Lucene search
K

5118 matches found

CNVD
CNVD
added 2022/07/04 12:0 a.m.25 views

Jenkins XebiaLabs XL Release Plugin Licensing Issue Vulnerability (CNVD-2022-58430)

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project. jenkins Plugin is an application. jenkins XebiaLabs XL Release Plugin...

4CVSS2.1AI score0.00647EPSS
Exploits0Affected Software1
Github Security Blog
Github Security Blog
added 2022/07/01 12:1 a.m.19 views

Missing permission checks in Jenkins XebiaLabs XL Release Plugin allow capturing credentials

Missing permission checks in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.5CVSS6.1AI score0.00647EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2022/06/30 6:15 p.m.21 views

CVE-2022-34780

A cross-site request forgery CSRF vulnerability in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.5CVSS0.00468EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/06/30 6:15 p.m.2 views

CVE-2022-34780

A cross-site request forgery CSRF vulnerability in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.5CVSS5.8AI score0.00468EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/06/30 6:15 p.m.5 views

CVE-2022-34781

Missing permission checks in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.5CVSS5.9AI score0.00647EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/06/30 12:0 a.m.3 views

PT-2022-22332 · Xebialabs +1 · Jenkins Xebialabs Xl Release Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins XebiaLabs XL Release Plugin versions 22.0.0 and earlier Description: The issue is related to missing permission checks in the Jenkins XebiaLabs XL Release Plugin, allowing attackers with Overall/Read permission to connect to an...

6.5CVSS6.2AI score0.00647EPSS
Exploits0References7
CNNVD
CNNVD
added 2022/06/30 12:0 a.m.3 views

Jenkins XebiaLabs XL Release Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project. jenkins Plugin is an application. jenkins XebiaLabs XL Release Plugin...

6.5CVSS5.6AI score0.00647EPSS
Exploits0References6
ThreatPost
ThreatPost
added 2022/06/22 12:49 p.m.42 views

Gamification of Ethical Hacking and Hacking Esports

While ethical hacking is by no means a new or groundbreaking practice, the scale at which organizations and individuals are undertaking such initiatives continues to intensify, especially considering recent events such as the log4j vulnerability. Traditionally, ethical hacking is undertaken by...

7.3AI score
Exploits0References4
OSV
OSV
added 2022/06/20 8:20 p.m.9 views

MAL-2022-2078 Malicious code in com.unity.modules.screencapture (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5366acc1724e2c06f0d14d7c184f5a94703e4be8fcbcfa54e355e71653d1a39e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/06/17 2:15 p.m.1 views

CVE-2022-31246

paymentrequest.py in Electrum before 4.2.2 allows a file:// URL in the r parameter of a payment request e.g., within QR code data. On Windows, this can lead to capture of credentials over SMB. On Linux and UNIX, it can lead to a denial of service by specifying the /dev/zero filename...

5.5CVSS6.2AI score0.00742EPSS
Exploits0References3
NVD
NVD
added 2022/06/17 2:15 p.m.26 views

CVE-2022-31246

paymentrequest.py in Electrum before 4.2.2 allows a file:// URL in the r parameter of a payment request e.g., within QR code data. On Windows, this can lead to capture of credentials over SMB. On Linux and UNIX, it can lead to a denial of service by specifying the /dev/zero filename...

5.5CVSS0.00742EPSS
Exploits0References2
OSV
OSV
added 2022/06/17 2:15 p.m.24 views

CVE-2022-31246

paymentrequest.py in Electrum before 4.2.2 allows a file:// URL in the r parameter of a payment request e.g., within QR code data. On Windows, this can lead to capture of credentials over SMB. On Linux and UNIX, it can lead to a denial of service by specifying the /dev/zero filename...

5.5CVSS6.9AI score
Exploits0References2
UbuntuCve
UbuntuCve
added 2022/06/17 2:15 p.m.46 views

CVE-2022-31246

paymentrequest.py in Electrum before 4.2.2 allows a file:// URL in the r parameter of a payment request e.g., within QR code data. On Windows, this can lead to capture of credentials over SMB. On Linux and UNIX, it can lead to a denial of service by specifying the /dev/zero filename...

5.5CVSS6.2AI score0.00742EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/06/17 1:39 p.m.24 views

CVE-2022-31246

paymentrequest.py in Electrum before 4.2.2 allows a file:// URL in the r parameter of a payment request e.g., within QR code data. On Windows, this can lead to capture of credentials over SMB. On Linux and UNIX, it can lead to a denial of service by specifying the /dev/zero filename...

5.8AI score0.00742EPSS
Exploits0References2
CNVD
CNVD
added 2022/06/17 12:0 a.m.24 views

kkcms SQL Injection Vulnerability

kkcms is an open source video capture and playback system. The system is mainly used to automatically capture video resources and provide online playback. kkcms v1.3.7 version has a SQL injection vulnerability, the vulnerability originates from /template/wapian/vlist.php does not filter the...

9.8CVSS3.8AI score0.01043EPSS
Exploits1References1
Prion
Prion
added 2022/06/13 4:15 p.m.15 views

Design/Logic Flaw

kCTF is a Kubernetes-based infrastructure for capture the flag CTF competitions. Prior to version 1.6.0, the kctf cluster set-src-ip-ranges was broken and allowed traffic from any IP. The problem has been patched in v1.6.0. As a workaround, those who want to test challenges privately can mark the...

5CVSS7.5AI score0.00588EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2022/06/13 3:40 p.m.26 views

CVE-2022-31055 Improper Access Control in kctf

kCTF is a Kubernetes-based infrastructure for capture the flag CTF competitions. Prior to version 1.6.0, the kctf cluster set-src-ip-ranges was broken and allowed traffic from any IP. The problem has been patched in v1.6.0. As a workaround, those who want to test challenges privately can mark the...

7.5CVSS7.6AI score0.00588EPSS
Exploits0References3
CVE
CVE
added 2022/06/13 3:40 p.m.96 views

CVE-2022-31055

Summary: CVE-2022-31055 relates to Google kCTF, a Kubernetes-based CTF infrastructure. Several connected sources confirm that prior to version 1.6.0 the kCTF cluster set-src-ip-ranges feature was broken, effectively allowing traffic from any IP due to improper access control. The issue was patche...

7.5CVSS7.5AI score0.00588EPSS
Exploits0References3Affected Software1
Kitploit
Kitploit
added 2022/06/10 12:30 p.m.52 views

PacketStreamer - Distributed Tcpdump For Cloud Native Environments

Deepfence PacketStreamer is a high-performance remote packet capture and collection tool. It is used by Deepfence's ThreatStryker security observability platform to gather network traffic on demand from cloud workloads for forensic analysis. Primary design goals: Stay light, capture and stream, n...

7.4AI score
Exploits0References10
The Hacker News
The Hacker News
added 2022/06/09 12:8 p.m.41 views

Symbiote: A Stealthy Linux Malware Targeting Latin American Financial Sector

Cybersecurity researchers have taken the wraps off what they call a "nearly-impossible-to-detect" Linux malware that could be weaponized to backdoor infected systems. Dubbed Symbiote by threat intelligence firms BlackBerry and Intezer, the stealthy malware is so named for its ability to conceal...

0.7AI score
Exploits0
Rows per page
Query Builder