Lucene search
+L

214 matches found

OSV
OSV
added 2022/10/31 6:15 a.m.0 views

DEBIAN-CVE-2022-40617

strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity and intermediate CA certificate that contains a CRL/OCSP URL that points to a server under the attacker's control that doesn't properly respond but for example jus...

7.5CVSS7.5AI score0.01634EPSS
Exploits0References1
OSV
OSV
added 2022/10/03 12:0 a.m.11 views

UBUNTU-CVE-2022-40617

strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity and intermediate CA certificate that contains a CRL/OCSP URL that points to a server under the attacker's control that doesn't properly respond but for example jus...

7.5CVSS7.3AI score0.01634EPSS
Exploits0References4
OSV
OSV
added 2022/09/21 4:15 p.m.5 views

CVE-2022-41249

A cross-site request forgery CSRF vulnerability in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.8CVSS5.7AI score0.0039EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/09/21 12:0 a.m.6 views

Jenkins SCM HttpClient Plugin 跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A cross-site request...

8.8CVSS7.8AI score0.0039EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/09/21 12:0 a.m.4 views

Jenkins CONS3RT Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

6.5CVSS6.5AI score0.00676EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/06/30 6:15 p.m.2 views

CVE-2022-34780

A cross-site request forgery CSRF vulnerability in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.5CVSS5.8AI score0.00468EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/06/30 12:0 a.m.5 views

Jenkins XebiaLabs XL Release Plugin 跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.Jenkins XebiaLabs XL Release Plugin 22.0....

6.5CVSS5.5AI score0.00468EPSS
Exploits0References6
Hacker One
Hacker One
added 2022/06/29 5:19 p.m.17 views

Radancy: Admin account/panel takeOver and Doing actions in admin panel via DOM-based XSS

Hello team , I found Dom-XSS in your https://████████/ Webmail Admin Panel that manage attacker to stealing admin sensitive info and doing any action in your webmail admin panel . why and how this vulnerability happen : - if your reviewed the source code of this endpoint of the admin panel "...

6.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2022/06/22 12:0 a.m.1 views

PT-2022-22074 · Jenkins · Jenkins Easyqa Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins EasyQA Plugin versions 1.0 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server. The form validation method is also vulnerable ...

4.3CVSS4.7AI score0.00525EPSS
Exploits0References5
Huntr
Huntr
added 2022/06/14 10:29 a.m.20 views

Forward credential header to attacker host

Description Some Admins set the "Authorization" header with the help of a reverse proxy to restrict initial access to the Drawio application server. In this kind of setup, the "Authorization" header should always be sent to the reverse proxy, and the reverse proxy will forward it to Drawio But Th...

0.6AI score
Exploits0
CVE
CVE
added 2022/04/13 5:6 p.m.91 views

CVE-2022-1337

Mattermost’s image proxy component in version 6.4.1 and earlier allocates memory for multiple copies of a proxied image, enabling an authenticated attacker to crash the server by accessing links to very large image files. The consolidated set of sources (CVE-2022-1337 entries across NVD, Red Hat,...

6.5CVSS5.2AI score0.00882EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/02/23 12:0 a.m.4 views

CVE-2021-36777

A Reliance on Untrusted Inputs in a Security Decision vulnerability in the login proxy of the openSUSE Build service allowed attackers to present users with a expected login form that then sends the clear text credentials to an attacker specified server. This issue affects: openSUSE Build service...

8.8CVSS7.2AI score0.00895EPSS
Exploits1References2
OSV
OSV
added 2022/02/15 5:15 p.m.3 views

CVE-2022-25200

A cross-site request forgery CSRF vulnerability in Jenkins Checkmarx Plugin 2022.1.2 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.8CVSS7.2AI score0.00553EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/02/15 12:0 a.m.5 views

Jenkins Plugin Snow Commander 权限许可和访问控制问题漏洞

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Snow Commander Plugin 2.0 and earlier versions are vulnerable to an access control error that stems from not...

6.5CVSS5.7AI score0.00912EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/01/12 8:15 p.m.9 views

CVE-2022-23112

A missing permission check in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers with Overall/Read access to connect to an attacker-specified SSH server using attacker-specified credentials...

6.5CVSS5.8AI score0.00855EPSS
Exploits0References3
OSV
OSV
added 2021/07/09 9:15 p.m.3 views

UBUNTU-CVE-2021-36367

PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response. This makes it easier for an attacker-controlled SSH server to present a later spoofed authentication prompt that the attacker can use to capture credential data, and use...

8.1CVSS7.2AI score0.01106EPSS
Exploits0References4
CNVD
CNVD
added 2021/06/30 12:0 a.m.7 views

Command Execution Vulnerability in NoneCms (CNVD-2021-49167)

NoneCMS is a content management system CMS based on Thinkphp. A command execution vulnerability exists in NoneCms, which can be exploited by an attacker to gain control of the server...

7.5AI score
Exploits0
OSV
OSV
added 2021/04/02 10:15 p.m.4 views

CVE-2021-21532

Dell Wyse ThinOS 8.6 MR9 contains remediation for an improper management server validation vulnerability that could be potentially exploited to redirect a client to an attacker-controlled management server, thus allowing the attacker to change the device configuration or certificate file...

6.3CVSS6.6AI score0.00216EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2020/10/20 1:59 p.m.4 views

Windows GravityRAT Malware Now Also Targets macOS and Android Devices

A Windows-based remote access Trojan believed to be designed by Pakistani hacker groups to infiltrate computers and steal users' data has resurfaced after a two-year span with retooled capabilities to target Android and macOS devices. According to cybersecurity firm Kaspersky, the malware — dubbe...

6.1AI score
Exploits0
CNVD
CNVD
added 2020/07/30 12:0 a.m.3 views

Zoho ManageEngine Desktop Central Integer Overflow Vulnerability

Zoho ManageEngine Desktop Central is integrated desktop and mobile device management software that helps manage servers, laptops, desktops, smartphones and tablets from a central location. An integer overflow vulnerability exists in the client for Zoho ManageEngine Desktop Central versions prior ...

9.8CVSS7AI score0.12666EPSS
Exploits0References1
Rows per page
Query Builder