Lucene search
K

5122 matches found

Prion
Prion
added 2022/09/21 4:15 p.m.18 views

Design/Logic Flaw

A missing permission check in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4CVSS6.3AI score0.00536EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/09/21 3:46 p.m.4 views

CVE-2022-41254

Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.4AI score0.00658EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/09/21 3:46 p.m.27 views

CVE-2022-41253

A cross-site request forgery CSRF vulnerability in Jenkins CONS3RT Plugin 1.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.9AI score0.00472EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/09/21 3:46 p.m.3 views

CVE-2022-41250

A missing permission check in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.4AI score0.00536EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/09/21 12:0 a.m.1 views

PT-2022-25769 · Jenkins · Jenkins Cons3Rt Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins CONS3RT Plugin versions 1.0.0 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another...

8.8CVSS8.5AI score0.00472EPSS
Exploits0References7
CNNVD
CNNVD
added 2022/09/21 12:0 a.m.4 views

Jenkins CONS3RT Plugin 跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A cross-site request...

8.8CVSS7.8AI score0.00472EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/09/21 12:0 a.m.5 views

PT-2022-25760 · Jenkins · Jenkins Worksoft Execution Manager Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Worksoft Execution Manager Plugin versions 10.0.3.503 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs, capturin...

8.8CVSS8.6AI score0.00418EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2022/09/21 12:0 a.m.2 views

PT-2022-25766 · Jenkins · Jenkins Scm Httpclient Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins SCM HttpClient Plugin versions 1.5 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials ID...

6.5CVSS6.3AI score0.00536EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2022/09/20 12:0 a.m.38 views

SUSE SLED15: libwireshark15 / libwiretap12 / libwsutil13 / wireshark / etc (SUSE-SU-2022:3309-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3309-1 advisory. Updated to Wireshark 3.6.8: - CVE-2022-3190: Fixed F5 Ethernet Trailer dissector infinite loop...

7.5CVSS6.7AI score0.02205EPSS
Exploits2References7
Prion
Prion
added 2022/09/16 10:15 p.m.13 views

Design/Logic Flaw

When logging in to a VBASE runtime project via Web-Remote, the product uses XOR with a static initial key to obfuscate login messages. An unauthenticated remote attacker with the ability to capture a login session can obtain the login credentials...

5CVSS7.5AI score0.01127EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/09/16 8:15 p.m.16 views

CVE-2022-3217

When logging in to a VBASE runtime project via Web-Remote, the product uses XOR with a static initial key to obfuscate login messages. An unauthenticated remote attacker with the ability to capture a login session can obtain the login credentials...

7.7AI score0.01127EPSS
Exploits1References1
NVD
NVD
added 2022/09/13 3:15 p.m.16 views

CVE-2022-3190

Infinite loop in the F5 Ethernet Trailer protocol dissector in Wireshark 3.6.0 to 3.6.7 and 3.4.0 to 3.4.15 allows denial of service via packet injection or crafted capture file...

6.3CVSS0.01739EPSS
Exploits1References6
UbuntuCve
UbuntuCve
added 2022/09/13 3:15 p.m.25 views

CVE-2022-3190

Infinite loop in the F5 Ethernet Trailer protocol dissector in Wireshark 3.6.0 to 3.6.7 and 3.4.0 to 3.4.15 allows denial of service via packet injection or crafted capture file...

6.3CVSS6.7AI score0.01739EPSS
Exploits1References5
Prion
Prion
added 2022/09/13 3:15 p.m.22 views

Design/Logic Flaw

Infinite loop in the F5 Ethernet Trailer protocol dissector in Wireshark 3.6.0 to 3.6.7 and 3.4.0 to 3.4.15 allows denial of service via packet injection or crafted capture file...

1.9CVSS5.7AI score0.01739EPSS
Exploits1References5Affected Software2
NVD
NVD
added 2022/09/13 10:15 a.m.10 views

CVE-2022-37011

A vulnerability has been identified in Mendix SAML Mendix 7 compatible All versions V1.17.0, Mendix SAML Mendix 8 compatible All versions V2.3.0, Mendix SAML Mendix 9 compatible, New Track All versions V3.3.1, Mendix SAML Mendix 9 compatible, Upgrade Track All versions V3.3.0. Affected versions o...

9.8CVSS0.01046EPSS
Exploits0References1
Prion
Prion
added 2022/09/13 10:15 a.m.15 views

Authentication flaw

A vulnerability has been identified in Mendix SAML Mendix 7 compatible All versions V1.17.0, Mendix SAML Mendix 8 compatible All versions V2.3.0, Mendix SAML Mendix 9 compatible, New Track All versions V3.3.1, Mendix SAML Mendix 9 compatible, Upgrade Track All versions V3.3.0. Affected versions o...

7.5CVSS9.4AI score0.01046EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/09/13 12:0 a.m.2 views

Wireshark 安全漏洞

Wireshark formerly Ethereal is a suite of network packet analysis software from the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. Wireshark suffers from a denial-of-service vulnerability that stems from an infinite loop in its...

6.3CVSS7.1AI score0.01739EPSS
Exploits1References7
CVE
CVE
added 2022/09/13 12:0 a.m.525 views

CVE-2022-3190

The CVE describes an infinite loop in the F5 Ethernet Trailer protocol dissector of Wireshark. Affected releases include Wireshark 3.6.0–3.6.7 and 3.4.0–3.4.15, where processing crafted captures or packet injections can cause a denial of service. Connected advisories corroborate the issue and ind...

6.3CVSS5.6AI score0.01739EPSS
Exploits1References6Affected Software1
CVE
CVE
added 2022/09/13 12:0 a.m.68 views

CVE-2022-37011

Technical details about CVE-2022-37011 are not publicly provided in the supplied documents. Monitor for updates from official advisories and vendor pages.

9.8CVSS9.4AI score0.01046EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/09/13 12:0 a.m.32 views

CVE-2022-37011

A vulnerability has been identified in Mendix SAML Mendix 7 compatible All versions V1.17.0, Mendix SAML Mendix 8 compatible All versions V2.3.0, Mendix SAML Mendix 9 compatible, New Track All versions V3.3.1, Mendix SAML Mendix 9 compatible, Upgrade Track All versions V3.3.0. Affected versions o...

9.7AI score0.01046EPSS
Exploits0References1
Rows per page
Query Builder