938 matches found
PT-2023-3214 · Microsoft · Windows
Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to errors in privilege management within the Windows GDI component, allowing an attacker to potentially elevate their privileges. Recommendations: At the moment, there ...
PT-2023-15936 · WordPress · Cool Plugins
Name of the Vulnerable Software and Affected Versions: Cool Plugins WordPress plugins affected versions not specified Description: The issue allows for arbitrary plugin installation and activation, potentially leading to remote code execution. This can be exploited by authenticated attackers with...
PT-2023-9104 · Glib +6 · Glib +6
Name of the Vulnerable Software and Affected Versions: Glib affected versions not specified Description: The issue is related to uncontrolled resource consumption in the Glib library. It may allow an attacker to cause a denial of service. Recommendations: At the moment, there is no information...
PT-2023-18322 · Unknown · Wlan Firmware
Name of the Vulnerable Software and Affected Versions: WLAN Firmware affected versions not specified Description: The issue is related to a transient Denial of Service DOS in WLAN Firmware. It occurs when the firmware processes frames with missing header fields. Recommendations: At the moment,...
PT-2023-15782 · Unknown · Dialer Service
Name of the Vulnerable Software and Affected Versions: Dialer service affected versions not specified Description: The issue is related to a possible missing permission check in the dialer service. This could lead to a local denial of service with no additional execution privileges...
PT-2023-15789 · Unknown · Telephony Service
Name of the Vulnerable Software and Affected Versions: Telephony service affected versions not specified Description: The issue is related to a possible missing permission check in the telephony service. This could lead to a local denial of service with no additional execution privileges...
PT-2023-15786 · Unknown · Telephony Service
Name of the Vulnerable Software and Affected Versions: Telephony service affected versions not specified Description: The issue is related to a possible missing permission check in the telephony service, which could lead to a local denial of service with no additional execution privileges...
PT-2023-19322 · Broadcom · Symantec Siteminder Webagent
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: A user can supply malicious HTML and JavaScript code that will be executed in the client browser. Recommendations: At the moment, there is no information about a newer version that...
PT-2023-16023 · Huawei · Emui +1
Name of the Vulnerable Software and Affected Versions: Reminder module affected versions not specified Description: The issue is related to the reminder module lacking an authentication mechanism for broadcasts received. This could potentially affect availability upon successful exploitation...
plugin: CSRF vulnerability in Blue Ocean Plugin
A cross-site request forgery CSRF vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server...
CVE-2023-2195
A cross-site request forgery CSRF vulnerability in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers to connect to an attacker-specified URL...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers to connect to an attacker-specified URL...
Jenkins File Parameter Plugin arbitrary file write vulnerability
Jenkins File Parameter Plugin 285.v757c5b67ac25 and earlier does not restrict the name and resulting uploaded file name of Stashed File Parameters. This allows attackers with Item/Configure permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specifi...
GHSA-VGFW-766V-7Q82 Jenkins AppSpider Plugin Cross-Site Request Forgery vulnerability
A cross-site request forgery CSRF vulnerability in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials...
CVE-2023-2195
A cross-site request forgery CSRF vulnerability in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers to connect to an attacker-specified URL...
CVE-2023-2196
A missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers with Item/Read permission to check for the existence of an attacker-specified file path on an agent file system...
CVE-2023-32998
A cross-site request forgery CSRF vulnerability in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in Jenkins LDAP Plugin allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials...
Arbitrary file deletion
An arbitrary file write vulnerability in Jenkins Pipeline Utility Steps Plugin 2.15.2 and earlier allows attackers able to provide crafted archives as parameters to create or replace arbitrary files on the agent file system with attacker-specified content...
CVE-2023-32999
A missing permission check in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials...