Lucene search
K

7486 matches found

OpenVAS
OpenVAS
added 2023/03/08 12:0 a.m.25 views

Debian: Security Advisory (DSA-1970-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS7.6AI score0.08941EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2023/03/08 12:0 a.m.5 views

Debian: Security Advisory (DLA-196-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
Veracode
Veracode
added 2023/03/07 12:49 a.m.26 views

Arbitrary Code Execution

jenkins-2-plugins is vulnerable to Arbitrary Code Execution. An attacker can inject and execute arbitrary code within the Jenkins JVM controller through the maliciously crafted untrusted libraries or pipelines...

9.9CVSS9.4AI score0.01095EPSS
Exploits0References7Affected Software1
Positive Technologies
Positive Technologies
added 2023/03/07 12:0 a.m.9 views

PT-2023-13256 · Qualcomm · Qualcomm Ipc

Name of the Vulnerable Software and Affected Versions: Qualcomm IPC affected versions not specified Description: The issue is related to memory corruption due to improper authentication in Qualcomm IPC while loading unsigned libraries in the audio processing domain. Recommendations: At the moment...

7.8CVSS7.3AI score0.00141EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2023/03/06 9:1 a.m.7 views

jenkins-plugin/workflow-cps: Sandbox bypass vulnerabilities in Pipeline: Groovy Plugin

A sandbox bypass vulnerability was found in several Jenkins plugins. This could allow an authenticated attacker to execute arbitrary code within the Jenkins JVM controller. Exploitation could be achieved by crafting untrusted libraries or pipelines, compromising the integrity, availability, and...

9.9CVSS7.6AI score0.0116EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/03/06 9:1 a.m.9 views

jenkins-plugin/script-security: Sandbox bypass vulnerabilities in Jenkins Script Security Plugin

A sandbox bypass vulnerability was found in several Jenkins plugins. This could allow an authenticated attacker to execute arbitrary code within the Jenkins JVM controller. Exploitation could be achieved by crafting untrusted libraries or pipelines, compromising the integrity, availability, and...

9.9CVSS7.6AI score0.01211EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/03/06 9:1 a.m.8 views

jenkins-plugin/pipeline-groovy-lib: Sandbox bypass vulnerability in Pipeline: Groovy Libraries Plugin

A sandbox bypass vulnerability was found in several Jenkins plugins. This could allow an authenticated attacker to execute arbitrary code within the Jenkins JVM controller. Exploitation could be achieved by crafting untrusted libraries or pipelines, compromising the integrity, availability, and...

9.9CVSS6.1AI score0.01161EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/03/06 9:1 a.m.6 views

Libraries: Untrusted users can modify some Pipeline libraries in Pipeline Shared Groovy Libraries Plugin

A flaw was found in the Jenkins Pipeline: Shared Groovy Libraries plugin. The Jenkins Pipeline: Shared Groovy Libraries plugin allows attackers to submit pull requests. However, the attacker cannot commit directly to the configured Source Control Management SCM to effectively change the Pipeline...

5.3CVSS5.8AI score0.01116EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/03/06 9:1 a.m.8 views

jenkins-plugin/workflow-cps-global-lib: Sandbox bypass vulnerability in Pipeline: Deprecated Groovy Libraries Plugin

A sandbox bypass vulnerability was found in several Jenkins plugins. This could allow an authenticated attacker to execute arbitrary code within the Jenkins JVM controller. Exploitation could be achieved by crafting untrusted libraries or pipelines, compromising the integrity, availability, and...

9.9CVSS6.1AI score0.01095EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/03/06 9:1 a.m.11 views

jenkins-plugin/script-security: Sandbox bypass vulnerabilities in Jenkins Script Security Plugin

A sandbox bypass vulnerability was found in several Jenkins plugins. This could allow an authenticated attacker to execute arbitrary code within the Jenkins JVM controller. Exploitation could be achieved by crafting untrusted libraries or pipelines, compromising the integrity, availability, and...

9.9CVSS7.6AI score0.01428EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/03/06 9:1 a.m.12 views

jenkins-plugin/script-security: Sandbox bypass vulnerabilities in Jenkins Script Security Plugin

A sandbox bypass vulnerability was found in several Jenkins plugins. This could allow an authenticated attacker to execute arbitrary code within the Jenkins JVM controller. Exploitation could be achieved by crafting untrusted libraries or pipelines, compromising the integrity, availability, and...

9.9CVSS7.6AI score0.01095EPSS
Exploits0References5
Fedora
Fedora
added 2023/03/06 2:18 a.m.15 views

[SECURITY] Fedora 37 Update: stb-0^20230129git5736b15-0.2.fc37

Single-file public domain libraries for C/C++...

1.8AI score
Exploits0
Fedora
Fedora
added 2023/03/06 12:55 a.m.17 views

[SECURITY] Fedora 36 Update: stb-0^20230129git5736b15-0.2.fc36

Single-file public domain libraries for C/C++...

1.8AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2023/03/06 12:0 a.m.5 views

The vulnerability of Zyxel 5G NR/4G LTE CPE router servers’ libraries allows a hacker to execute arbitrary commands and cause service interruptions.

The vulnerability of the Zyxel 5G NR/4G LTE CPE router server libraries is due to buffer overflow. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands and cause service failures...

9CVSS8.8AI score0.00611EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/03/03 12:0 a.m.53 views

Jenkins plugins Multiple Vulnerabilities (2022-10-19)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Script Security Plugi...

9.9CVSS6.9AI score0.01211EPSS
Exploits0References34
Cvelist
Cvelist
added 2023/03/01 10:5 a.m.13 views

CVE-2021-4327 SerenityOS TypedArray.cpp initialize_typed_array_from_array_buffer integer overflow

A vulnerability was found in SerenityOS. It has been rated as critical. Affected by this issue is the function initializetypedarrayfromarraybuffer in the library Userland/Libraries/LibJS/Runtime/TypedArray.cpp. The manipulation leads to integer overflow. The exploit has been disclosed to the publ...

5.5CVSS9.7AI score0.00934EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2023/03/01 12:0 a.m.7 views

The vulnerability of the server-side application library for creating reports from TIBCO JasperReports Library, JasperReports Library for ActiveMatrix BPM, JasperReports Server, JasperReports Server for AWS Marketplace, and JasperReports Server for ActiveMatrix BPM arises from an incorrect limitation on the path to the restricted directory. This allows attackers to disclose sensitive information that should be protected.

The vulnerability of the server-side application libraries for creating reports, such as the TIBCO JasperReports Library, JasperReports Library for ActiveMatrix BPM, JasperReports Server, JasperReports Server for AWS Marketplace, and JasperReports Server for ActiveMatrix BPM, is related to an...

6.8CVSS7.4AI score0.79064EPSS
Exploits4References10Affected Software6
OpenVAS
OpenVAS
added 2023/02/26 12:0 a.m.8 views

Fedora: Security Advisory for plasma-workspace (FEDORA-2023-e31c3e4b6c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
GithubExploit
GithubExploit
added 2023/02/25 7:12 p.m.2323 views

Exploit for Code Injection in Underscorejs Underscore

Detection-script-for-cve-2021-23358 Detection script for cve-2...

7.2CVSS6.3AI score0.04087EPSS
Exploits2
Fedora
Fedora
added 2023/02/25 3:48 a.m.12 views

[SECURITY] Fedora 37 Update: plasma-workspace-5.27.1-1.fc37

Plasma 5 libraries and runtime components...

2.5AI score
Exploits0
Rows per page
Query Builder