941
|
8.8 |
HIGH
Network
|
jenkins
|
ssh2_easy
|
Jenkins SSH2 Easy Plugin 1.4 and earlier does not verify that permissions configured to be granted are enabled, potentially allowing users formerly granted (typically optional permissions, like Overa…
|
CWE-281
Improper Preservation of Permissions
|
CVE-2023-41939
|
2024-09-27 06:35 |
2023-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
942
|
8.8 |
HIGH
Adjacent
|
tp-link
|
archer_c55_firmware archer_c50_v3_firmware
|
Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505' and Archer C55 firmware versions prior to 'Archer C55(JP)_V1_230506' use hard-coded credentials to login to the affected device, which…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2023-32619
|
2024-09-27 06:35 |
2023-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
943
|
7.8 |
HIGH
Local
|
apple
|
macos
|
A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3. An app may be able to gain root privileges.
|
NVD-CWE-noinfo
|
CVE-2023-32426
|
2024-09-27 06:35 |
2023-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
944
|
8.8 |
HIGH
Network
|
apple
|
pro_video_formats
|
A logic issue was addressed with improved state management. This issue is fixed in Pro Video Formats 2.2.5. A user may be able to elevate privileges.
|
NVD-CWE-noinfo
|
CVE-2023-29166
|
2024-09-27 06:35 |
2023-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
945
|
7.3 |
HIGH
Network
hashicorp
|
consul
|
HashiCorp Consul and Consul Enterprise 1.16.0 when using JWT Auth for service mesh incorrectly allows/denies access regardless of service identities. Fixed in 1.16.1.
|
NVD-CWE-Other
|
CVE-2023-3518
|
2024-09-27 06:15 |
2023-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
946
|
5.3 |
MEDIUM
Network
hashicorp
|
nomad
|
HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. Fixed in …
|
CWE-862
Missing Authorization
|
CVE-2023-3300
|
2024-09-27 06:15 |
2023-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
947
|
2.7 |
LOW
Network
|
hashicorp
|
nomad
|
HashiCorp Nomad Enterprise 1.2.11 up to 1.5.6, and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11.
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2023-3299
|
2024-09-27 06:15 |
2023-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
948
|
7.5 |
HIGH
Network
openplcproject
|
openplc_v3_firmware
|
Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC_v3 16bf8bac1a36d95b73e7b8722d0edb8b9c5bb56a. A specially crafted EtherNet…
|
CWE-704
Incorrect Type Conversion or Cast
|
CVE-2024-39590
|
2024-09-27 06:02 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
949
|
7.5 |
HIGH
Network
openplcproject
|
openplc_v3_firmware
|
An out-of-bounds read vulnerability exists in the OpenPLC Runtime EtherNet/IP PCCC parser functionality of OpenPLC_v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted network request can…
|
CWE-125
Out-of-bounds Read
|
CVE-2024-36981
|
2024-09-27 05:55 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
950
|
7.5 |
HIGH
Network
openplcproject
|
openplc_v3_firmware
|
An out-of-bounds read vulnerability exists in the OpenPLC Runtime EtherNet/IP PCCC parser functionality of OpenPLC_v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted network request can…
|
CWE-125
Out-of-bounds Read
|
CVE-2024-36980
|
2024-09-27 05:53 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|