299 matches found
CVE-2024-23897
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system...
Jenkins Plugin Git server security vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
PT-2024-2758 · Jenkins +1 · Jenkins Log Command Plugin +2
Name of the Vulnerable Software and Affected Versions: Jenkins Log Command Plugin versions 1.0.2 and earlier Description: The issue is related to the command parser feature in the Jenkins Log Command Plugin, which replaces an '@' character followed by a file path in an argument with the file's...
Jenkins LTS < 2.426.3 / Jenkins weekly < 2.442 Multiple Vulnerabilities
According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.426.3 or Jenkins weekly prior to 2.442. It is, therefore, affected by multiple vulnerabilities: - Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disabl...
PT-2023-13942 · Siretta · Siretta Quartz-Gold
Name of the Vulnerable Software and Affected Versions: Siretta QUARTZ-GOLD version 5.0.1.5-210720-141020 Description: The issue concerns stack-based buffer overflow vulnerabilities in the DetranCLI command parsing functionality. A specially-crafted network packet can lead to arbitrary command...
CVE-2022-20221
In avrcctrlparsvendorcmd of avrcparsct.cc, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
PT-2022-3059 · Cisco · Cisco Firepower Services Software For Asa +1
Name of the Vulnerable Software and Affected Versions: Cisco FirePOWER Services Software for ASA affected versions not specified Description: The issue is related to improper handling of undefined command parameters in the CLI parser of Cisco FirePOWER Software for Adaptive Security Appliance ASA...
Input validation
A vulnerability in CLI of Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to inject XML into the command parser. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including crafted input in commands...
CVE-2022-20729
Cisco Firepower Threat Defense (FTD) Software CLI is affected by an XML injection vulnerability due to insufficient input validation in the command parser. An authenticated, local attacker could supply crafted input to inject XML, potentially causing unexpected command processing and output. Cisc...
CVE-2022-20729 Cisco Firepower Threat Defense Software XML Injection Vulnerability
A vulnerability in CLI of Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to inject XML into the command parser. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including crafted input in commands...
Cisco Firepower Threat Defense输入验证错误漏洞
Cisco Firepower Threat Defense is a suite of unified software from Cisco that provides next-generation firewall services.Cisco Firepower Threat Defense Software is vulnerable to an input validation error that could be exploited by an authenticated local attacker to inject XML into the command...
CVE-2022-20729
A vulnerability in CLI of Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to inject XML into the command parser. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including crafted input in commands...
Cisco Firepower Threat Defense Software XML Injection Vulnerability
A vulnerability in CLI of Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to inject XML into the command parser. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including crafted input in commands...
Cisco Firepower Threat Defense 安全漏洞
Cisco Firepower Threat Defense is a suite of unified software from Cisco that provides next-generation firewall services.Cisco Firepower Threat Defense Software is vulnerable to an input validation error that could be exploited by an authenticated local attacker to inject XML into the command...
CVE-2021-44375
Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2021-44366
Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2021-44394
Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability...
Design/Logic Flaw
Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability...
Design/Logic Flaw
Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability...
Design/Logic Flaw
Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability...