35 matches found
PT-2026-3769
Name of the Vulnerable Software and Affected Versions Apache Solr versions 8.6 through 9.10.0 Description The 'create core' API in Apache Solr does not properly validate input for certain API parameters. This can lead Solr to check for and attempt to read file system paths that should be restrict...
CVE-2025-24401
Jenkins Folder-based Authorization Strategy Plugin 217.vd5b18537403e and earlier does not verify that permissions configured to be granted are enabled, potentially allowing users formerly granted typically optional permissions, like Overall/Manage to access functionality they're no longer entitle...
Ubuntu: Security Advisory (USN-7161-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Docker Security Advisory: AuthZ Plugin Bypass Regression in Docker Engine (CVE-2024-41110)
Brocade Security Team has become aware that Certain versions of Docker Engine have a security vulnerability that could allow an attacker to bypass authorization plugins AuthZ under specific circumstances. The base likelihood of this being exploited is low. Detail Docker’s default authorization...
Astra Linux – Vulnerability in docker.io-app
Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins AuthZ under specific circumstances. The likelihood of this being exploited...
Malicious code in atlassian-oauth2-plugin (npm)
--- -= Per source details. Do not edit below this line.=-...
Amazon Linux 2023 : amazon-cloudwatch-agent (ALAS2023-2024-708)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-708 advisory. Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability CVE-2024-35255 The OpenTelemetry Collector offers a vendor-agnostic implementation on how to...
Important: amazon-cloudwatch-agent
Issue Overview: Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability CVE-2024-35255 The OpenTelemetry Collector offers a vendor-agnostic implementation on how to receive, process and export telemetry data. An unsafe decompression vulnerability allows...
Amazon Linux 2 : docker (ALASNITRO-ENCLAVES-2024-041)
The version of docker installed on the remote host is prior to 25.0.6-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2024-041 advisory. 2025-01-04: CVE-2024-36620 was added to this advisory. 2025-01-04: CVE-2024-36623 was added to this advisory...
AZL-47017 CVE-2024-41110 affecting package moby-engine for versions less than 25.0.3-5
Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins AuthZ under specific circumstances. The base likelihood of this being...
Docker Engine 安全漏洞
Docker Engine is a set of lightweight runtime environment and package management tools from Docker Inc. in the United States. A security vulnerability exists in Docker Engine that stems from a vulnerability that allows an attacker to bypass the authorization plugin under certain circumstances,...
PT-2023-29205 · Liferay · Plugin For Oauth 2.0 +2
Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.3.41 through 7.4.3.89 Liferay DXP 7.4 update 41 through update 89 Description: Multiple reflected cross-site scripting XSS vulnerabilities exist in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirec...
PT-2020-15442 · Jenkins · Jenkins Matrix Authorization Strategy Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Matrix Authorization Strategy Plugin versions 2.6.1 and earlier Description: The issue is related to a stored cross-site scripting vulnerability. It occurs because user names shown in the configuration or permission table are not...
Atlassian OAuth Server-Side Request Forgery Vulnerability
Atlassian OAuth Plugin is an authorization plugin from Atlassian Australia for accessing personal Atlassian software data. A security vulnerability exists in the IconUriServlet in the Atlassian OAuth Plugin. A remote attacker could exploit the vulnerability to access internal network resources or...
jenkins -- multiple vulnerabilities
Jenkins Security Advisory reports: This advisory announces multiple security vulnerabilities that were found in Jenkins core. SECURITY-63 / CVE-2013-2034 This creates a cross-site request forgery CSRF vulnerability on Jenkins master, where an anonymous attacker can trick an administrator to execu...