Lucene search
K

35 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-26583

Malware in sbrugna...

7.6CVSS6.9AI score0.00907EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-13429

Malware in sbrugna...

7.5CVSS6.2AI score0.00642EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-0811

Malicious code in bioql PyPI...

7.5CVSS7AI score0.01091EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-0931

Malicious code in bioql PyPI...

7.6CVSS6.4AI score0.01145EPSS
Exploits0References4
OSV
OSV
added 2024/03/06 10:51 a.m.36 views

BIT-CONCOURSE-2020-5409 Concourse Open Redirect in the /sky/login endpoint

Pivotal Concourse, most versions prior to 6.0.0, allows redirects to untrusted websites in its login flow. A remote unauthenticated attacker could convince a user to click on a link using the OAuth redirect link with an untrusted website and gain access to that user's access token in Concourse...

7.6CVSS5.8AI score0.00907EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/02/15 1:57 a.m.25 views

Pivotal Concourse SQL Injection Vulnerability

Pivotal Concourse version 5.0.0, contains an API that is vulnerable to SQL injection. An Concourse resource can craft a version identifier that can carry a SQL injection payload to the Concourse server, allowing the attacker to read privileged data...

7.5CVSS8.1AI score0.01091EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/15 1:57 a.m.19 views

Pivotal Concourse Open Redirect in Login Flow

Pivotal Concourse Release, versions 4.x prior to 4.2.2, login flow allows redirects to untrusted websites. A remote unauthenticated attacker could convince a user to click on a link using the oAuth redirect link with an untrusted website and gain access to that user's access token in Concourse...

7.6CVSS5.8AI score0.01145EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/02/15 1:57 a.m.12 views

GHSA-4FQX-74RV-638W Pivotal Concourse SQL Injection Vulnerability

Pivotal Concourse version 5.0.0, contains an API that is vulnerable to SQL injection. An Concourse resource can craft a version identifier that can carry a SQL injection payload to the Concourse server, allowing the attacker to read privileged data...

7.5CVSS7.7AI score0.01091EPSS
Exploits0References4
OSV
OSV
added 2022/02/15 1:57 a.m.25 views

GHSA-9689-RX4V-CQGC Pivotal Concourse Open Redirect in Login Flow

Pivotal Concourse Release, versions 4.x prior to 4.2.2, login flow allows redirects to untrusted websites. A remote unauthenticated attacker could convince a user to click on a link using the oAuth redirect link with an untrusted website and gain access to that user's access token in Concourse...

5.4CVSS5.8AI score0.01145EPSS
Exploits0References4
NVD
NVD
added 2020/05/14 12:15 a.m.22 views

CVE-2020-5409

Pivotal Concourse, most versions prior to 6.0.0, allows redirects to untrusted websites in its login flow. A remote unauthenticated attacker could convince a user to click on a link using the OAuth redirect link with an untrusted website and gain access to that user's access token in Concourse...

7.6CVSS6.2AI score0.00907EPSS
Exploits0References1
OSV
OSV
added 2020/05/14 12:15 a.m.17 views

CVE-2020-5409

Pivotal Concourse, most versions prior to 6.0.0, allows redirects to untrusted websites in its login flow. A remote unauthenticated attacker could convince a user to click on a link using the OAuth redirect link with an untrusted website and gain access to that user's access token in Concourse...

6.1CVSS6.8AI score0.00907EPSS
Exploits0References1
Prion
Prion
added 2020/05/14 12:15 a.m.13 views

Code injection

Pivotal Concourse, most versions prior to 6.0.0, allows redirects to untrusted websites in its login flow. A remote unauthenticated attacker could convince a user to click on a link using the OAuth redirect link with an untrusted website and gain access to that user's access token in Concourse...

5.8CVSS5.6AI score0.01145EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/05/13 11:15 p.m.22 views

CVE-2020-5409 Concourse Open Redirect in the /sky/login endpoint

Pivotal Concourse, most versions prior to 6.0.0, allows redirects to untrusted websites in its login flow. A remote unauthenticated attacker could convince a user to click on a link using the OAuth redirect link with an untrusted website and gain access to that user's access token in Concourse...

7.6CVSS6.6AI score0.00907EPSS
Exploits0References1
CVE
CVE
added 2020/05/13 11:15 p.m.103 views

CVE-2020-5409

Pivotal Concourse suffers an open redirect in the login flow (OAuth redirect) that can be exploited to trick a user into visiting an untrusted site and potentially obtain that user’s access token. Affected: most Concourse versions before 6.0.0. Root cause: login flow redirects to untrusted websit...

7.6CVSS5.8AI score0.00907EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2019/04/01 9:30 p.m.21 views

CVE-2019-3792

Pivotal Concourse version 5.0.0, contains an API that is vulnerable to SQL injection. An Concourse resource can craft a version identifier that can carry a SQL injection payload to the Concourse server, allowing the attacker to read privileged data...

7.5CVSS7.1AI score0.01091EPSS
Exploits0References1
OSV
OSV
added 2019/04/01 9:30 p.m.19 views

CVE-2019-3792

Pivotal Concourse version 5.0.0, contains an API that is vulnerable to SQL injection. An Concourse resource can craft a version identifier that can carry a SQL injection payload to the Concourse server, allowing the attacker to read privileged data...

7.5CVSS8.1AI score0.01091EPSS
Exploits0References1
Prion
Prion
added 2019/04/01 9:30 p.m.13 views

Sql injection

Pivotal Concourse version 5.0.0, contains an API that is vulnerable to SQL injection. An Concourse resource can craft a version identifier that can carry a SQL injection payload to the Concourse server, allowing the attacker to read privileged data...

5CVSS7.7AI score0.01091EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2019/04/01 8:54 p.m.49 views

CVE-2019-3792

Concourse 5.0.0 is affected by an SQL injection in its API where a version identifier can carry payloads to the server, enabling reading of privileged data. Public sources (NVD entry for CVE-2019-3792 and multiple advisories) confirm the vulnerability lies in the API handling the version paramete...

7.5CVSS7.2AI score0.01091EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/04/01 8:54 p.m.22 views

CVE-2019-3792 Concourse 5.0.0 SQL Injection vulnerability

Pivotal Concourse version 5.0.0, contains an API that is vulnerable to SQL injection. An Concourse resource can craft a version identifier that can carry a SQL injection payload to the Concourse server, allowing the attacker to read privileged data...

6.8CVSS7.7AI score0.01091EPSS
Exploits0References1
CNVD
CNVD
added 2019/01/14 12:0 a.m.3 views

Pivotal Concourse Token Disclosure Vulnerability

Pivotal Concourse is a software delivery control system for continuous development from Pivotal Software. A security vulnerability exists in Pivotal Concourse versions prior to 4.2.2, which originates when the program places a user's access token in a URL. A remote attacker can exploit this...

7.5CVSS6.9AI score0.00642EPSS
Exploits0References1
Rows per page
Query Builder