‼ CVE-2023-24442 ‼
📖 Read
via "National Vulnerability Database".
Jenkins GitHub Pull Request Coverage Status Plugin 2.2.0 and earlier stores the GitHub Personal Access Token, Sonar access token and Sonar password unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24450 ‼
📖 Read
via "National Vulnerability Database".
Jenkins view-cloner Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24437 ‼
📖 Read
via "National Vulnerability Database".
A cross-site request forgery (CSRF) vulnerability in Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0469 ‼
📖 Read
via "National Vulnerability Database".
A use-after-free flaw was found in io_uring/filetable.c in io_install_fixed_file in the io_uring subcomponent in the Linux Kernel during call cleanup. This flaw may lead to a denial of service.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24452 ‼
📖 Read
via "National Vulnerability Database".
A cross-site request forgery (CSRF) vulnerability in Jenkins TestQuality Updater Plugin 1.3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24436 ‼
📖 Read
via "National Vulnerability Database".
A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40168 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0468 ‼
📖 Read
via "National Vulnerability Database".
A use-after-free flaw was found in io_uring/poll.c in io_poll_check_events in the io_uring subcomponent in the Linux Kernel due to a race condition of poll_refs. This flaw may cause a NULL pointer dereference.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42490 ‼
📖 Read
via "National Vulnerability Database".
Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is reachable through the m2m's DOWNLOAD_CFG_FILE command📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20461 ‼
📖 Read
via "National Vulnerability Database".
In pinReplyNative of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege of BLE with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-228602963📖 Read
via "National Vulnerability Database".
‼ CVE-2018-25078 ‼
📖 Read
via "National Vulnerability Database".
man-db before 2.8.5 on Gentoo allows local users (with access to the man user account) to gain root privileges because /usr/bin/mandb is executed by root but not owned by root. (Also, the owner can strip the setuid and setgid bits.)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20493 ‼
📖 Read
via "National Vulnerability Database".
In Condition of Condition.java, there is a possible way to grant notification access due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242846316📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23151 ‼
📖 Read
via "National Vulnerability Database".
bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file deletion vulnerability via the component /include/inc_content_media.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24022 ‼
📖 Read
via "National Vulnerability Database".
Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3.7.11.3 have hardcoded credentials that are easily discovered and can be used by remote attackers to authenticate via ssh. (The credentials are stored in the firmware, encrypted by the crypt function.)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46957 ‼
📖 Read
via "National Vulnerability Database".
Sourcecodester.com Online Graduate Tracer System V 1.0.0 is vulnerable to Cross Site Scripting (XSS).📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22739 ‼
📖 Read
via "National Vulnerability Database".
Discourse is an open source platform for community discussion. Versions prior to 3.0.1 (stable), 3.1.0.beta2 (beta), and 3.1.0.beta2 (tests-passed) are subject to Allocation of Resources Without Limits or Throttling. As there is no limit on data contained in a draft, a malicious user can create an arbitrarily large draft, forcing the instance to a crawl. This issue is patched in versions 3.0.1 (stable), 3.1.0.beta2 (beta), and 3.1.0.beta2 (tests-passed). There are no workarounds.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40222 ‼
📖 Read
via "National Vulnerability Database".
An OS command injection vulnerability exists in the m2m DELETE_FILE cmd functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27508 ‼
📖 Read
via "National Vulnerability Database".
Unauthenticated denial of service📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24432 ‼
📖 Read
via "National Vulnerability Database".
A cross-site request forgery (CSRF) vulnerability in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44263 ‼
📖 Read
via "National Vulnerability Database".
Dentsply Sirona Sidexis <= 4.3 is vulnerable to Incorrect Access Control.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-36657 ‼
📖 Read
via "National Vulnerability Database".
uptimed before 0.4.6-r1 on Gentoo allows local users (with access to the uptimed user account) to gain root privileges by creating a hard link within the /var/spool/uptimed directory, because there is an unsafe chown -R call.📖 Read
via "National Vulnerability Database".
🔥1