Lucene search
K

1393 matches found

Qualys Blog
Qualys Blog
added 2024/08/14 10:50 p.m.22 views

Our Takeaways From 2024 Gartner Market Guide for Cloud-Native Application Protection Platforms (CNAPP): Insights and Market Evolution

Are your cloud-native applications and multi-cloud infrastructure adequately protected against evolving threats? How confident are you in your current security measures for cloud workloads and containerized environments? The recent Gartner Market Guide for Cloud-Native Application Protection...

7.2AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/30 5:23 p.m.28 views

Security Bulletin: Rational Performance Tester contains vulnerabilities which could affect Eclipse Jetty.

Summary Due to the use of Eclipse Jetty, Rational Performance Tester contains vulnerabilities around request processing that could lead to a potential denial of service attack. Vulnerability Details CVEID:CVE-2024-22201 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by a...

7.5CVSS7.6AI score0.01433EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2024/07/26 8:58 p.m.60 views

Important: Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.13.1 security update

An update is now available for Red Hat OpenShift GitOps v1.13.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

7.5CVSS7AI score0.01392EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/07/18 5:4 p.m.33 views

CVE-2024-40629 Arbitrary File Write in Ansible Playbooks leads to RCE in Jumpserver

JumpServer is an open-source Privileged Access Management PAM tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database and RemoteApp endpoints through a web browser. An attacker can exploit the Ansible playbook to write arbitrary files, leading to...

10CVSS9.8AI score0.01272EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/07/18 5:4 p.m.42 views

CVE-2024-40629 Arbitrary File Write in Ansible Playbooks leads to RCE in Jumpserver

JumpServer is an open-source Privileged Access Management PAM tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database and RemoteApp endpoints through a web browser. An attacker can exploit the Ansible playbook to write arbitrary files, leading to...

10CVSS0.01272EPSS
Exploits0References2
CVE
CVE
added 2024/07/18 5:4 p.m.63 views

CVE-2024-40629

CVE-2024-40629 affects JumpServer PAM. An attacker can misuse an Ansible playbook to write arbitrary files, triggering remote code execution in the Celery container. The Celery container runs as root and has database access, enabling access to secrets and the possibility to create an admin JumpSe...

10CVSS9.9AI score0.01272EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/15 1:22 p.m.38 views

Security Bulletin: Multiple vulnerabilities in OpenSSL affects IBM DevOps Code ClearCase

Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM DevOps Code ClearCase. CVE-2023-6237, CVE-2023-6129, CVE-2023-5678, CVE-2024-0727 Vulnerability Details CVEID:CVE-2023-6237 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw in...

6.5CVSS6.9AI score0.04459EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/15 1:21 p.m.36 views

Security Bulletin: Multiple vulnerabilities in libcURL affect IBM DevOps Code ClearCase.

Summary libcURL vulnerabilities were disclosed by the libcURL Project. libcURL is used by IBM DevOps Code ClearCase. CVE-2023-46219, CVE-2023-46218 Vulnerability Details CVEID:CVE-2023-46219 DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security restrictions, caused by a flaw...

6.5CVSS6.5AI score0.01685EPSS
Exploits2Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/07/15 12:0 a.m.5 views

The vulnerability of the Azure DevOps Server software lies in the lack of protective measures for the website structure, allowing attackers to perform spear-phishing attacks.

The vulnerability of the Azure DevOps Server development tool is related to the lack of security measures for the website structure. Exploiting this vulnerability could allow attackers to perform spear-phishing attacks remotely...

8.7CVSS5.4AI score0.01582EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/07/15 12:0 a.m.10 views

The vulnerability of the Azure DevOps Server software lies in the lack of protective measures for the website structure, allowing attackers to perform spear-phishing attacks.

The vulnerability of the Azure DevOps Server development tool is related to the lack of security measures for the website structure. Exploiting this vulnerability could allow attackers to perform spear-phishing attacks remotely...

8.7CVSS5.4AI score0.01582EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/07/09 5:15 p.m.4 views

CVE-2024-35267

Azure DevOps Server Spoofing Vulnerability...

7.6CVSS5.8AI score0.01582EPSS
Exploits0References1
OSV
OSV
added 2024/07/09 5:15 p.m.6 views

CVE-2024-35266

Azure DevOps Server Spoofing Vulnerability...

7.6CVSS5.8AI score0.01582EPSS
Exploits0References1
NVD
NVD
added 2024/07/09 5:15 p.m.24 views

CVE-2024-35266

Azure DevOps Server Spoofing Vulnerability...

7.6CVSS0.01582EPSS
Exploits0References1
NVD
NVD
added 2024/07/09 5:15 p.m.30 views

CVE-2024-35267

Azure DevOps Server Spoofing Vulnerability...

7.6CVSS0.01582EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/07/09 5:2 p.m.27 views

CVE-2024-35267 Azure DevOps Server Spoofing Vulnerability

...

7.6CVSS0.01582EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/07/09 5:2 p.m.20 views

CVE-2024-35267 Azure DevOps Server Spoofing Vulnerability

...

7.6CVSS6.9AI score0.01582EPSS
Exploits0References1
CVE
CVE
added 2024/07/09 5:2 p.m.72 views

CVE-2024-35267

CVE-2024-35267 is Azure DevOps Server Spoofing Vulnerability. Connected docs confirm a vulnerability in Azure DevOps Server enabling spoofing/impersonation of other users (CVE-2024-35267; CVSSv3 base 7.6, AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L). Microsoft’s accompanying advisories indicate updates a...

7.6CVSS7.6AI score0.01582EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/07/09 5:2 p.m.14 views

CVE-2024-35266 Azure DevOps Server Spoofing Vulnerability

...

7.6CVSS7.5AI score0.01582EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/07/09 5:2 p.m.48 views

CVE-2024-35266 Azure DevOps Server Spoofing Vulnerability

...

7.6CVSS0.01582EPSS
Exploits0References1
CVE
CVE
added 2024/07/09 5:2 p.m.95 views

CVE-2024-35266

Azure DevOps Server Spoofing Vulnerability (CVE-2024-35266) affects Microsoft Azure DevOps Server/TFS. The incident arises from a spoofing flaw in the server, enabling a threat actor to impersonate another user over the network. The CVSS v3.1 base score is 7.6 (HIGH), with network access required...

7.6CVSS7.6AI score0.01582EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder