Lucene search
+L

134 matches found

OSV
OSV
added 2021/03/30 12:16 p.m.4 views

CVE-2021-21634

Jenkins Jabber XMPP notifier and control Plugin 1.41 and earlier stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...

6.5CVSS6.6AI score0.00807EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2021/01/20 4:38 a.m.5 views

jenkins-2-plugins/kubernetes: Jenkins controller environment variables are accessible in Kubernetes Plugin

Jenkins Kubernetes Plugin 1.27.3 and earlier allows low-privilege users to access possibly sensitive Jenkins controller environment variables...

4.3CVSS5.8AI score0.01213EPSS
Exploits0References5
CNVD
CNVD
added 2020/09/18 12:0 a.m.5 views

CloudBees Jenkins Blue Ocean Arbitrary File Read Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . Jenkins Blue Ocean plug-in...

6.5CVSS7AI score0.02126EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/04/29 1:59 a.m.25 views

CVE-2020-8485 ABB System 800xA Inter process communication vulnerability - 800xA for Mod 300

Insufficient protection of the inter-process communication functions in ABB System 800xA for MOD 300 all published versions enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash...

7.8CVSS7.5AI score0.00326EPSS
Exploits0References1
CNVD
CNVD
added 2020/04/29 12:0 a.m.5 views

ABB System 800xA for MOD 300 Privilege License and Access Control Issues Vulnerability

ABB System 800xA for MOD 300 is a distributed control system for MOD 300 from ABB Switzerland. A vulnerability in ABB System 800xA for MOD 300 all versions with privilege permission and access control issues can be exploited by a local attacker to inject data, read or write to the controller or...

7.8CVSS6.7AI score0.00326EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/03/16 12:0 a.m.11 views

PT-2020-6580

Name of the Vulnerable Software and Affected Versions Ansible Engine versions 2.7.x through 2.9.x Description A flaw was found in the Ansible Engine when the fetch module is used, allowing an attacker to intercept the module, inject a new path, and choose a new destination path on the controller...

4.6CVSS7.1AI score0.00487EPSS
Exploits1References200
CNVD
CNVD
added 2019/09/04 12:0 a.m.3 views

Authentication Bypass Vulnerability in Triconex SIS System

The Triconex SIS system is a modern programmable logic and process controller. An authentication bypass vulnerability exists in the Triconex SIS system, which could be exploited by an unauthorized attacker to gain access to the controller...

7.2AI score
Exploits0
OSV
OSV
added 2019/04/09 12:0 a.m.4 views

UBUNTU-CVE-2019-3887

A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister MSR access with nested=1 virtualization enabled. In that, L1 guest could access L0's APIC register values via L2 guest, when 'virtualize x2APIC mode' is enabled. A guest could use this flaw to potentially crash t...

6.7CVSS6.8AI score0.00358EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2019/04/04 12:0 a.m.6 views

PT-2019-11364 · Jenkins · Jenkins Hyper.Sh Commons Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Hyper.sh Commons Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within the global configuration file on the Jenkins master or controller. Specifically,...

8.8CVSS8.5AI score0.01365EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2019/04/04 12:0 a.m.5 views

PT-2019-11361 · Jenkins · Jenkins Octopusdeploy Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins OctopusDeploy Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within the global configuration file on the Jenkins master or controller. Specifically, the...

8.8CVSS8.5AI score0.01365EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2019/02/28 8:19 a.m.9 views

Ansible: path traversal in the fetch module

A path traversal flaw was found in ansible. The fetch module allows copying and overwriting files outside of the specified destination in the local ansible controller host by not restricting an absolute path. The main threat from this vulnerability is to data confidentiality and integrity...

4.2CVSS7.1AI score0.00522EPSS
Exploits0References5
CNVD
CNVD
added 2018/09/29 12:0 a.m.11 views

CMS ISWEB Path Traversal Vulnerability

CMS ISWEB is a content management system CMS. A directory traversal vulnerability exists in CMS ISWEB version 3.5.3. An attacker can exploit this vulnerability to download the config.php file and take control of the application...

9.8CVSS9.5AI score0.0163EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2018/01/25 12:0 a.m.9 views

The vulnerability of the CX-Programmer development environment, related to the reversibility of the password encoding method, allows attackers to obtain the password necessary to access the controller.

The vulnerability of the development environment CX-Programmer, which is part of the CX-One software suite designed for programming and configuring Omron PLCs, relates to the reversibility of the password encoding method. Exploiting this vulnerability allows a malicious actor to obtain the passwo...

2.1CVSS5.6AI score0.00334EPSS
Exploits0References2Affected Software1
0day.today
0day.today
added 2017/10/03 12:0 a.m.42 views

UCOPIA Wireless Appliance 5.1 (Captive Portal) - Root Remote Code Execution Vulnerability

Exploit for linux platform in category remote exploits Exploit Title: Unauthenticated remote root code execution on captive portal Ucopia '/var/www/html/upload/bd.php;echo%20t As php is in sudoers without password...

7.1AI score
Exploits0
Rows per page
Query Builder