Lucene search
K

138 matches found

Github Security Blog
Github Security Blog
added 2022/05/13 1:15 a.m.36 views

Jenkins Groovy Plugin sandbox bypass vulnerability

Jenkins Script Security sandbox protection could be circumvented during the script compilation phase by applying AST transforming annotations such as @Grab to source code elements. Both the pipeline validation REST APIs and actual script/pipeline execution are affected. This allowed users with...

8.8CVSS7.7AI score0.86224EPSS
Exploits9References11Affected Software3
Github Security Blog
Github Security Blog
added 2022/05/13 1:15 a.m.32 views

Jenkins Pipeline Declarative Plugin sandbox bypass vulnerability

Jenkins Script Security sandbox protection could be circumvented during the script compilation phase by applying AST transforming annotations such as @Grab to source code elements. Both the pipeline validation REST APIs and actual script/pipeline execution are affected. This allowed users with...

8.8CVSS7.9AI score0.81552EPSS
Exploits9References9Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/04/25 12:0 a.m.32 views

Nutanix Data Collection

Collects Nutanix data using REST APIs. TRUSTED...

5.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2022/04/21 12:0 a.m.15 views

OpenAPI Missing MIME Types

OpenAPI specification is an API description format for REST APIs. An OpenAPI file is written in YAML or JSON and describes all the API properties like the available endpoints with the related operations or the authentication methods. The consumes field defines the expected data types for POST, PU...

7.8AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2022/02/16 12:0 a.m.16 views

OpenAPI Unencrypted Traffic Allowed

OpenAPI specification is an API description format for REST APIs. An OpenAPI file is written in YAML or JSON and describes all the API properties like the available endpoints with the related operations or the authentication methods. As for web applications, allowing unencrypted protocols to acce...

7.5AI score
Exploits0References3
Kitploit
Kitploit
added 2021/12/07 11:30 a.m.33 views

Swurg - Parse OpenAPI Documents Into Burp Suite For Automating OpenAPI-based APIs Security Assessments

Swurg is a Burp Suite extension designed for OpenAPI testing. The OpenAPI Specification OAS defines a standard, programming language-agnostic interface description for REST APIs, which allows both humans and computers to discover and understand the capabilities of a service without requiring acce...

7.7AI score
Exploits0References2
OpenVAS
OpenVAS
added 2021/10/30 12:0 a.m.21 views

Fedora: Security Advisory for libzapojit (FEDORA-2021-77ce69dba6)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

5.9CVSS6.1AI score0.00831EPSS
Exploits0References2
Fedora
Fedora
added 2021/10/29 11:26 p.m.25 views

[SECURITY] Fedora 35 Update: libzapojit-0.0.3-21.fc35

GLib/GObject wrapper for the OneDrive and Hotmail REST APIs. It supports OneDrive file and folder objects, and the following OneDrive operations: - Deleting a file, folder or photo. - Listing the contents of a folder. - Reading the properties of a file, folder or photo. - Uploading files and phot...

5.9CVSS1.1AI score0.00831EPSS
Exploits0
OpenVAS
OpenVAS
added 2021/10/24 12:0 a.m.16 views

Fedora: Security Advisory for libzapojit (FEDORA-2021-7f5a82ef57)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

5.9CVSS6.1AI score0.00831EPSS
Exploits0References2
Fedora
Fedora
added 2021/10/23 3:25 a.m.40 views

[SECURITY] Fedora 33 Update: libzapojit-0.0.3-19.fc33

GLib/GObject wrapper for the OneDrive and Hotmail REST APIs. It supports OneDrive file and folder objects, and the following OneDrive operations: - Deleting a file, folder or photo. - Listing the contents of a folder. - Reading the properties of a file, folder or photo. - Uploading files and phot...

5.9CVSS1.1AI score0.00831EPSS
Exploits0
Fedora
Fedora
added 2021/10/23 3:22 a.m.33 views

[SECURITY] Fedora 34 Update: libzapojit-0.0.3-20.fc34

GLib/GObject wrapper for the OneDrive and Hotmail REST APIs. It supports OneDrive file and folder objects, and the following OneDrive operations: - Deleting a file, folder or photo. - Listing the contents of a folder. - Reading the properties of a file, folder or photo. - Uploading files and phot...

5.9CVSS1.1AI score0.00831EPSS
Exploits0
OpenVAS
OpenVAS
added 2021/10/02 12:0 a.m.18 views

Fedora: Security Advisory for python-flask-restx (FEDORA-2021-0739f45529)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS7.7AI score0.01804EPSS
Exploits0References2
Fedora
Fedora
added 2021/09/30 1:15 a.m.34 views

[SECURITY] Fedora 34 Update: python-flask-restx-0.3.0-2.fc34

Flask-RESTX is an extension for Flask that adds support for quickly building REST APIs. It encourages best practices with minimal setup. If you are familiar with Flask, Flask-RESTX should be easy to pick up. It provides a coherent collection of decorators and tools to describe your API and expose...

7.5CVSS7.6AI score0.01804EPSS
Exploits0
Kitploit
Kitploit
added 2020/10/31 8:30 p.m.56 views

APICheck - The DevSecOps Toolset For REST APIs

APICheck is a complete toolset designed and created for testing REST APIs. Why APICheck APICheck focuses not only in the security testing and hacking use cases. The goal of the project is to become a complete toolset for DevSecOps cycles. The tools are aimed to diverse users profiles: Developers...

7.3AI score
Exploits0References2
Kitploit
Kitploit
added 2020/07/16 9:50 p.m.163 views

Saferwall - A Hackable Malware Sandbox For The 21St Century

Saferwall is an open source malware analysis platform. It aims for the following goals: Provide a collaborative platform to share samples among malware researchers. Acts as a system expert, to help researchers generates an automated malware analysis report. Hunting platform to find new malwares...

7.3AI score
Exploits0References6
Veracode
Veracode
added 2020/07/15 5:30 a.m.22 views

SQL Injection

kylin-server-base is vulnerable to SQL injection. SQL statements are concatenated and executed in the CLI or beeline when building new segments, allowing an attacker to inject and execute arbitrary SQL statements if system configurations are overwritten via rest APIs...

9.8CVSS5.5AI score0.0195EPSS
Exploits0References4Affected Software1
Wallarm Lab
Wallarm Lab
added 2020/05/18 9:18 p.m.82 views

Securing GraphQL API

Introduction to GraphQL Representational state transfer REST APIs are the most popular type of API. However, GraphQL is rapidly growing in popularity as a competitor to REST. GraphQL is a meta-layer with built-in query language to access object-oriented data. It’s based on JSON-encoded HTTP...

0.5AI score
Exploits0
NVD
NVD
added 2020/05/05 8:15 p.m.23 views

CVE-2020-12142

IPSec UDP key material can be retrieved from machine-to-machine interfaces and human-accessible interfaces by a user with admin credentials. Such a user, with the required system knowledge, could use this material to decrypt in-flight communication. 2. The vulnerability requires administrative...

4.9CVSS5AI score0.00722EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/05/05 7:54 p.m.39 views

CVE-2020-12142 IPSec UDP key material can be retrieved from EdgeConnect by a user with admin credentials

IPSec UDP key material can be retrieved from machine-to-machine interfaces and human-accessible interfaces by a user with admin credentials. Such a user, with the required system knowledge, could use this material to decrypt in-flight communication. 2. The vulnerability requires administrative...

4.8CVSS5.1AI score0.00722EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2020/02/04 12:0 a.m.60 views

Jenkins < 2.219, < 2.204.2 LTS Multiple Vulnerabilities - Linux

Jenkins is prone to multiple vulnerabilities. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

5.8CVSS5.5AI score0.07044EPSS
Exploits0References1
Rows per page
Query Builder