Jenkins Security Vulnerabilities

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. Jenkins has a security vulnerability that stems from the fact that using MultipartFormDataParser to handle file uploads...

Design/Logic Flaw

Due to an out-of-date dependency in the “Fusion File Manager” component accessible through the admin panel, an attacker can send a crafted request that allows them to read the contents of files on the system accessible within the privileges of the running process. Additionally, they may write fil...

Authorization

Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization...

CVE-2023-39398

Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization...

Exploit for CVE-2023-21746

It is an exploit module/toolkit targeting a vulnerability in a s...

CVE-2023-30945

Multiple Services such as VHSVideo History Server and VCDVideo Clip Distributor and Clips2 were discovered to be vulnerable to an unauthenticated arbitrary file read/write vulnerability due to missing input validation on filenames. A malicious attacker could read sensitive files from the filesyst...

CVE-2023-30945 CVE-2023-30945

Multiple Services such as VHSVideo History Server and VCDVideo Clip Distributor and Clips2 were discovered to be vulnerable to an unauthenticated arbitrary file read/write vulnerability due to missing input validation on filenames. A malicious attacker could read sensitive files from the filesyst...

SUSE CVE-2009-0037

The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPTFOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to 1 trigger arbitrary requests to intranet servers, 2 read or overwrite arbitrary files via a redirect to a file:...

CVE-2022-46908

A flaw was found in the SQLite package. SQLite could allow a local attacker to bypass security restrictions caused by an issue when relying on --safe for the execution of an untrusted CLI script, potentially leading to arbitrary file read/write...

Delta Electronics InfraSuite Device Master 访问控制错误漏洞

Delta Electronics InfraSuite Device Master is used to simplify and automate the monitoring of critical devices by Delta Electronics of Taiwan, China. The Delta Electronics InfraSuite Device Master suffers from an access control error vulnerability that stems from deserialization of untrusted data...

CVE-2022-30313

Honeywell Experion PKS Safety Manager through 2022-05-06 has Missing Authentication for a Critical Function. According to FSCT-2022-0051, there is a Honeywell Experion PKS Safety Manager multiple proprietary protocols with unauthenticated functionality issue. The affected components are...

CVE-2021-33473

An argument injection vulnerability in Dragonfly Ruby Gem v1.3.0 allows attackers to read and write arbitrary files when the verifyurl option is disabled. This vulnerability is exploited via a crafted URL...

Path traversal

OpenClinica is an open source software for Electronic Data Capture EDC and Clinical Data Management CDM. OpenClinica prior to version 3.16 is vulnerable to path traversal in multiple endpoints, leading to arbitrary file read/write, and potential remote code execution. There are no known...

CVE-2022-24830 Path Traversal in OpenClinica

OpenClinica is an open source software for Electronic Data Capture EDC and Clinical Data Management CDM. OpenClinica prior to version 3.16 is vulnerable to path traversal in multiple endpoints, leading to arbitrary file read/write, and potential remote code execution. There are no known...

Security update for cobbler (important)

openSUSE Security Update: Security update for cobbler Announcement ID: openSUSE-SU-2022:0062-1 Rating: important References: 1184561 1185679 1186124 1189458 1193671 1193673 1193675 1193676 1193678 1194333 1195906 1195918 Cross-References: CVE-2021-40323 CVE-2021-40324 CVE-2021-40325 CVE-2021-4508...

Cisco Application Policy Infrastructure Controller arbitrary file read/write vulnerability

Cisco Application Policy Infrastructure Controller APIC is an automated infrastructure deployment and governance solution from Cisco.Cisco Application Policy Infrastructure Controller's API endpoint contains an arbitrary file read/write vulnerability, which can be exploited by an attacker to read...

Design/Logic Flaw

An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attackers to read and write to arbitrary files via a crafted URL when the verifyurl option is disabled. This may lead to code execution. The problem occurs because the generate and process features...

Ubuntu Apport 后置链接漏洞

Apport is a toolkit for collecting and feeding back error messages information that the operating system finds useful when an application crashes. A security vulnerability exists in Ubuntu Apport that stems from Apport incorrectly handling certain information-gathering operations, which can be...

CVE-2021-27193

Incorrect default permissions vulnerability in the API of Netop Vision Pro up to and including 9.7.1 allows a remote unauthenticated attacker to read and write files on the remote machine with system privileges resulting in a privilege escalation...

Netop Vision 访问控制错误漏洞

Netop Vision is an application from the Danish company Netop. It provides a classroom management software. An Access Control Error vulnerability in Netop Vision Pro 9.7.1 and prior versions can be exploited by an unauthenticated, remote attacker to read or write files on a remote computer,...