Lucene search
+L

99 matches found

Vulnrichment
Vulnrichment
added 2023/08/23 6:21 p.m.13 views

CVE-2023-20230

A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller APIC could allow an authenticated, remote attacker to read, modify, or delete non-tenant policies for example, access policies created by users associated with a different securi...

5.4CVSS6.9AI score0.00333EPSS
Exploits0References1
Cisco
Cisco
added 2023/08/23 4:0 p.m.44 views

Cisco Application Policy Infrastructure Controller Unauthorized Policy Actions Vulnerability

A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller APIC could allow an authenticated, remote attacker to read, modify, or delete non-tenant policies for example, access policies created by users associated with a different securi...

5.4CVSS5.4AI score0.00333EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2023/08/18 12:0 a.m.23 views

Red Hat WildFly < 20.0.0 Multiple Vulnerabilities

Red Hat WildFly is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:redhat:wildfly";...

7.5CVSS7.6AI score0.0172EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/07/12 12:0 a.m.9 views

Jenkins Plugin SAML Single Sign On(SSO) 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

4.3CVSS5.2AI score0.00448EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:58 a.m.1 views

SUSE CVE-2020-12826

A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Because execid in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a donotifyparent protection mechanism. A child process can send an arbitrary signal to a parent...

5.3CVSS6.9AI score0.00706EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:38 a.m.5 views

SUSE CVE-2021-39686

In several functions of binder.c, there is a possible way to represent the wrong domain to SELinux due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

7CVSS8AI score0.00148EPSS
Exploits0References3
OSV
OSV
added 2022/05/17 5:17 a.m.32 views

GHSA-PPG2-WW3W-HQ84 User confusion in IronJacamar

The IronJacamar container before 1.0.12.Final for JBoss Application Server, when allow-multiple-users is enabled in conjunction with a security domain, does not use the credentials supplied in a getConnection function call, which allows remote attackers to obtain access to an arbitrary datasource...

4.3CVSS6.3AI score0.0141EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2022/05/17 5:17 a.m.43 views

User confusion in IronJacamar

The IronJacamar container before 1.0.12.Final for JBoss Application Server, when allow-multiple-users is enabled in conjunction with a security domain, does not use the credentials supplied in a getConnection function call, which allows remote attackers to obtain access to an arbitrary datasource...

4.3CVSS7AI score0.0141EPSS
Exploits0References10Affected Software1
CNVD
CNVD
added 2022/01/17 12:0 a.m.40 views

Jenkins Cross-Site Request Forgery Vulnerability (CNVD-2022-08036)

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plug-ins to support building, deploying and automating any project . Jenkins has a cross-site request forgery vulnerability that stems from the WEB application not adequately verifying tha...

4.3CVSS6AI score0.01779EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2021/06/08 6:52 p.m.55 views

Privilege Context Switching Error in wildlfy

A flaw was found in wildfly. The EJBContext principle is not popped back after invoking another EJB using a different Security Domain. The highest threat from this vulnerability is to data confidentiality and integrity. Versions before wildfly 20.0.0.Final are affected...

5.5CVSS7.2AI score0.00575EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2021/06/08 6:52 p.m.42 views

GHSA-P9CF-QJXQ-VXW6 Privilege Context Switching Error in wildlfy

A flaw was found in wildfly. The EJBContext principle is not popped back after invoking another EJB using a different Security Domain. The highest threat from this vulnerability is to data confidentiality and integrity. Versions before wildfly 20.0.0.Final are affected...

5.4CVSS7AI score0.00575EPSS
Exploits0References2
NVD
NVD
added 2021/06/07 5:15 p.m.18 views

CVE-2020-1719

A flaw was found in wildfly. The EJBContext principle is not popped back after invoking another EJB using a different Security Domain. The highest threat from this vulnerability is to data confidentiality and integrity. Versions before wildfly 20.0.0.Final are affected...

5.5CVSS0.00575EPSS
Exploits0References1
OSV
OSV
added 2021/06/07 5:15 p.m.26 views

CVE-2020-1719

A flaw was found in wildfly. The EJBContext principle is not popped back after invoking another EJB using a different Security Domain. The highest threat from this vulnerability is to data confidentiality and integrity. Versions before wildfly 20.0.0.Final are affected...

5.4CVSS5.3AI score
Exploits0References1
Prion
Prion
added 2021/06/07 5:15 p.m.22 views

Design/Logic Flaw

A flaw was found in wildfly. The EJBContext principle is not popped back after invoking another EJB using a different Security Domain. The highest threat from this vulnerability is to data confidentiality and integrity. Versions before wildfly 20.0.0.Final are affected...

5.5CVSS7AI score0.00575EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/06/07 4:23 p.m.20 views

CVE-2020-1719

A flaw was found in wildfly. The EJBContext principle is not popped back after invoking another EJB using a different Security Domain. The highest threat from this vulnerability is to data confidentiality and integrity. Versions before wildfly 20.0.0.Final are affected...

7.1AI score0.00575EPSS
Exploits0References1
CVE
CVE
added 2021/06/07 4:23 p.m.142 views

CVE-2020-1719

CVE-2020-1719 affects WildFly where the EJBContext principle is not popped back after invoking another EJB with a different Security Domain. This can impact data confidentiality and integrity. The vulnerability is stated to affect versions before WildFly 20.0.0.Final. The provided connected docum...

5.5CVSS5.4AI score0.00575EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2020/10/13 4:50 p.m.8 views

picketbox: JBoss EAP reload to admin-only mode allows authentication bypass

A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketBox SecurityDomain, and then reloaded to admin-only mode. This flaw allows an attacker to perform a complete authentication bypass by using an arbitrary user...

6.5CVSS5.8AI score0.01377EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/10/13 4:50 p.m.6 views

picketbox: JBoss EAP reload to admin-only mode allows authentication bypass

A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketBox SecurityDomain, and then reloaded to admin-only mode. This flaw allows an attacker to perform a complete authentication bypass by using an arbitrary user...

6.5CVSS5.8AI score0.01377EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/10/13 4:49 p.m.6 views

picketbox: JBoss EAP reload to admin-only mode allows authentication bypass

A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketBox SecurityDomain, and then reloaded to admin-only mode. This flaw allows an attacker to perform a complete authentication bypass by using an arbitrary user...

6.5CVSS5.8AI score0.01377EPSS
Exploits0References4
Microsoft CVE
Microsoft CVE
added 2020/09/25 7:0 a.m.2 views

A signal access-control issue was discovered in the Linux kernel before 5.6.5 aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits an integer overflow can interfere with a do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent process in a different security domain. Exploitation limitations include the amount of elapsed time before an integer overflow occurs and the lack of scenarios where signals to a parent process present a substantial operational threat.

...

5.3CVSS8.2AI score0.00706EPSS
Exploits1
Rows per page
Query Builder