Lucene search
+L

361 matches found

Tenable Nessus
Tenable Nessus
added 2023/10/16 12:0 a.m.46 views

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM : Apache Ant vulnerability (USN-4874-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-4874-1 advisory. It was discovered that Apache Ant created temporary files with insecure permissions. An attacker could use this vulnerability to read...

6.3CVSS7.2AI score0.01808EPSS
Exploits0References2
OSV
OSV
added 2023/10/04 4:15 a.m.5 views

CVE-2023-30732

Improper access control in system property prior to SMR Oct-2023 Release 1 allows local attacker to get CPU serial number...

3.3CVSS5.8AI score0.00157EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/10/04 3:2 a.m.23 views

CVE-2023-30732

Improper access control in system property prior to SMR Oct-2023 Release 1 allows local attacker to get CPU serial number...

5.5CVSS6.8AI score0.00157EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/10/04 3:2 a.m.32 views

CVE-2023-30732

Improper access control in system property prior to SMR Oct-2023 Release 1 allows local attacker to get CPU serial number...

5.5CVSS5.6AI score0.00157EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/10/03 12:0 a.m.7 views

PT-2023-22935 · Unknown · System Property

Name of the Vulnerable Software and Affected Versions: System property versions prior to SMR Oct-2023 Release 1 Description: The issue is related to improper access control in system property, allowing a local attacker to obtain the CPU serial number. Recommendations: For versions prior to SMR...

5.5CVSS3.6AI score0.00157EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2023/07/18 5:55 p.m.270 views

Exploit for CVE-2022-33980

riskootext4shell text4shell script for text coomons =1.10...

9.8CVSS9.8AI score0.42646EPSS
Exploits3
NVD
NVD
added 2023/05/22 4:15 p.m.32 views

CVE-2023-33294

An issue was discovered in KaiOS 3.0 before 3.1. The /system/bin/tctwebserver binary exposes a local web server that responds to GET and POST requests on port 2929. The server accepts arbitrary Bash commands and executes them as root. Because it is not permission or context restricted and returns...

9.8CVSS9.2AI score0.00932EPSS
Exploits1References1
OSV
OSV
added 2023/05/16 6:30 p.m.34 views

GHSA-V3FV-V9M6-26G3 Jenkins HashiCorp Vault Plugin has improper masking of credentials

Jenkins HashiCorp Vault Plugin 360.v0a1c04cf807d and earlier does not properly mask i.e., replace with asterisks credentials printed in the build log from Pipeline steps like sh and bat, when both of the following conditions are met: - The credentials are printed in build steps executing on an...

4.3CVSS7.5AI score0.00601EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2023/02/07 9:30 p.m.60 views

Apache Kafka Connect vulnerable to Deserialization of Untrusted Data

A possible security vulnerability has been identified in Apache Kafka Connect API. This requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol, which has been possible on Kafka...

8.8CVSS8.6AI score0.95302EPSS
Exploits8References6Affected Software1
CVE
CVE
added 2023/02/07 7:11 p.m.342 views

CVE-2023-25194

CVE-2023-25194 is evidenced by multiple connected advisories detailing a SASL JAAS/JndiLoginModule-based deserialization vulnerability in Apache Kafka and Kafka Connect. An authenticated operator can inject SASL JAAS config (e.g., sasl.jaas.config via producer/consumer/admin overrides) to point t...

8.8CVSS8.8AI score0.95302EPSS
Exploits8References3Affected Software1
Amazon
Amazon
added 2023/01/24 12:0 a.m.38 views

Important: hsqldb

Issue Overview: Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb HyperSQL DataBase to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpath resulting in code executio...

9.8CVSS8.5AI score0.03519EPSS
Exploits1
Debian
Debian
added 2023/01/10 11:15 p.m.33 views

[SECURITY] [DSA 5313-1] hsqldb security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5313-1 [email protected] https://www.debian.org/security/ Markus Koschany January 11, 2023 https://www.debian.org/security/faq -...

9.8CVSS9.3AI score0.03519EPSS
Exploits1
OSV
OSV
added 2022/11/16 12:0 p.m.28 views

GHSA-3G9Q-CMGV-G4P6 Arbitrary file read vulnerability in Jenkins Pipeline Utility Steps Plugin

Pipeline Utility Steps Plugin implements a readProperties Pipeline step that supports interpolation of variables using the Apache Commons Configuration library. Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of this...

7.5CVSS8.6AI score0.01328EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/11/16 12:0 p.m.47 views

Arbitrary file read vulnerability in Jenkins Pipeline Utility Steps Plugin

Pipeline Utility Steps Plugin implements a readProperties Pipeline step that supports interpolation of variables using the Apache Commons Configuration library. Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of this...

8.1CVSS8.2AI score0.01328EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2022/10/19 12:0 a.m.5 views

Jenkins Compuware Xpediter Code Coverage Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

5.3CVSS5.8AI score0.00647EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/10/19 12:0 a.m.26 views

Jenkins Compuware Topaz Utilities Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

5.3CVSS5.8AI score0.00666EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/10/06 6:52 p.m.42 views

HyperSQL DataBase vulnerable to remote code execution when processing untrusted input

Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb HyperSQL DataBase to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpath resulting in code execution. The issue can...

9.8CVSS9.6AI score0.03519EPSS
Exploits1References6Affected Software1
Prion
Prion
added 2022/10/06 6:17 p.m.44 views

Design/Logic Flaw

Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb HyperSQL DataBase to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpath resulting in code execution. The issue can...

7.5CVSS9.6AI score0.03519EPSS
Exploits1References4Affected Software2
Vulnrichment
Vulnrichment
added 2022/10/06 5:14 p.m.6 views

CVE-2022-41853 Remote code execution in HyperSQL DataBase

Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb HyperSQL DataBase to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpath resulting in code execution. The issue can...

8CVSS9.8AI score0.03519EPSS
Exploits1References4
Cvelist
Cvelist
added 2022/10/06 5:14 p.m.47 views

CVE-2022-41853 Remote code execution in HyperSQL DataBase

Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb HyperSQL DataBase to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpath resulting in code execution. The issue can...

8CVSS10AI score0.03519EPSS
Exploits1References4
Rows per page
Query Builder