361 matches found
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM : Apache Ant vulnerability (USN-4874-1)
The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-4874-1 advisory. It was discovered that Apache Ant created temporary files with insecure permissions. An attacker could use this vulnerability to read...
CVE-2023-30732
Improper access control in system property prior to SMR Oct-2023 Release 1 allows local attacker to get CPU serial number...
CVE-2023-30732
Improper access control in system property prior to SMR Oct-2023 Release 1 allows local attacker to get CPU serial number...
CVE-2023-30732
Improper access control in system property prior to SMR Oct-2023 Release 1 allows local attacker to get CPU serial number...
PT-2023-22935 · Unknown · System Property
Name of the Vulnerable Software and Affected Versions: System property versions prior to SMR Oct-2023 Release 1 Description: The issue is related to improper access control in system property, allowing a local attacker to obtain the CPU serial number. Recommendations: For versions prior to SMR...
Exploit for CVE-2022-33980
riskootext4shell text4shell script for text coomons =1.10...
CVE-2023-33294
An issue was discovered in KaiOS 3.0 before 3.1. The /system/bin/tctwebserver binary exposes a local web server that responds to GET and POST requests on port 2929. The server accepts arbitrary Bash commands and executes them as root. Because it is not permission or context restricted and returns...
GHSA-V3FV-V9M6-26G3 Jenkins HashiCorp Vault Plugin has improper masking of credentials
Jenkins HashiCorp Vault Plugin 360.v0a1c04cf807d and earlier does not properly mask i.e., replace with asterisks credentials printed in the build log from Pipeline steps like sh and bat, when both of the following conditions are met: - The credentials are printed in build steps executing on an...
Apache Kafka Connect vulnerable to Deserialization of Untrusted Data
A possible security vulnerability has been identified in Apache Kafka Connect API. This requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol, which has been possible on Kafka...
CVE-2023-25194
CVE-2023-25194 is evidenced by multiple connected advisories detailing a SASL JAAS/JndiLoginModule-based deserialization vulnerability in Apache Kafka and Kafka Connect. An authenticated operator can inject SASL JAAS config (e.g., sasl.jaas.config via producer/consumer/admin overrides) to point t...
Important: hsqldb
Issue Overview: Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb HyperSQL DataBase to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpath resulting in code executio...
[SECURITY] [DSA 5313-1] hsqldb security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5313-1 [email protected] https://www.debian.org/security/ Markus Koschany January 11, 2023 https://www.debian.org/security/faq -...
GHSA-3G9Q-CMGV-G4P6 Arbitrary file read vulnerability in Jenkins Pipeline Utility Steps Plugin
Pipeline Utility Steps Plugin implements a readProperties Pipeline step that supports interpolation of variables using the Apache Commons Configuration library. Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of this...
Arbitrary file read vulnerability in Jenkins Pipeline Utility Steps Plugin
Pipeline Utility Steps Plugin implements a readProperties Pipeline step that supports interpolation of variables using the Apache Commons Configuration library. Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of this...
Jenkins Compuware Xpediter Code Coverage Plugin 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
Jenkins Compuware Topaz Utilities Plugin 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
HyperSQL DataBase vulnerable to remote code execution when processing untrusted input
Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb HyperSQL DataBase to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpath resulting in code execution. The issue can...
Design/Logic Flaw
Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb HyperSQL DataBase to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpath resulting in code execution. The issue can...
CVE-2022-41853 Remote code execution in HyperSQL DataBase
Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb HyperSQL DataBase to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpath resulting in code execution. The issue can...
CVE-2022-41853 Remote code execution in HyperSQL DataBase
Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb HyperSQL DataBase to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpath resulting in code execution. The issue can...