Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2023-20719 In pqframework, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not n... | 4.4 | MEDIUM | — | 0 |
| CVE-2023-20720 In pqframework, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not ... | 6.7 | MEDIUM | — | 0 |
| CVE-2023-20721 In isp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not need... | 6.7 | MEDIUM | — | 0 |
| CVE-2022-36247 Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to IDOR via controlpanel.shopbeat.co.za. | 9.1 | CRITICAL | — | 0 |
| CVE-2023-20722 In m4u, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not need... | 6.7 | MEDIUM | — | 0 |
| CVE-2023-20726 In mnld, there is a possible leak of GPS location due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is... | 3.3 | LOW | — | 0 |
| CVE-2023-20914 In onSetRuntimePermissionGrantStateByDeviceAdmin of AdminRestrictedPermissionsUtils.java, there is a possible way for the work profile to read SMS messages due to a permissions bypass. This could lead... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-20930 In pushDynamicShortcut of ShortcutPackage.java, there is a possible way to get the device into a boot loop due to resource exhaustion. This could lead to local denial of service with no additional exe... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-21102 In __efi_rt_asm_wrapper of efi-rt-wrapper.S, there is a possible bypass of shadow stack protection due to a logic error in the code. This could lead to local escalation of privilege with no additional... | 7.8 | HIGH | — | 0 |
| CVE-2023-21103 In registerPhoneAccount of PhoneAccountRegistrar.java, uncaught exceptions in parsing persisted user data could lead to local persistent denial of service with no additional execution privileges neede... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-21107 In retrieveAppEntry of NotificationAccessDetails.java, there is a missing permission check. This could lead to local escalation of privilege across user boundaries with no additional execution privile... | 7.8 | HIGH | — | 0 |
| CVE-2023-21109 In multiple places of AccessibilityService, there is a possible way to hide the app from the user due to a logic error in the code. This could lead to local escalation of privilege with no additional ... | 7.8 | HIGH | — | 0 |
| CVE-2023-21110 In several functions of SnoozeHelper.java, there is a possible way to grant notifications access due to resource exhaustion. This could lead to local escalation of privilege with no additional executi... | 7.8 | HIGH | — | 0 |
| CVE-2023-21112 In AnalyzeMfcResp of NxpMfcReader.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges need... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-21116 In verifyReplacingVersionCode of InstallPackageHelper.java, there is a possible way to downgrade system apps below system image version due to a logic error in the code. This could lead to local escal... | 6.7 | MEDIUM | — | 0 |
| CVE-2023-31572 An issue in Bludit 4.0.0-rc-2 allows authenticated attackers to change the Administrator password and escalate privileges via a crafted request. | 8.8 | HIGH | — | 0 |
| CVE-2023-31576 An arbitrary file upload vulnerability in Serendipity 2.4-beta1 allows attackers to execute arbitrary code via a crafted HTML or Javascript file. | 8.8 | HIGH | — | 0 |
| CVE-2023-31519 Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the email parameter at login_core.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-31856 A command injection vulnerability in the hostTime parameter in the function NTPSyncWithHostof TOTOLINK CP300+ V5.2cu.7594_B20200910 allows attackers to execute arbitrary commands via a crafted http pa... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-31857 Sourcecodester Online Computer and Laptop Store 1.0 allows unrestricted file upload and can lead to remote code execution. The vulnerability path is /classes/Users.php?f=save. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-31890 An XML Deserialization vulnerability in glazedlists v1.11.0 allows an attacker to execute arbitrary code via the BeanXMLByteCoder.decode() parameter. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-32977 Jenkins Pipeline: Job Plugin does not escape the display name of the build that caused an earlier build to be aborted, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by att... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-32978 A cross-site request forgery (CSRF) vulnerability in Jenkins LDAP Plugin allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials. | 4.3 | MEDIUM | — | 0 |
| CVE-2023-32979 Jenkins Email Extension Plugin does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files in the ... | 4.3 | MEDIUM | — | 0 |
| CVE-2023-31361 A DLL hijacking vulnerability in AMD Integrated Management Technology (AIM-T) Manageability Service could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code exec... | 7.3 | HIGH | — | 0 |
| CVE-2023-32980 A cross-site request forgery (CSRF) vulnerability in Jenkins Email Extension Plugin allows attackers to make another user stop watching an attacker-specified job. | 4.3 | MEDIUM | — | 0 |
| CVE-2023-32981 An arbitrary file write vulnerability in Jenkins Pipeline Utility Steps Plugin 2.15.2 and earlier allows attackers able to provide crafted archives as parameters to create or replace arbitrary files o... | 8.8 | HIGH | — | 0 |
| CVE-2023-32982 Jenkins Ansible Plugin 204.v8191fd551eb_f and earlier stores extra variables unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read per... | 4.3 | MEDIUM | — | 0 |
| CVE-2023-32983 Jenkins Ansible Plugin 204.v8191fd551eb_f and earlier does not mask extra variables displayed on the configuration form, increasing the potential for attackers to observe and capture them. | 5.3 | MEDIUM | — | 0 |
| CVE-2023-32984 Jenkins TestNG Results Plugin 730.v4c5283037693 and earlier does not escape several values that are parsed from TestNG report files and displayed on the plugin's test information pages, resulting in a... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-32985 Jenkins Sidebar Link Plugin 2.2.1 and earlier does not restrict the path of files in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence o... | 4.3 | MEDIUM | — | 0 |
| CVE-2023-32986 Jenkins File Parameter Plugin 285.v757c5b_67a_c25 and earlier does not restrict the name (and resulting uploaded file name) of Stashed File Parameters, allowing attackers with Item/Configure permissio... | 8.8 | HIGH | — | 0 |
| CVE-2023-32987 A cross-site request forgery (CSRF) vulnerability in Jenkins Reverse Proxy Auth Plugin 1.7.4 and earlier allows attackers to connect to an attacker-specified LDAP server using attacker-specified crede... | 8.8 | HIGH | — | 0 |
| CVE-2023-32988 A missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 4.3 | MEDIUM | — | 0 |
| CVE-2023-32989 A cross-site request forgery (CSRF) vulnerability in Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier allows attackers to connect to an attacker-specified Azure Cloud server using attacke... | 8.8 | HIGH | — | 0 |
| CVE-2023-32990 A missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified Azure Cloud server using a... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-32991 A cross-site request forgery (CSRF) vulnerability in Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the respo... | 8.8 | HIGH | — | 0 |
| CVE-2023-32992 Missing permission checks in Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the r... | 8.8 | HIGH | — | 0 |
| CVE-2023-32993 Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier does not perform hostname validation when connecting to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused usin... | 4.8 | MEDIUM | — | 0 |
| CVE-2023-32994 Jenkins SAML Single Sign On(SSO) Plugin 2.1.0 and earlier unconditionally disables SSL/TLS certificate validation for connections to miniOrange or the configured IdP to retrieve SAML metadata, which c... | 3.7 | LOW | — | 0 |
| CVE-2023-32995 A cross-site request forgery (CSRF) vulnerability in Jenkins SAML Single Sign On(SSO) Plugin 2.0.0 and earlier allows attackers to send an HTTP POST request with JSON body containing attacker-specifie... | 8.8 | HIGH | — | 0 |
| CVE-2023-32996 A missing permission check in Jenkins SAML Single Sign On(SSO) Plugin 2.0.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request with JSON body containing attacker-sp... | 4.3 | MEDIUM | — | 0 |
| CVE-2023-32997 Jenkins CAS Plugin 1.6.2 and earlier does not invalidate the previous session on login. | 8.8 | HIGH | — | 0 |
| CVE-2023-32998 A cross-site request forgery (CSRF) vulnerability in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers to connect to an attacker-specified URL and send an HTTP POST request with a JSON payl... | 8.8 | HIGH | — | 0 |
| CVE-2023-32999 A missing permission check in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL and send an HTTP POST request with a JSO... | 4.3 | MEDIUM | — | 0 |
| CVE-2023-33000 Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.149 and earlier does not mask credentials displayed on the configuration form, increasing the potential for attackers to observe and captur... | 7.5 | HIGH | — | 0 |
| CVE-2023-33001 Jenkins HashiCorp Vault Plugin 360.v0a_1c04cf807d and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled. | 7.5 | HIGH | — | 0 |
| CVE-2023-33002 Jenkins TestComplete support Plugin 2.8.1 and earlier does not escape the TestComplete project name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/C... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-33003 A cross-site request forgery (CSRF) vulnerability in Jenkins Tag Profiler Plugin 0.2 and earlier allows attackers to reset profiler statistics. | 4.3 | MEDIUM | — | 0 |
| CVE-2024-49655 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound ARPrice allows SQL Injection. This issue affects ARPrice: from n/a through 4.0.3. | 9.3 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.