Lucene search
K

35 matches found

Positive Technologies
Positive Technologies
added 2026/01/21 12:0 a.m.7 views

PT-2026-3769

Name of the Vulnerable Software and Affected Versions Apache Solr versions 8.6 through 9.10.0 Description The 'create core' API in Apache Solr does not properly validate input for certain API parameters. This can lead Solr to check for and attempt to read file system paths that should be restrict...

7.1CVSS5.2AI score0.00654EPSS
Exploits1References16
Cvelist
Cvelist
added 2025/01/22 5:2 p.m.27 views

CVE-2025-24401

Jenkins Folder-based Authorization Strategy Plugin 217.vd5b18537403e and earlier does not verify that permissions configured to be granted are enabled, potentially allowing users formerly granted typically optional permissions, like Overall/Manage to access functionality they're no longer entitle...

0.00302EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2024/12/17 12:0 a.m.22 views

Ubuntu: Security Advisory (USN-7161-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.9CVSS8.6AI score0.16496EPSS
Exploits0References2
Broadcom
Broadcom
added 2024/12/12 12:0 a.m.10 views

Docker Security Advisory: AuthZ Plugin Bypass Regression in Docker Engine (CVE-2024-41110)

Brocade Security Team has become aware that Certain versions of Docker Engine have a security vulnerability that could allow an attacker to bypass authorization plugins AuthZ under specific circumstances. The base likelihood of this being exploited is low. Detail Docker’s default authorization...

9.9CVSS7.2AI score0.16496EPSS
Exploits0
AstraLinux
AstraLinux
added 2024/11/23 3:4 a.m.2 views

Astra Linux – Vulnerability in docker.io-app

Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins AuthZ under specific circumstances. The likelihood of this being exploited...

9.9CVSS6.8AI score0.16496EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/10/16 12:32 p.m.4 views

Malicious code in atlassian-oauth2-plugin (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/09/09 12:0 a.m.65 views

Amazon Linux 2023 : amazon-cloudwatch-agent (ALAS2023-2024-708)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-708 advisory. Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability CVE-2024-35255 The OpenTelemetry Collector offers a vendor-agnostic implementation on how to...

9.9CVSS7.4AI score0.16496EPSS
Exploits1References10
Amazon
Amazon
added 2024/09/04 12:0 a.m.5 views

Important: amazon-cloudwatch-agent

Issue Overview: Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability CVE-2024-35255 The OpenTelemetry Collector offers a vendor-agnostic implementation on how to receive, process and export telemetry data. An unsafe decompression vulnerability allows...

9.9CVSS6.8AI score0.16496EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2024/07/31 12:0 a.m.78 views

Amazon Linux 2 : docker (ALASNITRO-ENCLAVES-2024-041)

The version of docker installed on the remote host is prior to 25.0.6-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2024-041 advisory. 2025-01-04: CVE-2024-36620 was added to this advisory. 2025-01-04: CVE-2024-36623 was added to this advisory...

9.9CVSS7.6AI score0.16496EPSS
Exploits0References12
OSV
OSV
added 2024/07/24 5:15 p.m.6 views

AZL-47017 CVE-2024-41110 affecting package moby-engine for versions less than 25.0.3-5

Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins AuthZ under specific circumstances. The base likelihood of this being...

9.9CVSS6.5AI score0.16496EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/07/24 12:0 a.m.2 views

Docker Engine 安全漏洞

Docker Engine is a set of lightweight runtime environment and package management tools from Docker Inc. in the United States. A security vulnerability exists in Docker Engine that stems from a vulnerability that allows an attacker to bypass the authorization plugin under certain circumstances,...

9.9CVSS7.1AI score0.16496EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2023/10/17 12:0 a.m.2 views

PT-2023-29205 · Liferay · Plugin For Oauth 2.0 +2

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.3.41 through 7.4.3.89 Liferay DXP 7.4 update 41 through update 89 Description: Multiple reflected cross-site scripting XSS vulnerabilities exist in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirec...

9.6CVSS6.2AI score0.0046EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2020/07/15 12:0 a.m.5 views

PT-2020-15442 · Jenkins · Jenkins Matrix Authorization Strategy Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Matrix Authorization Strategy Plugin versions 2.6.1 and earlier Description: The issue is related to a stored cross-site scripting vulnerability. It occurs because user names shown in the configuration or permission table are not...

8CVSS5.3AI score0.00919EPSS
Exploits0References8
CNVD
CNVD
added 2017/08/24 12:0 a.m.4 views

Atlassian OAuth Server-Side Request Forgery Vulnerability

Atlassian OAuth Plugin is an authorization plugin from Atlassian Australia for accessing personal Atlassian software data. A security vulnerability exists in the IconUriServlet in the Atlassian OAuth Plugin. A remote attacker could exploit the vulnerability to access internal network resources or...

6.1CVSS5.9AI score0.71601EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2013/05/02 12:0 a.m.34 views

jenkins -- multiple vulnerabilities

Jenkins Security Advisory reports: This advisory announces multiple security vulnerabilities that were found in Jenkins core. SECURITY-63 / CVE-2013-2034 This creates a cross-site request forgery CSRF vulnerability on Jenkins master, where an anonymous attacker can trick an administrator to execu...

6.8CVSS6.7AI score0.06316EPSS
Exploits4References1
Rows per page
Query Builder