Lucene search
K

50 matches found

OSV
OSV
added 2024/03/06 10:57 a.m.14 views

BIT-DISCOURSE-2023-30606 Multisite denial of service through unsanitized dynamic dispatch to SiteSetting in Discourse

Discourse is an open source platform for community discussion. In affected versions a user logged as an administrator can call arbitrary methods on the SiteSetting class, notably clearcache! and notifychanged!, which when done on a multisite instance, can affect the entire cluster resulting in a...

4.9CVSS4.9AI score0.00388EPSS
Exploits0References2
NVD
NVD
added 2023/04/18 10:15 p.m.14 views

CVE-2023-30606

Discourse is an open source platform for community discussion. In affected versions a user logged as an administrator can call arbitrary methods on the SiteSetting class, notably clearcache! and notifychanged!, which when done on a multisite instance, can affect the entire cluster resulting in a...

4.9CVSS4.6AI score0.00388EPSS
Exploits0References1
Prion
Prion
added 2023/04/18 10:15 p.m.23 views

Design/Logic Flaw

Discourse is an open source platform for community discussion. In affected versions a user logged as an administrator can call arbitrary methods on the SiteSetting class, notably clearcache! and notifychanged!, which when done on a multisite instance, can affect the entire cluster resulting in a...

3.3CVSS5.2AI score0.00388EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/04/18 9:36 p.m.17 views

CVE-2023-30606 Multisite denial of service through unsanitized dynamic dispatch to SiteSetting in Discourse

Discourse is an open source platform for community discussion. In affected versions a user logged as an administrator can call arbitrary methods on the SiteSetting class, notably clearcache! and notifychanged!, which when done on a multisite instance, can affect the entire cluster resulting in a...

4.2CVSS5.7AI score0.00388EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 4:35 a.m.5 views

SUSE CVE-2017-1000107

Script Security Plugin did not apply sandboxing restrictions to constructor invocations via positional arguments list, super constructor invocations, method references, and type coercion expressions. This could be used to invoke arbitrary constructors and methods, bypassing sandbox protection...

8.8CVSS9AI score0.01204EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/24 10:0 p.m.30 views

Unsafe entry in Script Security list of approved signatures in Pipeline Remote Loader Plugin

Jenkins Pipeline Remote Loader Plugin before 1.5 provided a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection...

9.9CVSS4.3AI score0.01938EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2022/05/24 10:0 p.m.26 views

GHSA-V558-FHW2-V46W Unsafe entry in Script Security list of approved signatures in Pipeline Remote Loader Plugin

Jenkins Pipeline Remote Loader Plugin before 1.5 provided a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection...

9.9CVSS8.9AI score0.01938EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2022/04/30 6:19 p.m.23 views

ZCatalog plug-in for Zope allows anonymous users to bypass access restrictions

ZCatalog plug-in index support capability for Zope 2.4.0 through 2.5.1 allows anonymous users and untrusted code to bypass access restrictions and call arbitrary methods of catalog indexes...

7.5CVSS7.1AI score0.01427EPSS
Exploits0References7Affected Software1
RedHat Linux
RedHat Linux
added 2021/06/29 4:24 p.m.2 views

ruby: Code injection via command argument of Shell#test / Shell#[]

Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument aka the "command" argument to Shell or Shelltest in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method...

8.1CVSS7.4AI score0.04221EPSS
Exploits1References4
CNNVD
CNNVD
added 2021/06/01 12:0 a.m.6 views

Apache Dubbo代码问题漏洞

Apache Dubbo is the United States Apache Apache Foundation of a lightweight Java-based RPC Remote Procedure Call framework. The product provides interface-based remote calling , fault tolerance and load balancing and automatic service registration and discovery. A deserialization vulnerability...

9.8CVSS6.1AI score0.04197EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2020/12/06 11:53 a.m.37 views

CVE-2019-10328

A flaw was found in the Jenkins Workflow Remote Loader plugin. An unsafe whitelist entry was made that allowed invoking arbitrary methods and bypassing sandbox protection. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

9.9CVSS3.4AI score0.01938EPSS
Exploits0References4
PyPA
PyPA
added 2020/09/30 9:15 p.m.6 views

PYSEC-2020-223

In the course of work on the open source project it was discovered that authenticated users running queries against Hive and Presto database engines could access information via a number of templated fields including the contents of query description metadata database, the hashed version of the...

8.1CVSS6.8AI score0.02001EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2020/09/30 9:15 p.m.36 views

Design/Logic Flaw

In the course of work on the open source project it was discovered that authenticated users running queries against Hive and Presto database engines could access information via a number of templated fields including the contents of query description metadata database, the hashed version of the...

5.5CVSS7.8AI score0.02001EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/09/30 8:48 p.m.99 views

CVE-2020-13952

Apache Superset CVE-2020-13952 affects all versions

8.1CVSS7.7AI score0.02001EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2020/09/30 12:0 a.m.4 views

PT-2020-13800 · Apache · Apache Superset

Name of the Vulnerable Software and Affected Versions: Apache Superset versions prior to 0.37.2 Description: The issue allows authenticated users running queries against Hive and Presto database engines to access sensitive information, including the contents of query description metadata database...

8.6CVSS6.9AI score0.02001EPSS
Exploits0References9
NVD
NVD
added 2020/01/08 8:15 p.m.18 views

CVE-2019-11762

If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. This vulnerability affects Firefox 70, Thunderbird 68.2, and Firefox ESR 68.2...

6.1CVSS6.6AI score0.00609EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2019/12/02 6:16 p.m.72 views

Pomelo allows external control of critical state data

Pomelo v2.2.5 allows external control of critical state data. A malicious user input can corrupt arbitrary methods and attributes in template/game-server/app/servers/connector/handler/entryHandler.js because certain internal attributes can be overwritten via a conflicting name. Hence, a malicious...

5.3CVSS5.6AI score0.01157EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2019/11/14 12:15 a.m.13 views

CVE-2019-18954

Pomelo v2.2.5 allows external control of critical state data. A malicious user input can corrupt arbitrary methods and attributes in template/game-server/app/servers/connector/handler/entryHandler.js because certain internal attributes can be overwritten via a conflicting name. Hence, a malicious...

5.3CVSS6.8AI score
Exploits0References2
Prion
Prion
added 2019/09/25 4:15 p.m.13 views

Code injection

Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection...

6.5CVSS9.5AI score0.01205EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2019/07/03 11:56 a.m.9 views

jenkins-plugin-workflow-remote-loader: Unsafe Script Security whitelist entry in Pipeline Remote Loader Plugin (SECURITY-921)

A flaw was found in the Jenkins Workflow Remote Loader plugin. An unsafe whitelist entry was made that allowed invoking arbitrary methods and bypassing sandbox protection. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

9.9CVSS6.8AI score0.01938EPSS
Exploits0References5
Rows per page
Query Builder