Vulnerabilities > Low

DATE CVE VULNERABILITY TITLE RISK
2023-07-17 CVE-2023-3587 Missing Authorization vulnerability in Mattermost Server
Mattermost fails to properly show information in the UI, allowing a system admin to modify a board state allowing any user with a valid sharing link to join the board with editor access, without the UI showing the updated permissions.
network
low complexity
mattermost CWE-862
2.7
2023-07-17 CVE-2023-3613 Incorrect Authorization vulnerability in Mattermost Server
Mattermost WelcomeBot plugin fails to to validate the membership status when inviting or adding users to channels allowing guest accounts to be added or invited to channels by default.
network
low complexity
mattermost CWE-863
3.5
2023-07-17 CVE-2023-3614 Resource Exhaustion vulnerability in Mattermost Server
Mattermost fails to properly validate a gif image file, allowing an attacker to consume a significant amount of server resources, making the server unresponsive for an extended period of time by linking to specially crafted image file.
local
low complexity
mattermost CWE-400
3.3
2023-07-13 CVE-2023-30565 Cleartext Transmission of Sensitive Information vulnerability in BD Guardrails CQI Reporter 10.17
An insecure connection between Systems Manager and CQI Reporter application could expose infusion data to an attacker.
low complexity
bd CWE-319
3.5
2023-07-13 CVE-2023-2620 Unspecified vulnerability in Gitlab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1.
network
low complexity
gitlab
3.8
2023-07-13 CVE-2023-3363 Information Exposure Through Log Files vulnerability in Gitlab
An information disclosure issue in Gitlab CE/EE affecting all versions from 13.6 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1, resulted in the Sidekiq log including webhook tokens when the log format was set to `default`.
local
low complexity
gitlab CWE-532
3.8
2023-07-13 CVE-2023-21246 Improper Check for Unusual or Exceptional Conditions vulnerability in Google Android
In ShortcutInfo of ShortcutInfo.java, there is a possible way for an app to retain notification listening access due to an uncaught exception.
local
low complexity
google CWE-754
3.3
2023-07-13 CVE-2023-21262 Race Condition vulnerability in Google Android 12.0/12.1/13.0
In startInput of AudioPolicyInterfaceImpl.cpp, there is a possible way of erroneously displaying the microphone privacy indicator due to a race condition.
network
high complexity
google CWE-362
3.1
2023-07-12 CVE-2023-37948 Improper Input Validation vulnerability in Jenkins Cloud Infrastructure Compute
Jenkins Oracle Cloud Infrastructure Compute Plugin 1.0.16 and earlier does not validate SSH host keys when connecting OCI clouds, enabling man-in-the-middle attacks.
network
high complexity
jenkins CWE-20
3.7
2023-07-12 CVE-2023-38069 Unspecified vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2023.1.4 license dialog could be suppressed in certain cases
local
low complexity
jetbrains
3.3