Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

175 matches found

UbuntuCve
UbuntuCveadded 2020/04/14 2:15 a.m.23 views

CVE-2019-11480

The pc-kernel snap build process hardcoded the --allow-insecure-repositories and --allow-unauthenticated apt options when creating the build chroot environment. This could allow an attacker who is able to perform a MITM attack between the build environment and the Ubuntu archive to install a...

8.4CVSS7.1AI score0.00427EPSS
Exploits1References1
CVE
CVEadded 2020/04/14 2:10 a.m.91 views

CVE-2019-11480

The CVE concerns the pc-kernel snap build process, where the build chroot is created with hardcoded --allow-insecure-repositories and --allow-unauthenticated apt options. This design enables a MITM attacker on the path between the build environment and the Ubuntu archive to insert a malicious pac...

8.4CVSS8.1AI score0.00427EPSS
Exploits1References2Affected Software1
Gitee
Giteeadded 2020/03/20 5:2 p.m.5 views

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not explicitly stated, but the environments are designed to be vulnerable to various types of attacks. The probable entry points are not specified, but the environments are likel...

7.1AI score
Exploits0
Zero Day Initiative
Zero Day Initiativeadded 2019/10/30 12:0 a.m.19 views

(0Day) Jenkins Delphix Cleartext Storage of Credentials Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Jenkins Delphix. Authentication is required to exploit this vulnerability. The specific flaw exists within the Delphix plugin. The issue results from storing credentials in plaintext. An...

3.3CVSS1.8AI score
Exploits0
Zero Day Initiative
Zero Day Initiativeadded 2019/10/30 12:0 a.m.12 views

(0Day) Jenkins Extensive Testing Cleartext Storage of Credentials Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Jenkins Extensive Testing. Authentication is required to exploit this vulnerability. The specific flaw exists within the Extensive Testing plugin. The issue results from storing credentials in...

3.3CVSS1.5AI score
Exploits0
Zero Day Initiative
Zero Day Initiativeadded 2019/10/30 12:0 a.m.16 views

(0Day) Jenkins Sofy.AI Cleartext Storage of Credentials Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Jenkins Sofy.AI. Authentication is required to exploit this vulnerability. The specific flaw exists within the Sofy.AI plugin. The issue results from storing credentials in plaintext. An...

3.3CVSS2AI score
Exploits0
Zero Day Initiative
Zero Day Initiativeadded 2019/10/30 12:0 a.m.31 views

Jenkins iceScrum Cleartext Storage of Credentials Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Jenkins iceScrum. Authentication is required to exploit this vulnerability. The specific flaw exists within the iceScrum plugin. The issue results from storing credentials in plaintext. An...

3.3CVSS1.9AI score0.00112EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiativeadded 2019/10/30 12:0 a.m.12 views

(0Day) Jenkins Fortify on Demand Uploader Cleartext Storage of Credentials Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Jenkins Fortify On Demand Uploader. Authentication is required to exploit this vulnerability. The specific flaw exists within the Fortify On Demand Uploader plugin. The issue results from...

3.3CVSS1.7AI score
Exploits0
Zero Day Initiative
Zero Day Initiativeadded 2019/10/30 12:0 a.m.11 views

(0Day) Jenkins SOASTA CloudTest Cleartext Storage of Credentials Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Jenkins SOASTA CloudTest. Authentication is required to exploit this vulnerability. The specific flaw exists within the SOASTA CloudTest plugin. The issue results from storing credentials in...

3.3CVSS1.6AI score
Exploits0
Zero Day Initiative
Zero Day Initiativeadded 2019/10/30 12:0 a.m.15 views

(0Day) Jenkins ElasticBox CI Cleartext Storage of Credentials Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Jenkins ElasticBox CI. Authentication is required to exploit this vulnerability. The specific flaw exists within the ElasticBox CI plugin. The issue results from storing credentials in...

3.3CVSS1.6AI score
Exploits0
Zero Day Initiative
Zero Day Initiativeadded 2019/09/17 12:0 a.m.29 views

Jenkins Gogs Cleartext Storage of Credentials Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Jenkins Gogs. Authentication is required to exploit this vulnerability. The specific flaw exists within the Gogs plugin. The issue results from storing credentials in plaintext. An attacker ca...

3.3CVSS1.7AI score0.00084EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiativeadded 2019/09/17 12:0 a.m.26 views

Jenkins Skytap Cloud CI Cleartext Storage of Credentials Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Jenkins Skytap Cloud CI. Authentication is required to exploit this vulnerability. The specific flaw exists within the Skytap Cloud CI plugin. The issue results from storing credentials in...

3.3CVSS1.6AI score0.00167EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2019/07/03 12:0 a.m.8 views

PT-2019-11466 · Jetbrains · Kotlin

Name of the Vulnerable Software and Affected Versions: JetBrains Kotlin versions prior to 1.3.30 Description: The issue allows for a potential MITM attack due to the resolution of artifacts using an http connection during the build process. Recommendations: For versions prior to 1.3.30, update to...

8.1CVSS7.9AI score0.00012EPSS
Exploits2References5
Tenable Nessus
Tenable Nessusadded 2019/01/03 12:0 a.m.36 views

Fedora 28 : glibc (2018-060302dc83)

This update for the glibc package addresses one moderate security vulnerability and several defects. - CVE-2018-19591: A file descriptor leak in ifnametoindex can lead to a denial of service due to resource exhaustion when processing getaddrinfo calls with crafted host names. Reported by Guido...

7.5CVSS7.3AI score0.01775EPSS
Exploits1References3
Tenable Nessus
Tenable Nessusadded 2019/01/03 12:0 a.m.40 views

Fedora 29 : glibc (2018-f6b7df660d)

This update for the glibc package addresses one moderate security vulnerability and a minor defect : - CVE-2018-19591: A file descriptor leak in ifnametoindex can lead to a denial of service due to resource exhaustion when processing getaddrinfo calls with crafted host names. Reported by Guido...

7.5CVSS7.4AI score0.01775EPSS
Exploits1References2
n0where
n0whereadded 2018/05/24 6:52 p.m.20 views

Windows Packer Project for Defenders: DARKSURGEON

Darksurgeon is a Windows packer project to empower incident response, digital forensics, malware analysis, and network defense. Darksurgeon has three stated goals: Accelerate incident response, digital forensics, malware analysis, and network defense with a preconfigured Windows 10 environment...

Exploits0References1
Fedora
Fedoraadded 2016/12/10 2:52 a.m.30 views

[SECURITY] Fedora 23 Update: flex-2.6.0-2.fc23

The flex program generates scanners. Scanners are programs which can recognize lexical patterns in text. Flex takes pairs of regular expressions and C code as input and generates a C source file as output. The output file is compiled and linked with a library to produce an executable. The...

9.8CVSS1.9AI score0.36245EPSS
Exploits0
Cvelist
Cvelistadded 2016/06/30 4:0 p.m.37 views

CVE-2016-4474

The image build process for the overcloud images in Red Hat OpenStack Platform 8.0 Liberty director and Red Hat Enterprise Linux OpenStack Platform 7.0 Kilo director aka overcloud-full use a default root password of ROOTPW, which allows attackers to gain access via unspecified vectors...

8.9AI score0.00108EPSS
Exploits0References3
CVE
CVEadded 2016/06/30 4:0 p.m.58 views

CVE-2016-4474

CVE-2016-4474 affects Red Hat OpenStack Platform 8.0 (Liberty) director and Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) overcloud-full images. The image build process uses a default root password (ROOTPW/rootpw), enabling potential remote root access via unspecified vectors. Red Hat ad...

8.8CVSS8.8AI score0.00108EPSS
Exploits0References3Affected Software1
RedHat Linux
RedHat Linuxadded 2016/06/13 9:25 p.m.27 views

Important: Red Hat Security Advisory: rhosp-director-images security and bug fix update

Updated deployment images are now available for Red Hat OpenStack Platform 7.0 Kilo director. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

8.8CVSS7.4AI score0.00108EPSS
Exploits0References2
Rows per page
Query Builder