Vulnerabilities > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-17 | CVE-2023-3587 | Missing Authorization vulnerability in Mattermost Server Mattermost fails to properly show information in the UI, allowing a system admin to modify a board state allowing any user with a valid sharing link to join the board with editor access, without the UI showing the updated permissions. | 2.7 |
| 2023-07-17 | CVE-2023-3613 | Incorrect Authorization vulnerability in Mattermost Server Mattermost WelcomeBot plugin fails to to validate the membership status when inviting or adding users to channels allowing guest accounts to be added or invited to channels by default. | 3.5 |
| 2023-07-17 | CVE-2023-3614 | Resource Exhaustion vulnerability in Mattermost Server Mattermost fails to properly validate a gif image file, allowing an attacker to consume a significant amount of server resources, making the server unresponsive for an extended period of time by linking to specially crafted image file. | 3.3 |
| 2023-07-13 | CVE-2023-30565 | Cleartext Transmission of Sensitive Information vulnerability in BD Guardrails CQI Reporter 10.17 An insecure connection between Systems Manager and CQI Reporter application could expose infusion data to an attacker. | 3.5 |
| 2023-07-13 | CVE-2023-2620 | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1. | 3.8 |
| 2023-07-13 | CVE-2023-3363 | Information Exposure Through Log Files vulnerability in Gitlab An information disclosure issue in Gitlab CE/EE affecting all versions from 13.6 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1, resulted in the Sidekiq log including webhook tokens when the log format was set to `default`. | 3.8 |
| 2023-07-13 | CVE-2023-21246 | Improper Check for Unusual or Exceptional Conditions vulnerability in Google Android In ShortcutInfo of ShortcutInfo.java, there is a possible way for an app to retain notification listening access due to an uncaught exception. | 3.3 |
| 2023-07-13 | CVE-2023-21262 | Race Condition vulnerability in Google Android 12.0/12.1/13.0 In startInput of AudioPolicyInterfaceImpl.cpp, there is a possible way of erroneously displaying the microphone privacy indicator due to a race condition. | 3.1 |
| 2023-07-12 | CVE-2023-37948 | Improper Input Validation vulnerability in Jenkins Cloud Infrastructure Compute Jenkins Oracle Cloud Infrastructure Compute Plugin 1.0.16 and earlier does not validate SSH host keys when connecting OCI clouds, enabling man-in-the-middle attacks. | 3.7 |
| 2023-07-12 | CVE-2023-38069 | Unspecified vulnerability in Jetbrains Intellij Idea In JetBrains IntelliJ IDEA before 2023.1.4 license dialog could be suppressed in certain cases | 3.3 |