege wi... | 7.8 | HIGH | — | 0 |
| CVE-2023-21238 In visitUris of RemoteViews.java, there is a possible leak of images between users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges nee... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-21239 In visitUris of Notification.java, there is a possible way to leak image data across user boundaries due to a confused deputy. This could lead to local information disclosure with no additional execut... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-21240 In Policy of Policy.java, there is a possible boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not n... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-21241 In rw_i93_send_to_upper of rw_i93.cc, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges neede... | 7.8 | HIGH | — | 0 |
| CVE-2023-21243 In validateForCommonR1andR2 of PasspointConfiguration.java, there is a possible way to inflate the size of a config file with no limits due to a buffer overflow. This could lead to local denial of ser... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-21246 In ShortcutInfo of ShortcutInfo.java, there is a possible way for an app to retain notification listening access due to an uncaught exception. This could lead to local escalation of privilege with no ... | 3.3 | LOW | — | 0 |
| CVE-2023-21247 In getAvailabilityStatus of BluetoothScanningMainSwitchPreferenceController.java, there is a possible way to bypass a device policy restriction due to a missing permission check. This could lead to lo... | 7.8 | HIGH | — | 0 |
| CVE-2023-21256 In SettingsHomepageActivity.java, there is a possible way to launch arbitrary activities via Settings due to a logic error in the code. This could lead to local escalation of privilege with no additio... | 7.8 | HIGH | — | 0 |
| CVE-2023-21248 In getAvailabilityStatus of WifiScanningMainSwitchPreferenceController.java, there is a possible way to bypass a device policy restriction due to a missing permission check. This could lead to local e... | 7.8 | HIGH | — | 0 |
| CVE-2023-21249 In multiple functions of OneTimePermissionUserManager.java, there is a possible one-time permission retention due to a permissions bypass. This could lead to local escalation of privilege with User ex... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-21250 In gatt_end_operation of gatt_utils.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. ... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-21251 In onCreate of ConfirmDialog.java, there is a possible way to connect to VNP bypassing user's consent due to improper input validation. This could lead to local escalation of privilege with User execu... | 7.3 | HIGH | — | 0 |
| CVE-2023-21254 In getCurrentState of OneTimePermissionUserManager.java, there is a possible way to hold one-time permissions after the app is being killed due to a logic error in the code. This could lead to local e... | 7.8 | HIGH | — | 0 |
| CVE-2024-25503 Cross Site Scripting (XSS) vulnerability in Advanced REST Client v.17.0.9 allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted script to the edit details p... | 4.7 | MEDIUM | — | 0 |
| CVE-2023-21257 In updateSettingsInternalLI of InstallPackageHelper.java, there is a possible way to sideload an app in the work profile due to a missing permission check. This could lead to local escalation of privi... | 7.8 | HIGH | — | 0 |
| CVE-2023-21262 In startInput of AudioPolicyInterfaceImpl.cpp, there is a possible way of erroneously displaying the microphone privacy indicator due to a race condition. This could lead to false user expectations. U... | 3.1 | LOW | — | 0 |
| CVE-2023-21399 there is a possible way to bypass cryptographic assurances due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User inter... | 7.8 | HIGH | — | 0 |
| CVE-2023-34123 Use of Hard-coded Cryptographic Key vulnerability in SonicWall GMS, SonicWall Analytics. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. | 7.5 | HIGH | — | 0 |
| CVE-2023-35691 there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with System execution privileges needed. User interaction is not needed for exploitati... | 7.2 | HIGH | — | 0 |
| CVE-2023-35693 In incfs_kill_sb of fs/incfs/vfs.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User intera... | 6.7 | MEDIUM | — | 0 |
| CVE-2023-35694 In DMPixelLogger_ProcessDmCommand of DMPixelLogger.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execut... | 7.5 | HIGH | — | 0 |
| CVE-2023-21260 In notification access permission dialog box, malicious application can embedded a very long service label that overflow the original user prompt and possibly contains mis-leading information to be ap... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-34125 Path Traversal vulnerability in GMS and Analytics allows an authenticated attacker to read arbitrary files from the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and ea... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-34126 Vulnerability in SonicWall GMS and Analytics allows an authenticated attacker to upload files on the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions;... | 8.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.