Lucene search
K

5112 matches found

Github Security Blog
Github Security Blog
added 2022/03/16 12:0 a.m.29 views

CSRF vulnerability in Jenkins kubernetes-cd Plugin allow capturing credentials

A cross-site request forgery CSRF vulnerability in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.5CVSS4AI score0.00705EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/03/16 12:0 a.m.26 views

GHSA-794J-HX96-4W3M CSRF vulnerability and missing permission checks in Jenkins kubernetes-cd Plugin allow capturing credentials

A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkin...

7.1CVSS6.5AI score0.00887EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2022/03/16 12:0 a.m.139 views

Wireshark 3.6.x < 3.6.2 Multiple Vulnerabilities (macOS)

The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 3.6.2. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-3.6.2 advisory. - Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial...

9.8CVSS6.8AI score0.02374EPSS
Exploits5References16
NVD
NVD
added 2022/03/15 5:15 p.m.29 views

CVE-2022-27210

A cross-site request forgery CSRF vulnerability in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.5CVSS0.00705EPSS
Exploits0References2
OSV
OSV
added 2022/03/11 12:2 a.m.0 views

GHSA-9RR6-JPG7-9JG6 Authentication Bypass by Capture-replay in Apache Spark

Apache Spark supports end-to-end encryption of RPC connections via "spark.authenticate" and "spark.network.crypto.enabled". In versions 3.1.2 and earlier, it uses a bespoke mutual authentication protocol that allows for full encryption key recovery. After an initial interactive attack, this would...

8.7CVSS7.2AI score0.01817EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/03/11 12:2 a.m.36 views

Authentication Bypass by Capture-replay in Apache Spark

Apache Spark supports end-to-end encryption of RPC connections via "spark.authenticate" and "spark.network.crypto.enabled". In versions 3.1.2 and earlier, it uses a bespoke mutual authentication protocol that allows for full encryption key recovery. After an initial interactive attack, this would...

7.5CVSS7.7AI score0.01817EPSS
Exploits0References5Affected Software2
Citrix
Citrix
added 2022/03/10 12:0 a.m.13 views

EPA scan Fails. Error: Failed sending epaq

Error: Failed sending Epaq We will see following error in plugin logs: 2022-01-14 07:03:05.860 | Tid: 10876 | ERROR | nsstartepa | 1030 | Failed sending GET epaq. Return code: -4 2022-01-14 07:03:05.860 | Tid: 10876 | DEBUG | nsstartepa returning Failed sending epaq Following message will be seen...

7.1AI score
Exploits0
OSV
OSV
added 2022/03/09 8:15 p.m.6 views

CVE-2022-22806

A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause an unauthenticated connection to the UPS when a malformed connection is sent. Affected Product: SmartConnect Family: SMT Series SMT Series ID=1015: UPS 04.5 and prior, SMC Series SMC Series ID=1018: UPS 04.2...

9.8CVSS7.5AI score0.1226EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/03/09 8:15 p.m.4 views

CVE-2022-22806

A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause an unauthenticated connection to the UPS when a malformed connection is sent. Affected Product: SmartConnect Family: SMT Series SMT Series ID=1015: UPS 04.5 and prior, SMC Series SMC Series ID=1018: UPS 04.2...

9.8CVSS7.5AI score0.1226EPSS
Exploits0References3
Prion
Prion
added 2022/03/09 8:15 p.m.16 views

Authentication flaw

A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause an unauthenticated connection to the UPS when a malformed connection is sent. Affected Product: SmartConnect Family: SMT Series SMT Series ID=1015: UPS 04.5 and prior, SMC Series SMC Series ID=1018: UPS 04.2...

7.5CVSS9.3AI score0.1226EPSS
Exploits0References1Affected Software8
CVE
CVE
added 2022/03/09 7:30 p.m.135 views

CVE-2022-22806

CVE-2022-22806 describes an Authentication Bypass by Capture-replay affecting APC/Schneider Electric Smart-UPS lines. Affected products and versions (pre-fix): SMT Series &lt;= 04.5, SMC Series &lt;= 04.2, SMTL Series &lt;= 02.9, SCL Series &lt;= 02.5 (and SCL &lt;= 03.1), SMX Series 04.5, SMC &...

9.8CVSS9.4AI score0.1226EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/03/09 7:30 p.m.14 views

CVE-2022-22806

A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause an unauthenticated connection to the UPS when a malformed connection is sent. Affected Product: SmartConnect Family: SMT Series SMT Series ID=1015: UPS 04.5 and prior, SMC Series SMC Series ID=1018: UPS 04.2...

9.7AI score0.1226EPSS
Exploits0References1
Veracode
Veracode
added 2022/03/07 5:36 a.m.28 views

Denial Of Service (DoS)

wireshark is vulnerable to denial of service. The vulnerability exists due to an infinite loop in RTMPT protocol dissector allowing an attacker to crash the system via packet injection or crafted capture file...

7.5CVSS3.3AI score0.0202EPSS
Exploits1References10Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/03/05 12:0 a.m.36 views

openSUSE 15 Security Update : wireshark (openSUSE-SU-2022:0722-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0722-1 advisory. - Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or...

9.8CVSS6.5AI score0.02374EPSS
Exploits5References16
Tenable Nessus
Tenable Nessus
added 2022/03/05 12:0 a.m.42 views

SUSE SLED15 / SLES15 Security Update : wireshark (SUSE-SU-2022:0722-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0722-1 advisory. - Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service...

9.8CVSS6.5AI score0.02374EPSS
Exploits5References16
GithubExploit
GithubExploit
added 2022/03/04 12:3 p.m.325 views

Exploit for Authentication Bypass by Capture-replay in Dingtian-Tech Dt-R004_Firmware

CVE-2022-29593 - Authentication Bypass by Capture Replay Ding...

5.9CVSS6AI score0.10436EPSS
Exploits5
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/03 5:16 p.m.50 views

Security Bulletin: IBM InfoSphere Change Data Capture is affected by a Jackson 2.3.3 and 2.4.4 open source library vulnerabilities

Summary IBM Data Replication has addressed the following vulnerabilities: CVE-2017-17485 CVE-2018-5968 CVE-2017-15095 CVE-2017-7525 CVE-2018-7489 Vulnerability Details CVEID: CVE-2017-17485 DESCRIPTION: Jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused...

9.8CVSS9.7AI score0.49727EPSS
Exploits7Affected Software1
Kitploit
Kitploit
added 2022/03/02 11:30 a.m.83 views

CAPEv2 - Malware Configuration And Payload Extraction

CAPE is a malware sandbox. It was derived from Cuckoo with the goal of adding automated malware unpacking and config extraction - hence its name is an acronym: 'Config And Payload Extraction'. Automated unpacking allows classification based on Yara signatures to complement network Suricata and...

8AI score
Exploits0References8
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/28 5:3 a.m.81 views

Security Bulletin: Due to use of Apache Log4j, IBM Datacap is vulnerable to arbitrary code execution (CVE-2021-4104)

Summary Apache Log4j was used by 2 of the third party components used in Datacap as part of its logging infrastructure. The fix includes Apache Log4j v.2.17.1 for one of these third party component used in Datacap. The fix removes Apache Log4j for second third party component used in Datacap...

7.5CVSS1.2AI score0.81147EPSS
Exploits9Affected Software1
Trellix
Trellix
added 2022/02/28 12:0 a.m.10 views

Trellix “Catmen Sanfrancisco” Capture the Flag Results!

Trellix “Catmen Sanfrancisco” Capture the Flag Results! By Trellix · February 28, 2022 This story was written by Steve Povolny. And just like that, it’s all over! Our annual Capture the Flag contest expired at 11:59pm PST, on February 25th. We wanted to take a moment to thank all of our...

6.6AI score
Exploits0
Rows per page
Query Builder