2867 matches found
Promotion names in Jenkins promoted builds Plugin are not validated when using Job DSL
Jenkins promoted builds Plugin provides dedicated support for defining promotions using Job DSL Plugin. promoted builds Plugin 873.v6149dbd64130 and earlier does not validate the names of promotions defined in Job DSL. This allows attackers with Job/Configure permission to create a promotion with...
CVE-2022-22515
A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration files of the affected products...
CVE-2022-22515
A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration files of the affected products...
CVE-2022-22515 A component of the CODESYS Control runtime system allows read and write access to configuration files
A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration files of the affected products...
WordPress KingComposer Cross-Site Scripting Vulnerability
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress KingComposer has a cross-site scripting...
3s-smart Software Solutions CODESYS Control 安全漏洞
3s-smart Software Solutions CODESYS Control is a suite of industrial control program programming software from 3s-smart Software Solutions, Germany. A security vulnerability exists in 3S-Smart Software Solutions CODESYS Control, which can be exploited by an unauthenticated, remote attacker who ca...
VMware Tanzu Spring Cloud Config Directory Traversal Vulnerability
Spring, by VMware Tanzu, Cloud Config contains a path traversal vulnerability that allows applications to serve arbitrary configuration files...
Exposure of Sensitive Information to an Unauthorized Actor in OpenStack tripleo-heat-templates
An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the wwwauthenticateuri parameter which is visible to all end users in configuration files. This would give sensitive...
GHSA-HM3X-JWWF-JPR9 Exposure of Sensitive Information to an Unauthorized Actor in OpenStack tripleo-heat-templates
An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the wwwauthenticateuri parameter which is visible to all end users in configuration files. This would give sensitive...
CVE-2021-4180
An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the wwwauthenticateuri parameter which is visible to all end users in configuration files. This would give sensitive...
CVE-2021-4180
An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the wwwauthenticateuri parameter which is visible to all end users in configuration files. This would give sensitive...
Information disclosure
An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the wwwauthenticateuri parameter which is visible to all end users in configuration files. This would give sensitive...
Wordpress Plugin iQ Block Country 1.2.13 - Arbitrary File Deletion via Zip Slip (Authenticated)
Exploit Title: Wordpress Plugin iQ Block Country 1.2.13 - Arbitrary File Deletion via Zip Slip Authenticated Date: 02-17-2022 Exploit Author: Ceylan Bozoğullarından Blog Post: https://bozogullarindan.com/en/2022/01/wordpress-iq-block-country-1.2.13-admin-arbitray-file-deletion-via-zip-slip/...
The vulnerability of the development environment “CX-Programmer,” which is part of the software suite “CX-One” designed for programming and configuring Omron PLCs, stems from the use of memory after it has been freed. This allows an attacker to execute arbitrary code.
The vulnerability of the development environment provided by CX-Programmer, which is part of the CX-One software suite designed for programming and configuring Omron PLCs, relates to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
SUSE-FU-2022:0750-1 Feature update for SUSE Manager Client Tools
This feature update fixes the following issues: cobbler: - Move configuration files ownership to apache bsc1195906 - Make configuration files only readable by root bsc1193671, CVE-2021-45083 golang-github-prometheus-prometheus: - Upgrade to upstream version 2.32.1 jscSLE-22863 + Bugfixes: Scrape:...
OPENSUSE-SU-2022:0727-1 Security update for libeconf, shadow and util-linux
This security update for libeconf, shadow and util-linux fix the following issues: libeconf: - Add libeconf to SLE-Module-Basesystem15-SP3 because needed by 'util-linux' and 'shadow' to fix autoyast handling of security related parameters bsc1192954, jscSLE-23384, jscSLE-23402 Issues fixed in...
JetBrains TeamCity XML External Entity Handling Vulnerability
JetBrains TeamCity is a distributed build management and continuous integration tool from JetBrains Czech Republic. The tool provides continuous unit testing, code quality analysis, and build issue analysis reporting.A security vulnerability exists in JetBrains TeamCity, which stems from the...
Security update for cobbler (important)
openSUSE Security Update: Security update for cobbler Announcement ID: openSUSE-SU-2022:0062-1 Rating: important References: 1184561 1185679 1186124 1189458 1193671 1193673 1193675 1193676 1193678 1194333 1195906 1195918 Cross-References: CVE-2021-40323 CVE-2021-40324 CVE-2021-40325 CVE-2021-4508...
File Descriptor Leak
Possible sensitive files Vulnerability description: A possible sensitive file has been found. This file is not directly linked from the website. This check looks for common sensitive resources like password files, configuration files, log files, include files, statistics data, database dumps. Eac...
CVE-2020-10632
Inadequate folder security permissions in Emerson OpenEnterprise versions through 3.3.4 may allow modification of important configuration files, which could cause the system to fail or behave in an unpredictable manner...