Searching...
Please wait while we search the database
| CVE ID | Severity | Description | Published | Actions |
|---|---|---|---|---|
|
CVE-2023-24459
|
N/A |
A missing permission check in Jenkins BearyChat Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.
|
24 Jan 2023
|
|
|
CVE-2023-0417
|
N/A |
Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
|
24 Jan 2023
|
|
|
CVE-2023-0394
|
N/A |
A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash.
|
24 Jan 2023
|
|
|
CVE-2023-0416
|
N/A |
GNW dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
|
24 Jan 2023
|
|
|
CVE-2022-4092
|
N/A |
An issue has been discovered in GitLab EE affecting all versions starting from 15.6 before 15.6.1. It was possible to create a malicious README page due to improper neutralisation of user supplied input.
|
24 Jan 2023
|
|
|
CVE-2022-27508
|
N/A |
Unauthenticated denial of service
|
24 Jan 2023
|
|
|
CVE-2022-26329
|
N/A |
File existence disclosure vulnerability in NetIQ Identity Manager plugin prior to version 4.8.5 allows attacker to determine whether a file exists on the filesystem. This issue affects: Micro Focus NetIQ Identity Manager NetIQ Identity Manager versions prior to 4.8.5 on ALL.
|
24 Jan 2023
|
|
|
CVE-2021-28510
|
N/A |
For certain systems running EOS, a Precision Time Protocol (PTP) packet of a management/signaling message with an invalid Type-Length-Value (TLV) causes the PTP agent to restart. Repeated restarts of the service will make the service unavailable.
|
24 Jan 2023
|
|
|
CVE-2022-27507
|
N/A |
Authenticated denial of service
|
24 Jan 2023
|
|
|
CVE-2023-23331
|
N/A |
Amano Xoffice parking solutions 7.1.3879 is vulnerable to SQL Injection.
|
24 Jan 2023
|
|
|
CVE-2023-0411
|
N/A |
Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
|
24 Jan 2023
|
|
|
CVE-2023-24057
|
N/A |
HL7 (Health Level 7) FHIR Core Libraries before 5.6.92 allow attackers to extract files into arbitrary directories via directory traversal from a crafted ZIP or TGZ archive (for a prepackaged terminology cache, NPM package, or comparison archive).
|
24 Jan 2023
|
|
|
CVE-2022-20490
|
N/A |
In multiple functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703505
|
24 Jan 2023
|
|
|
CVE-2022-20214
|
N/A |
In Car Settings app, the toggle button in Modify system settings is vulnerable to tapjacking attack. Attackers can overlay the toggle button to enable apps to modify system settings without user consent.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-183411210
|
24 Jan 2023
|
|
|
CVE-2023-24453
|
N/A |
A missing check in Jenkins TestQuality Updater Plugin 1.3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password.
|
24 Jan 2023
|
|
|
CVE-2023-24457
|
N/A |
A cross-site request forgery (CSRF) vulnerability in Jenkins Keycloak Authentication Plugin 2.3.0 and earlier allows attackers to trick users into logging in to the attacker's account.
|
24 Jan 2023
|
|
|
CVE-2023-24458
|
N/A |
A cross-site request forgery (CSRF) vulnerability in Jenkins BearyChat Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified URL.
|
24 Jan 2023
|
|
|
CVE-2023-24449
|
N/A |
Jenkins PWauth Security Realm Plugin 0.4 and earlier does not restrict the names of files in methods implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.
|
24 Jan 2023
|
|
|
CVE-2023-24450
|
N/A |
Jenkins view-cloner Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.
|
24 Jan 2023
|
|
|
CVE-2023-24452
|
N/A |
A cross-site request forgery (CSRF) vulnerability in Jenkins TestQuality Updater Plugin 1.3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password.
|
24 Jan 2023
|
|
|
CVE-2023-24454
|
N/A |
Jenkins TestQuality Updater Plugin 1.3 and earlier stores the TestQuality Updater password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
|
24 Jan 2023
|
|
|
CVE-2023-24455
|
N/A |
Jenkins visualexpert Plugin 1.3 and earlier does not restrict the names of files in methods implementing form validation, allowing attackers with Item/Configure permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.
|
24 Jan 2023
|
|
|
CVE-2023-24456
|
N/A |
Jenkins Keycloak Authentication Plugin 2.3.0 and earlier does not invalidate the previous session on login.
|
24 Jan 2023
|
|
|
CVE-2023-24441
|
N/A |
Jenkins MSTest Plugin 1.0.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
|
24 Jan 2023
|
|
|
CVE-2023-24442
|
N/A |
Jenkins GitHub Pull Request Coverage Status Plugin 2.2.0 and earlier stores the GitHub Personal Access Token, Sonar access token and Sonar password unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.
|
24 Jan 2023
|
CVE-2023-24459
N/A
24 Jan 2023
A missing permission check in Jenkins BearyChat Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.
CVE-2023-0417
N/A
24 Jan 2023
Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
CVE-2023-0394
N/A
24 Jan 2023
A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash.
CVE-2023-0416
N/A
24 Jan 2023
GNW dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
CVE-2022-4092
N/A
24 Jan 2023
An issue has been discovered in GitLab EE affecting all versions starting from 15.6 before 15.6.1. It was possible to create a malicious README page due to improper neutralisation of user supplied input.
CVE-2022-27508
N/A
24 Jan 2023
Unauthenticated denial of service
CVE-2022-26329
N/A
24 Jan 2023
File existence disclosure vulnerability in NetIQ Identity Manager plugin prior to version 4.8.5 allows attacker to determine whether a file exists on the filesystem. This issue affects: Micro Focus NetIQ Identity Manager NetIQ Identity Manager versions prior to 4.8.5 on ALL.
CVE-2021-28510
N/A
24 Jan 2023
For certain systems running EOS, a Precision Time Protocol (PTP) packet of a management/signaling message with an invalid Type-Length-Value (TLV) causes the PTP agent to restart. Repeated restarts of the service will make the service unavailable.
CVE-2022-27507
N/A
24 Jan 2023
Authenticated denial of service
CVE-2023-23331
N/A
24 Jan 2023
Amano Xoffice parking solutions 7.1.3879 is vulnerable to SQL Injection.
CVE-2023-0411
N/A
24 Jan 2023
Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
CVE-2023-24057
N/A
24 Jan 2023
HL7 (Health Level 7) FHIR Core Libraries before 5.6.92 allow attackers to extract files into arbitrary directories via directory traversal from a crafted ZIP or TGZ archive (for a prepackaged terminology cache, NPM package, or comparison archive).
CVE-2022-20490
N/A
24 Jan 2023
In multiple functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703505
CVE-2022-20214
N/A
24 Jan 2023
In Car Settings app, the toggle button in Modify system settings is vulnerable to tapjacking attack. Attackers can overlay the toggle button to enable apps to modify system settings without user consent.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-183411210
CVE-2023-24453
N/A
24 Jan 2023
A missing check in Jenkins TestQuality Updater Plugin 1.3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password.
CVE-2023-24457
N/A
24 Jan 2023
A cross-site request forgery (CSRF) vulnerability in Jenkins Keycloak Authentication Plugin 2.3.0 and earlier allows attackers to trick users into logging in to the attacker's account.
CVE-2023-24458
N/A
24 Jan 2023
A cross-site request forgery (CSRF) vulnerability in Jenkins BearyChat Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified URL.
CVE-2023-24449
N/A
24 Jan 2023
Jenkins PWauth Security Realm Plugin 0.4 and earlier does not restrict the names of files in methods implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.
CVE-2023-24450
N/A
24 Jan 2023
Jenkins view-cloner Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.
CVE-2023-24452
N/A
24 Jan 2023
A cross-site request forgery (CSRF) vulnerability in Jenkins TestQuality Updater Plugin 1.3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password.
CVE-2023-24454
N/A
24 Jan 2023
Jenkins TestQuality Updater Plugin 1.3 and earlier stores the TestQuality Updater password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
CVE-2023-24455
N/A
24 Jan 2023
Jenkins visualexpert Plugin 1.3 and earlier does not restrict the names of files in methods implementing form validation, allowing attackers with Item/Configure permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.
CVE-2023-24456
N/A
24 Jan 2023
Jenkins Keycloak Authentication Plugin 2.3.0 and earlier does not invalidate the previous session on login.
CVE-2023-24441
N/A
24 Jan 2023
Jenkins MSTest Plugin 1.0.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVE-2023-24442
N/A
24 Jan 2023
Jenkins GitHub Pull Request Coverage Status Plugin 2.2.0 and earlier stores the GitHub Personal Access Token, Sonar access token and Sonar password unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.
Page 725 of 752
Page 725 of 752