Lucene search
K

5112 matches found

BDU FSTEC
BDU FSTEC
added 2022/02/16 12:0 a.m.8 views

The vulnerability of the Screen Capture function in the Google Chrome browser allows a hacker to gain access to confidential information.

The vulnerability of the Screen Capture function in Google Chrome browser relates to the use of memory after deallocation. Exploiting this vulnerability can allow a remote attacker to gain access to confidential information through a specially created web page...

10CVSS7.1AI score0.00761EPSS
Exploits0References6Affected Software4
OSV
OSV
added 2022/02/15 5:15 p.m.4 views

CVE-2022-25210

Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier uses static fields to store job configuration information, allowing attackers with Item/Configure permission to capture passwords of the jobs that will be configured...

6.5CVSS6.6AI score0.00796EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/02/15 5:15 p.m.8 views

CVE-2022-25210

Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier uses static fields to store job configuration information, allowing attackers with Item/Configure permission to capture passwords of the jobs that will be configured...

6.5CVSS6.6AI score0.00796EPSS
Exploits0References2
OSV
OSV
added 2022/02/15 5:15 p.m.3 views

CVE-2022-25193

Missing permission checks in Jenkins Snow Commander Plugin 1.10 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.5CVSS5.8AI score0.00898EPSS
Exploits0References1
OSV
OSV
added 2022/02/15 5:15 p.m.2 views

CVE-2022-25200

A cross-site request forgery CSRF vulnerability in Jenkins Checkmarx Plugin 2022.1.2 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.8CVSS7.2AI score0.00544EPSS
Exploits0References2
OSV
OSV
added 2022/02/15 5:15 p.m.2 views

CVE-2022-25192

A cross-site request forgery CSRF vulnerability in Jenkins Snow Commander Plugin 1.10 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.8CVSS7.2AI score0.00644EPSS
Exploits0References1
OSV
OSV
added 2022/02/15 5:15 p.m.4 views

CVE-2022-25201

Missing permission checks in Jenkins Checkmarx Plugin 2022.1.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.5CVSS5.8AI score0.00731EPSS
Exploits0References1
Prion
Prion
added 2022/02/15 5:15 p.m.13 views

Design/Logic Flaw

Missing permission checks in Jenkins Checkmarx Plugin 2022.1.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4CVSS6.3AI score0.00731EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/02/15 5:15 p.m.14 views

Design/Logic Flaw

Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier uses static fields to store job configuration information, allowing attackers with Item/Configure permission to capture passwords of the jobs that will be configured...

4CVSS6.3AI score0.00796EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/02/15 4:11 p.m.171 views

CVE-2022-25210

CVE-2022-25210 affects the Jenkins Convertigo Mobile Platform Plugin up to version 1.1. The vulnerability arises from using static fields to store job configuration information, enabling attackers with Item/Configure permission to capture passwords for jobs that will be configured. This is descri...

6.5CVSS6.5AI score0.00796EPSS
Exploits0References1Affected Software1
AlpineLinux
AlpineLinux
added 2022/02/15 4:11 p.m.105 views

CVE-2022-25201

Missing permission checks in Jenkins Checkmarx Plugin 2022.1.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.5CVSS4.7AI score0.00731EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/02/15 4:11 p.m.25 views

CVE-2022-25192

A cross-site request forgery CSRF vulnerability in Jenkins Snow Commander Plugin 1.10 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.9AI score0.00644EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2022/02/15 4:29 a.m.45 views

CVE-2022-0586

Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file...

7.8CVSS3.4AI score0.0202EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2022/02/15 4:29 a.m.92 views

CVE-2022-0582

Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file...

9.8CVSS4.4AI score0.02047EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/02/15 12:0 a.m.3 views

Jenkins Snow Commander Plugin 跨站请求伪造漏洞

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Snow Commander Plugin 2.0 and earlier versions contain a cross-site request forgery vulnerability that stems from a...

8.8CVSS5.5AI score0.00644EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/02/15 12:0 a.m.1 views

PT-2022-17139 · Jenkins · Jenkins Checkmarx Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Checkmarx Plugin versions 2022.1.2 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to connect to an attacker-specified webserver using attacker-specified credentials IDs, capturing credentials...

8.8CVSS8.5AI score0.00544EPSS
Exploits0References7
CNNVD
CNNVD
added 2022/02/15 12:0 a.m.9 views

Jenkins 插件权限许可和访问控制问题漏洞

The Jenkins Plugin is a plug-in that provides appropriate functionality for Jenkins. Jenkins Checkmarx Plugin Access Control Error vulnerability. An attacker could use this vulnerability to connect to an attacker-specified Web server via an attacker-specified credential ID to capture credentials...

6.5CVSS5.6AI score0.00731EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2022/02/15 12:0 a.m.29 views

SUSE SLED15 / SLES15 Security Update : wireshark (SUSE-SU-2022:0375-1)

The remote SUSE Linux SLED15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0375-1 advisory. - Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection...

7.5CVSS6.8AI score0.03879EPSS
Exploits6References20
Tenable Nessus
Tenable Nessus
added 2022/02/15 12:0 a.m.36 views

openSUSE 15 Security Update : wireshark (openSUSE-SU-2022:0375-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0375-1 advisory. - Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted captu...

7.5CVSS6.8AI score0.03879EPSS
Exploits6References20
OSV
OSV
added 2022/02/14 10:15 p.m.4 views

AZL-8613 CVE-2022-0583 affecting package wireshark for versions less than 3.4.14-1

Crash in the PVFS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file...

7.5CVSS7.2AI score0.01839EPSS
Exploits1References1
Rows per page
Query Builder