Total
4572 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-21313 | 1 Google | 1 Android | 2023-11-06 | N/A | 7.8 HIGH |
| In Core, there is a possible way to forward calls without user knowledge due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-43488 | 1 Boschrexroth | 6 Ctrlx Hmi Web Panel Wr2107, Ctrlx Hmi Web Panel Wr2107 Firmware, Ctrlx Hmi Web Panel Wr2110 and 3 more | 2023-11-06 | N/A | 7.8 HIGH |
| The vulnerability allows a low privileged (untrusted) application to modify a critical system property that should be denied, in order to enable the ADB (Android Debug Bridge) protocol to be exposed on the network, exploiting it to gain a privileged shell on the device without requiring the physical access through USB. | |||||
| CVE-2023-21373 | 1 Google | 1 Android | 2023-11-04 | N/A | 7.8 HIGH |
| In Telephony, there is a possible way for a guest user to change the preferred SIM due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2022-34794 | 1 Jenkins | 1 Recipe | 2023-11-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| Missing permission checks in Jenkins Recipe Plugin 1.2 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML. | |||||
| CVE-2022-34206 | 1 Jenkins | 1 Jianliao Notification | 2023-11-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers with Overall/Read permission to send HTTP POST requests to an attacker-specified URL. | |||||
| CVE-2022-34210 | 1 Jenkins | 1 Threadfix | 2023-11-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| A missing permission check in Jenkins ThreadFix Plugin 1.5.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. | |||||
| CVE-2022-34208 | 1 Jenkins | 1 Beaker Builder | 2023-11-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins Beaker builder Plugin 1.10 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. | |||||
| CVE-2022-34779 | 1 Jenkins | 1 Xebialabs Xl Release | 2023-11-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | |||||
| CVE-2022-34212 | 1 Jenkins | 1 Vrealize Orchestrator | 2023-11-03 | 3.5 LOW | 5.7 MEDIUM |
| A missing permission check in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request to an attacker-specified URL. | |||||
| CVE-2023-21382 | 1 Google | 1 Android | 2023-11-03 | N/A | 5.5 MEDIUM |
| In Content Resolver, there is a possible method to access metadata about existing content providers on the device due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21378 | 1 Google | 1 Android | 2023-11-03 | N/A | 7.8 HIGH |
| In Telecomm, there is a possible way to silence the ring for calls of secondary users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2022-34201 | 1 Jenkins | 1 Convertigo Mobile Platform | 2023-11-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| A missing permission check in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. | |||||
| CVE-2022-30954 | 1 Jenkins | 1 Blue Ocean | 2023-11-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server. | |||||
| CVE-2022-34204 | 1 Jenkins | 1 Easyqa | 2023-11-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins EasyQA Plugin 1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server. | |||||
| CVE-2022-30955 | 1 Jenkins | 1 Gitlab | 2023-11-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins GitLab Plugin 1.5.31 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | |||||
| CVE-2022-30951 | 1 Jenkins | 1 Wmi Windows Agents | 2023-11-03 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins WMI Windows Agents Plugin 1.8 and earlier includes the Windows Remote Command library does not implement access control, potentially allowing users to start processes even if they're not allowed to log in. | |||||
| CVE-2022-30959 | 1 Jenkins | 1 Ssh | 2023-11-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2023-21294 | 1 Google | 1 Android | 2023-11-03 | N/A | 5.5 MEDIUM |
| In Slice, there is a possible disclosure of installed packages due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2022-25193 | 1 Jenkins | 1 Snow Commander | 2023-11-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| Missing permission checks in Jenkins Snow Commander Plugin 1.10 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2022-25195 | 1 Jenkins | 1 Autonomiq | 2023-11-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins autonomiq Plugin 1.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | |||||