Lucene search
K

545 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 4:26 a.m.5 views

SUSE CVE-2018-12356

An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2. The signature verification routine parses the output of GnuPG with an incomplete regular expression, which allows remote attackers to spoof file signatures on configuration files and extension script...

7.3CVSS8AI score0.04648EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:21 a.m.1 views

SUSE CVE-2023-0242

Rapid7 Velociraptor allows users to be created with different privileges on the server. Administrators are generally allowed to run any command on the server including writing arbitrary files. However, lower privilege users are generally forbidden from writing or modifying files on the server. Th...

8.8CVSS7.1AI score0.00544EPSS
Exploits0References3
OSV
OSV
added 2023/02/08 6:7 p.m.35 views

GHSA-R887-GFXH-M9RR mrpack-install vulnerable to path traversal with dependency

Impact Importing a malicious .mrpack file can cause path traversal while downloading files. This can lead to scripts or config files being placed or replaced at arbitrary locations, without the user noticing. Patches No patches yet. Workarounds Avoid importing .mrpack files from untrusted sources...

8.8CVSS7.5AI score0.006EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2023/01/24 12:0 a.m.3 views

PT-2023-19611 · Jenkins · Jenkins View-Cloner Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins view-cloner Plugin versions 1.1 and earlier Description: The issue allows passwords to be stored unencrypted in job config.xml files on the Jenkins controller. Users with Extended Read permission or access to the Jenkins controller fi...

6.5CVSS6.2AI score0.006EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2023/01/24 12:0 a.m.5 views

CVE-2023-24450

Jenkins view-cloner Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

7AI score0.006EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/01/18 12:0 a.m.8 views

PT-2023-16105 · Unknown · Velociraptor

Name of the Vulnerable Software and Affected Versions: Velociraptor versions prior to 0.6.7-5 Description: The issue allows a low privilege user to overwrite files on the server, including Velociraptor configuration files, due to the VQL copy function not checking for permission to write files. T...

8.8CVSS5AI score0.00744EPSS
Exploits0References11
CNNVD
CNNVD
added 2022/12/28 12:0 a.m.4 views

Esri ArcGIS Server 路径遍历漏洞

Esri ArcGIS Server is a Web-oriented, enterprise-class software platform for delivering geolocation services from Environmental Systems Research Institute Esri, Inc. A security vulnerability exists in Esri ArcGIS Server versions 10.9.1 and earlier, which stems from a path traversal vulnerability...

7.5CVSS7.2AI score0.01333EPSS
Exploits0References3
OSV
OSV
added 2022/12/02 8:15 p.m.4 views

CVE-2022-2640

The Config-files of Horner Automation’s RCC 972 with firmware version 15.40 are encrypted with weak XOR encryption vulnerable to reverse engineering. This could allow an attacker to obtain credentials to run services such as File Transfer Protocol FTP and Hypertext Transfer Protocol HTTP...

7.5CVSS5.8AI score0.00246EPSS
Exploits0References1
Prion
Prion
added 2022/12/02 8:15 p.m.15 views

Design/Logic Flaw

The Config-files of Horner Automation’s RCC 972 with firmware version 15.40 are encrypted with weak XOR encryption vulnerable to reverse engineering. This could allow an attacker to obtain credentials to run services such as File Transfer Protocol FTP and Hypertext Transfer Protocol HTTP...

5CVSS7.9AI score0.00246EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2022/11/24 6:30 p.m.2 views

GHSA-JVC3-WJF6-7C6C Apache Dolphin Scheduler has insufficiently protected credentials

When using tasks to read config files, there is a risk of database password disclosure. We recommend you upgrade to version 2.0.6 or higher...

7.5CVSS7.1AI score0.01234EPSS
Exploits0References4
NVD
NVD
added 2022/11/24 4:15 p.m.24 views

CVE-2022-26885

When using tasks to read config files, there is a risk of database password disclosure. We recommend you upgrade to version 2.0.6 or higher...

7.5CVSS0.01234EPSS
Exploits0References1
OSV
OSV
added 2022/11/24 4:15 p.m.24 views

CVE-2022-26885

When using tasks to read config files, there is a risk of database password disclosure. We recommend you upgrade to version 2.0.6 or higher...

7.5CVSS7.5AI score
Exploits0References1
Prion
Prion
added 2022/11/24 4:15 p.m.24 views

Design/Logic Flaw

When using tasks to read config files, there is a risk of database password disclosure. We recommend you upgrade to version 2.0.6 or higher...

5CVSS7.5AI score0.01234EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/11/24 12:0 a.m.5 views

PT-2022-18122 · Softwarex · Softwarex

Name of the Vulnerable Software and Affected Versions: SoftwareX versions prior to 2.0.6 Description: When using tasks to read config files, there is a risk of database password disclosure. Recommendations: For versions prior to 2.0.6, upgrade to version 2.0.6 or higher...

7.5CVSS7.4AI score0.01234EPSS
Exploits0References9
CVE
CVE
added 2022/11/24 12:0 a.m.89 views

CVE-2022-26885

Apache Dolphin Scheduler is affected by CVE-2022-26885, where using tasks to read config files can disclose database passwords. The issue stems from improper handling of logs in LoggerRequestProcessor.java, per Veracode and related advisories. Affected product: Dolphin Scheduler server; vulnerabi...

7.5CVSS7.5AI score0.01234EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/11/15 12:0 a.m.9 views

CVE-2022-45392

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system...

7AI score0.00636EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/10/19 12:0 a.m.18 views

CVE-2022-43419

Jenkins Katalon Plugin 1.0.32 and earlier stores API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

6.6AI score0.00668EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/10/19 12:0 a.m.6 views

CVE-2022-43419

Jenkins Katalon Plugin 1.0.32 and earlier stores API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

6.4AI score0.00668EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/10/18 12:0 a.m.3 views

Red Hat OpenStack Platform 安全漏洞

Red Hat OpenStack Platform is a cloud computing management platform from the US-based Red Hat, Inc. A security vulnerability exists in Red Hat OpenStack Platform versions 16.1 and 16.2, which stems from an insecure default configuration in Tripleo-ansible, where permissions on sensitive files are...

5.5CVSS6.2AI score0.002EPSS
Exploits0References4
NVD
NVD
added 2022/06/30 6:15 p.m.25 views

CVE-2022-34806

Jenkins Jigomerge Plugin 0.9 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

6.5CVSS0.00686EPSS
Exploits0References1
Rows per page
Query Builder