CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7195 matches found

Github Security Blog•added 2023/05/16 6:30 p.m.•20 views

Jenkins File Parameter Plugin arbitrary file write vulnerability

Jenkins File Parameter Plugin 285.v757c5b67ac25 and earlier does not restrict the name and resulting uploaded file name of Stashed File Parameters. This allows attackers with Item/Configure permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specifi...

8.8CVSS6.8AI score0.63137EPSS

Exploits0References4Affected Software1

OSV•added 2023/05/16 4:15 p.m.•2 views

CVE-2023-32981

An arbitrary file write vulnerability in Jenkins Pipeline Utility Steps Plugin 2.15.2 and earlier allows attackers able to provide crafted archives as parameters to create or replace arbitrary files on the agent file system with attacker-specified content...

8.8CVSS7.4AI score

Exploits0References1

Vulnrichment•added 2023/05/16 4:0 p.m.•7 views

CVE-2023-32981

8.6AI score0.01016EPSS

Exploits0References1

Cvelist•added 2023/05/16 4:0 p.m.•18 views

CVE-2023-32981

8.8AI score0.01016EPSS

Exploits0References1

CVE•added 2023/05/16 4:0 p.m.•117 views

CVE-2023-32981

The CVE-2023-32981 entry corresponds to an arbitrary file write vulnerability in the Jenkins Pipeline Utility Steps Plugin (versions up to 2.15.2). Connected Red Hat advisories RHSA-2023-3625 and RHSA-2023-3663 explicitly list CVE-2023-32981 as a vulnerability in the Jenkins/jenkins-2-plugins sta...

8.8CVSS8.5AI score0.01016EPSS

Exploits0References1Affected Software1

CNNVD•added 2023/05/16 12:0 a.m.•4 views

Jenkins Plugin Pipeline Utility Steps 缓冲区错误漏洞

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Pipeline is a suite of plugins that support the implementation and integration of continuous delivery pipelines int...

8.8CVSS8.1AI score0.01016EPSS

Exploits0References8

Tenable Nessus•added 2023/05/16 12:0 a.m.•49 views

Jenkins Enterprise and Operations Center 2.346.x < 2.346.40.0.17 Multiple Vulnerabilities (CloudBees Security Advisory 2023-05-16)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.346.x prior to 2.346.40.0.17. It is, therefore, affected by multiple vulnerabilities including the following: - CSRF vulnerability and missing permission checks in Code Dx Plugin CVE-2023-2195,...

8.8CVSS6.2AI score0.72358EPSS

Exploits0References37

Vulnrichment•added 2023/05/15 9:5 p.m.•6 views

CVE-2023-31131 Arbitrary File Write when Extracting Tarballs in greenplum-db

Greenplum Database GPDB is an open source data warehouse based on PostgreSQL. In versions prior to 6.22.3 Greenplum Database used an unsafe methods to extract tar files within GPPKGs. greenplum-db is vulnerable to path traversal leading to arbitrary file writes. An attacker can use this...

7.4CVSS9.3AI score0.00746EPSS

Exploits0References2

Cvelist•added 2023/05/15 9:5 p.m.•22 views

CVE-2023-31131 Arbitrary File Write when Extracting Tarballs in greenplum-db

7.4CVSS9.4AI score0.00746EPSS

Exploits0References2

CNNVD•added 2023/05/15 12:0 a.m.•2 views

Greenplum Database 路径遍历漏洞

Greenplum Database is an advanced , full-featured open source data warehouse based on PostgreSql . It is used to analyze massively parallel PostgreSql. A path traversal vulnerability exists in Greenplum Database GPDB versions prior to 6.22.3, which is a path traversal vulnerability that originate...

9.1CVSS8.4AI score0.00746EPSS

Exploits0References4

CNNVD•added 2023/05/12 12:0 a.m.•6 views

PTC Vuforia Studio 代码问题漏洞

PTC Vuforia Studio is an easy-to-use, web-native tool from PTC for authoring domain and task-specific experiences. These experiences provide integrated views of digital and physical product data, dashboards, and alerts through 2D, 3D, and augmented reality. A code issue vulnerability exists in PT...

9.9CVSS8.7AI score0.00657EPSS

Exploits0References3

OSV•added 2023/05/11 11:15 a.m.•3 views

CVE-2023-31473

An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied. Through the software installation feature, it is possible to injec...

4.9CVSS5.9AI score0.03869EPSS

Exploits1References2

NVD•added 2023/05/11 11:15 a.m.•23 views

CVE-2023-31473

4.9CVSS5.5AI score0.03869EPSS

Exploits1References2

Prion•added 2023/05/11 11:15 a.m.•13 views

Command injection

3.3CVSS5.5AI score0.03869EPSS

Exploits1References2Affected Software32

Vulnrichment•added 2023/05/11 12:0 a.m.•13 views

CVE-2023-31473

5.5AI score0.03869EPSS

Exploits1References2

CVE•added 2023/05/11 12:0 a.m.•53 views

CVE-2023-31473

Summary: CVE-2023-31473 affects GL.iNet devices prior to v3.216. A command-injection flaw with a filter allows an attacker to cause opkg to read an arbitrary file name as root, enabling arbitrary file write anywhere on the filesystem. This is possible through the software installation feature, wi...

4.9CVSS5.5AI score0.03869EPSS

Exploits1References2Affected Software1

OSV•added 2023/05/09 6:15 p.m.•3 views

CVE-2023-31472

7.5CVSS7.2AI score0.19884EPSS

Exploits1References2

Prion•added 2023/05/09 6:15 p.m.•19 views

Command injection

5CVSS7.8AI score0.19884EPSS

Exploits1References2Affected Software32

NVD•added 2023/05/09 4:15 p.m.•19 views

CVE-2023-31476

An issue was discovered on GL.iNet devices running firmware before 3.216. There is an arbitrary file write in which an empty file can be created almost anywhere on the filesystem, as long as the filename and path is no more than 6 characters the working directory is /www...

7.5CVSS7.7AI score0.00804EPSS

Exploits1References2

OSV•added 2023/05/09 4:15 p.m.•1 views

CVE-2023-31476

7.5CVSS5.9AI score0.00804EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by