237 matches found
Cisco TelePresence Collaboration Endpoint Software和RoomOS Software 路径遍历漏洞
Cisco RoomOS Software and Cisco TelePresence Collaboration Endpoint Software are both products of the U.S. company Cisco Cisco.Cisco RoomOS Software is a set of automatic management software for Cisco devices. The software is mainly used for upgrading and managing the motherboard firmware of Cisc...
Cisco TelePresence Collaboration Endpoint Software和RoomOS Software 路径遍历漏洞
Cisco RoomOS Software and Cisco TelePresence Collaboration Endpoint Software are both products of the U.S. company Cisco Cisco.Cisco RoomOS Software is a set of automatic management software for Cisco devices. The software is mainly used for upgrading and managing the motherboard firmware of Cisc...
GHSA-8VFC-FCR2-47PJ Path traversal in Jenkins REPO Plugin
SCMs support a number of different URL schemes, including local file system paths e.g. using file: URLs. Historically in Jenkins, only agents checked out from SCM, and if multiple projects share the same agent, there is no expected isolation between builds besides using different workspaces unles...
CVE-2022-30948
Jenkins Mercurial Plugin 2.16 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents...
PT-2022-20403 · Jenkins · Jenkins Repo Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins REPO Plugin versions 1.14.0 and earlier Description: The issue allows attackers who can configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs. This enables...
Jenkins z/OS Connector Plugin allows local attacker to retrieve configured password
A exposure of sensitive information vulnerability exists in Jenkins z/OS Connector Plugin 1.2.6.1 and earlier in SCLMSCM.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser e.g. malicious extension to retrieve the configured password. IBM...
GHSA-CG6Q-GP23-VWX8 Jenkins Crowd 2 Integration Plugin stored credentials in plain text
An insufficiently protected credentials vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java, CrowdConfigurationService.java that allows attackers with local file system access to obtain the credentials used to connect to Crowd 2...
Jenkins Crowd 2 Integration Plugin stored credentials in plain text
An insufficiently protected credentials vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java, CrowdConfigurationService.java that allows attackers with local file system access to obtain the credentials used to connect to Crowd 2...
GitLab < 14.2.6 (CVE-2021-39913)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Accidental logging of system root password in the migration log in all versions of GitLab CE/EE before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before...
VulnCheck KEV: CVE-2021-26920
In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server process. This is not...
The vulnerability of the Windows Resilient File System, a local file system for Windows operating systems, allows attackers to execute arbitrary code.
The vulnerability of the Windows Resilient File System, a local file system for Windows operating systems, is related to improper code generation. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of the Windows Resilient File System, a local file system for Windows operating systems, allows attackers to execute arbitrary code.
The vulnerability of the Windows Resilient File System, a local file system for Windows operating systems, is related to improper code generation. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
Upload of file to arbitrary path in Apache Flink
Apache Flink 1.5.1 introduced a REST handler that allows you to write an uploaded file to an arbitrary location on the local file system, through a maliciously modified HTTP HEADER. The files can be written to any location accessible by Flink 1.5.1. All users should upgrade to Flink 1.11.3 or...
Armeria path traversal vulnerability
Armeria is an open source library for building asynchronous microservers that use HTTP/2 as the session layer protocol.Armeria is vulnerable to a path traversal vulnerability that stems from a flaw in the software's path validation logic. An attacker could send an HTTP request with a path...
Mozilla Firefox Security Advisory (MFSA2013-43) - Linux
This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...
CVE-2021-39913
Accidental logging of system root password in the migration log in all versions of GitLab CE/EE before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows an attacker with local file system access to obtain system root-level privileges...
Druid ingestion system Authenticated users can read data from other sources than intended
In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server process. This is not a...
CVE-2021-36749
In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server process. This is not a...
CVE-2021-1612
CVE-2021-1612 affects Cisco IOS XE SD-WAN Software CLI. The issue arises from improper access controls on local files, enabling an authenticated, local attacker to place a symbolic link and overwrite arbitrary files on the device. Affected component is the CLI handling in Cisco IOS XE SD-WAN; exp...
CVE-2021-1612 Cisco IOS XE SD-WAN Software Arbitrary File Overwrite Vulnerability
A vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an authenticated, local attacker to overwrite arbitrary files on the local system. This vulnerability is due to improper access controls on files within the local file system. An attacker could exploit this vulnerability by placi...