Lucene search
+L

214 matches found

Hacker One
Hacker One
added 2020/01/15 10:33 p.m.347 views

Kubernetes: Half-Blind SSRF found in kube/cloud-controller-manager can be upgraded to complete SSRF (fully crafted HTTP requests) in vendor managed k8s service.

Hello, Who we are : We’re two French security researchers and our respective names are Brice Augras and Christophe Hauquiert, we worked and found the vulnerability together. Brice Augras from https://www.groupe-asten.fr/ company - https://hackerone.com/reeverzax Christophe Hauquiert -...

3.5CVSS6AI score0.03679EPSS
Exploits0
OSV
OSV
added 2019/12/17 3:15 p.m.8 views

CVE-2019-16550

A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents...

8.8CVSS7.3AI score0.0064EPSS
Exploits0References2
Veracode
Veracode
added 2019/08/15 12:8 a.m.29 views

Denial Of Service (Dos)

mysql is vulnerable to denial of service. An easy to exploit vulnerability allows a high privileged attacker to crash the server...

4.9CVSS3.9AI score0.02311EPSS
Exploits0References12Affected Software1
Veracode
Veracode
added 2019/08/15 12:8 a.m.28 views

Denial Of Service (Dos)

mysql is vulnerable to denial of service. An easy to exploit vulnerability allows a low privileged attacker to crash the server...

6.5CVSS4.4AI score0.02099EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2019/08/07 12:0 a.m.7 views

PT-2019-11782 · Jenkins · Jenkins Relution Enterprise Appstore Publisher Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Relution Enterprise Appstore Publisher Plugin versions 1.24 and earlier Description: A cross-site request forgery issue allows attackers to have Jenkins initiate an HTTP connection to an attacker-specified server. Recommendations: For...

4.3CVSS4.5AI score0.00636EPSS
Exploits0References5
Hacker One
Hacker One
added 2019/08/06 5:16 p.m.12 views

ForeScout Technologies: HTML Injection & Content Spoofing

Summary: The Main Search Box of the site "www.forescout.com" is Vulnerable for HTML Injection & Content Spoofing Steps To Reproduce: 1. Visit example link 2. in The Search Box enter HTML Code test 3. in the Result Page, the HTML code Will be render Impact 1. enter the Next Code In The Search Box...

0.2AI score
Exploits0
OSV
OSV
added 2019/08/01 9:15 p.m.2 views

UBUNTU-CVE-2019-14513

Improper bounds checking in Dnsmasq before 2.76 allows an attacker controlled DNS server to send large DNS packets that result in a read operation beyond the buffer allocated for the packet, a different vulnerability than CVE-2017-14491...

7.5CVSS7.3AI score0.01705EPSS
Exploits1References4
OSV
OSV
added 2019/04/04 4:29 p.m.5 views

CVE-2019-10293

A missing permission check in Jenkins Kmap Plugin in KmapJenkinsBuilder.DescriptorImpl form validation methods allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...

6.5CVSS5.8AI score0.01486EPSS
Exploits0References3
OSV
OSV
added 2019/04/04 4:29 p.m.3 views

CVE-2019-10292

A cross-site request forgery vulnerability in Jenkins Kmap Plugin in KmapJenkinsBuilder.DescriptorImpl form validation methods allows attackers to initiate a connection to an attacker-specified server...

6.5CVSS6.6AI score0.01296EPSS
Exploits0References3
OSV
OSV
added 2019/04/04 4:29 p.m.5 views

CVE-2019-1003086

A cross-site request forgery vulnerability in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpldoTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server...

6.5CVSS5.7AI score0.01296EPSS
Exploits0References3
OSV
OSV
added 2019/04/04 4:29 p.m.3 views

CVE-2019-1003091

A missing permission check in Jenkins SOASTA CloudTest Plugin in the CloudTestServer.DescriptorImpldoValidate form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...

6.5CVSS6.6AI score0.01486EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2019/04/04 12:0 a.m.6 views

PT-2019-11369 · Vmware +1 · Jenkins Vmware Lab Manager Slaves Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins VMware Lab Manager Slaves Plugin affected versions not specified Description: A missing permission check in the LabManager.DescriptorImpldoTestConnection form validation method allows attackers with Overall/Read permission to initiate...

6.5CVSS6.2AI score0.01536EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2019/04/04 12:0 a.m.6 views

PT-2019-11370 · Jenkins · Jenkins Openshift Deployer Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins OpenShift Deployer Plugin affected versions not specified Description: A cross-site request forgery issue exists in the DeployApplication.DeployApplicationDescriptordoCheckLogin form validation method, allowing attackers to initiate a...

6.5CVSS6.3AI score0.01339EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2019/04/04 12:0 a.m.5 views

PT-2019-11382 · Jenkins · Jenkins Nomad Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Nomad Plugin affected versions not specified Description: A cross-site request forgery issue exists in the NomadCloud.DescriptorImpldoTestConnection form validation method, allowing attackers to initiate a connection to an...

6.5CVSS6.2AI score0.01296EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2019/04/04 12:0 a.m.5 views

PT-2019-11380 · Jenkins · Jenkins Soasta Cloudtest Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins SOASTA CloudTest Plugin affected versions not specified Description: A cross-site request forgery issue exists in the CloudTestServer.DescriptorImpldoValidate form validation method, allowing attackers to initiate a connection to an...

6.5CVSS6.2AI score0.01296EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2019/04/04 12:0 a.m.6 views

PT-2019-11694 · Jenkins · Jenkins Kmap Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Kmap Plugin affected versions not specified Description: A cross-site request forgery issue exists in the form validation methods of KmapJenkinsBuilder.DescriptorImpl, allowing attackers to initiate a connection to an attacker-specifi...

6.5CVSS6.2AI score0.01296EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2019/04/04 12:0 a.m.6 views

PT-2019-11348 · Jenkins · Jenkins Ftp Publisher Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins FTP publisher Plugin affected versions not specified Description: A cross-site request forgery issue exists in the FTPPublisher.DescriptorImpldoLoginCheck method, allowing attackers to initiate a connection to an attacker-specified...

6.5CVSS6.2AI score0.01296EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2019/04/04 12:0 a.m.8 views

PT-2019-11680 · Jenkins · Jenkins Jenkins-Reviewbot Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins jenkins-reviewbot Plugin affected versions not specified Description: A cross-site request forgery issue exists in the ReviewboardDescriptordoTestConnection form validation method, allowing attackers to initiate a connection to an...

6.5CVSS6.2AI score0.01296EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2019/04/04 12:0 a.m.6 views

PT-2019-11372 · Jenkins · Jenkins Gearman Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Gearman Plugin affected versions not specified Description: A cross-site request forgery issue exists in the GearmanPluginConfigdoTestConnection form validation method, allowing attackers to initiate a connection to an...

6.5CVSS6.2AI score0.01296EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2019/04/04 12:0 a.m.10 views

PT-2019-11367 · Jenkins · Jenkins Audit To Database Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Audit to Database Plugin affected versions not specified Description: A missing permission check in the DbAuditPublisherDescriptorImpldoTestJdbcConnection form validation method allows attackers with Overall/Read permission to initiat...

6.5CVSS6.2AI score0.01486EPSS
Exploits0References5
Rows per page
Query Builder