Lucene search
K

941 matches found

OSV
OSV
added 2022/11/08 6:22 a.m.28 views

RLSA-2022:7548 Low: Image Builder security, bug fix, and enhancement update

Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Security Fixes: golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service...

6.5CVSS7.4AI score0.0198EPSS
Exploits1References9
AlmaLinux
AlmaLinux
added 2022/11/08 12:0 a.m.49 views

Low: Image Builder security, bug fix, and enhancement update

Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Security Fixes: golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service...

7.5CVSS7.8AI score0.0198EPSS
Exploits1References4
OSV
OSV
added 2022/11/07 7:0 p.m.6 views

GHSA-WV7W-RJ2X-556X Apache Ivy vulnerable to path traversal

When Apache Ivy downloads artifacts from a repository it stores them in the local file system based on a user-supplied "pattern" that may include placeholders for artifacts coordinates like the organisation, module or version. If said coordinates contain "../" sequences - which are valid characte...

7.5CVSS7.2AI score0.01596EPSS
Exploits0References3
OSV
OSV
added 2022/11/07 2:15 p.m.21 views

CVE-2022-37866

When Apache Ivy downloads artifacts from a repository it stores them in the local file system based on a user-supplied "pattern" that may include placeholders for artifacts coordinates like the organisation, module or version. If said coordinates contain "../" sequences - which are valid characte...

7.5CVSS8.3AI score
Exploits0References2
OSV
OSV
added 2022/10/19 4:15 p.m.6 views

CVE-2022-43434

Jenkins NeuVector Vulnerability Scanner Plugin 1.20 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...

5.3CVSS5.8AI score0.00639EPSS
Exploits0References2
OSV
OSV
added 2022/10/19 4:15 p.m.3 views

CVE-2022-43433

Jenkins ScreenRecorder Plugin 0.7 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...

4.3CVSS5.8AI score
Exploits0References2
NVD
NVD
added 2022/10/19 4:15 p.m.17 views

CVE-2022-43432

Jenkins XFramium Builder Plugin 1.0.22 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...

4.3CVSS0.00542EPSS
Exploits0References2
OSV
OSV
added 2022/10/19 4:15 p.m.4 views

CVE-2022-43432

Jenkins XFramium Builder Plugin 1.0.22 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...

4.3CVSS5.8AI score0.00542EPSS
Exploits0References2
Prion
Prion
added 2022/10/19 4:15 p.m.22 views

Design/Logic Flaw

Jenkins NeuVector Vulnerability Scanner Plugin 1.20 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...

5CVSS5.2AI score0.00639EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/10/19 4:15 p.m.23 views

Design/Logic Flaw

Jenkins ScreenRecorder Plugin 0.7 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...

4CVSS4.6AI score0.00511EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/10/19 12:0 a.m.32 views

CVE-2022-43435

Jenkins 360 FireLine Plugin 1.7.2 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...

5.5AI score0.00617EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/10/19 12:0 a.m.7 views

CVE-2022-43433

Jenkins ScreenRecorder Plugin 0.7 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...

4.6AI score0.00511EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/10/19 12:0 a.m.5 views

PT-2022-26918 · Jenkins · Jenkins Neuvector Vulnerability Scanner Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins NeuVector Vulnerability Scanner Plugin versions 1.20 and earlier Description: The issue allows cross-site scripting XSS attacks by users with the ability to control files in workspaces, archived artifacts, etc. This is because the...

8CVSS5AI score0.00639EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2022/10/19 12:0 a.m.7 views

CVE-2022-43434

Jenkins NeuVector Vulnerability Scanner Plugin 1.20 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...

5.2AI score0.00639EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2022/10/14 1:27 p.m.28 views

New Chinese Cyberespionage Group Targeting IT Service Providers and Telcos

Telecommunications and IT service providers in the Middle East and Asia are being targeted by a previously undocumented Chinese-speaking threat group dubbed WIP19. The espionage-related attacks are characterized by the use of a stolen digital certificate issued by a Korean company called DEEPSoft...

1AI score
Exploits0
CNNVD
CNNVD
added 2022/10/11 12:0 a.m.3 views

HashiCorp Nomad 安全漏洞

HashiCorp Nomad is a simple and flexible scheduler and orchestrator from HashiCorp USA. for managing containerized and non-containerized applications at scale, both locally and in the cloud. A security vulnerability exists in HashiCorp Nomad versions 1.0.2 through 1.2.12, and 1.3.5, which stems...

6.5CVSS6.4AI score0.00716EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2022/10/07 12:0 a.m.30 views

Jenkins plugins Multiple Vulnerabilities (2022-09-21)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins 2.367 through 2.369 both inclusive does not escape tooltips of the l:helpIcon UI component used for some help icons on the Jenkins...

9.8CVSS7.2AI score0.01306EPSS
Exploits0References33
Rapid7 Blog
Rapid7 Blog
added 2022/10/04 3:3 p.m.20 views

Velociraptor Version 0.6.6: Multi-Tenant Mode and More Let You Dig Deeper at Scale Like Never Before

Rapid7 is excited to announce the release of version 0.6.6 of Velociraptor – an advanced, open-source digital forensics and incident response DFIR tool that enhances visibility into your organization’s endpoints. After several months of development and testing, we are excited to share its powerfu...

Exploits0
Github Security Blog
Github Security Blog
added 2022/09/22 12:0 a.m.27 views

Jenkins Rundeck Plugin Missing Authorization vulnerability

Jenkins Rundeck Plugin 3.6.11 and earlier does not perform Run/Artifacts permission checks in multiple HTTP endpoints, allowing attackers with Item/Read permission to obtain information about build artifacts of a given job, if the optional Run/Artifacts permission is enabled...

4.3CVSS5AI score0.00503EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/09/22 12:0 a.m.23 views

GHSA-4JFQ-4FQC-5J9C Jenkins Rundeck Plugin Missing Authorization vulnerability

Jenkins Rundeck Plugin 3.6.11 and earlier does not perform Run/Artifacts permission checks in multiple HTTP endpoints, allowing attackers with Item/Read permission to obtain information about build artifacts of a given job, if the optional Run/Artifacts permission is enabled...

4.3CVSS4.5AI score0.00503EPSS
Exploits0References4
Rows per page
Query Builder