CVE-2023-27903

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a file parameter through the CLI, potentially allowing attackers with access to the Jenkins controller file system to...

CVE-2023-27903

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a file parameter through the CLI, potentially allowing attackers with access to the Jenkins controller file system to...

Design/Logic Flaw

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a file parameter through the CLI, potentially allowing attackers with access to the Jenkins controller file system to...

Intel® oneAPI Toolkits Advisory

Summary: Potential security vulnerabilities in some Intel® oneAPI Toolkits may allow escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2022-25987 Description: Improper handling of Unicode encoding in source...

Moderate: Red Hat Security Advisory: Release of OpenShift Serverless Client kn 1.27.1

Release of OpenShift Serverless 1.27.1 The References section contains CVE links providing detailed severity ratings for each vulnerability. Ratings are based on a Common Vulnerability Scoring System CVSS base score. Red Hat OpenShift Serverless Client kn 1.27.1 provides a CLI to interact with Re...

CVE-2023-27903

CVE-2023-27903 affects Jenkins/Jenkins-2-plugins. The connected documents describe it as "Temporary file parameter created with insecure permissions", enabling a local attacker with access to the controller’s filesystem to read/write the temporary file before it is used. Red Hat advisories (RHSA-...

PT-2023-21409 · Jenkins · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.393 and earlier Jenkins LTS versions 2.375.3 and earlier Description: The issue arises when uploading a file parameter through the CLI, as Jenkins creates a temporary file in the default temporary directory with default...

Debian: Security Advisory (DLA-94-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-41328

A improper limitation of a pathname to a restricted directory vulnerability 'path traversal' CWE-22 in Fortinet FortiOS version 7.2.0 through 7.2.3, 7.0.0 through 7.0.9 and before 6.4.11 allows a privileged attacker to read and write files on the underlying Linux system via crafted CLI commands...

CVE-2022-41328

A improper limitation of a pathname to a restricted directory vulnerability 'path traversal' CWE-22 in Fortinet FortiOS version 7.2.0 through 7.2.3, 7.0.0 through 7.0.9 and before 6.4.11 allows a privileged attacker to read and write files on the underlying Linux system via crafted CLI commands...

CVE-2022-42476

A relative path traversal vulnerability CWE-23 in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.11, FortiProxy version 7.2.0 through 7.2.2 and 7.0.0 through 7.0.8 allows privileged VDOM administrators to escalate their privileges to super admin of the box via...

Path traversal

A improper limitation of a pathname to a restricted directory vulnerability 'path traversal' CWE-22 in Fortinet FortiOS version 7.2.0 through 7.2.3, 7.0.0 through 7.0.9 and before 6.4.11 allows a privileged attacker to read and write files on the underlying Linux system via crafted CLI commands...

Path traversal

A relative path traversal vulnerability CWE-23 in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.11, FortiProxy version 7.2.0 through 7.2.2 and 7.0.0 through 7.0.8 allows privileged VDOM administrators to escalate their privileges to super admin of the box via...

CVE-2022-42476

A relative path traversal vulnerability CWE-23 in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.11, FortiProxy version 7.2.0 through 7.2.2 and 7.0.0 through 7.0.8 allows privileged VDOM administrators to escalate their privileges to super admin of the box via...

CVE-2022-42476

CVE-2022-42476 is a path-traversal vulnerability in Fortinet FortiOS and FortiProxy that can let privileged VDOM administrators escalate to the box’s super admin via crafted CLI requests. Affected: FortiOS/FortiProxy versions 7.2.0–7.2.2, 7.0.0–7.0.8, and prior to 6.4.11. Connected advisories and...

CVE-2022-41328

A improper limitation of a pathname to a restricted directory vulnerability ‘path traversal’ CWE-22 in Fortinet FortiOS version 7.2.0 through 7.2.3, 7.0.0 through 7.0.9 and before 6.4.11 allows a privileged attacker to read and write files on the underlying Linux system via crafted CLI commands...

Protect

A relative path traversal vulnerability CWE-23 in FortiOS and FortiProxy may allow privileged VDOM administrators to escalate their privileges to super admin of the box via crafted CLI requests...

assemblylift-cli (>=0.4.0-alpha.5 <=0.4.0-alpha.11), assemblylift-core (>=0.4.0-alpha.10 <=0.4.0-alpha.11) +110 more potentially affected by CVE-2023-27477 via wasmtime (>=0.10.0 <=3.0.1)

wasmtime CARGO version =0.10.0, =0.4.0-alpha.5, =0.4.0-alpha.10, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.1, =0.5.3-0, =0.4.0, =0.4.0, =0.0.0, =0.0.1, =0.0.1, =0.5.5 and more Source cves: CVE-2023-27477 Source advisory: OSV:RUSTSEC-2023-0093...

CVE-2023-1127

Divide By Zero in GitHub repository vim/vim prior to 9.0.1367...

@ibm/rse-api-for-zowe-cli (=2.0.0), @zowe/cli (>=6.25.0 <=6.39.0) +1 more potentially affected by CVE-2021-4326 via @zowe/imperative (>=4.10.0 <=4.18.1)

@zowe/imperative NPM version =4.10.0, =6.25.0, =1.18.1, =1.22.0 Source cves: CVE-2021-4326 Source advisory: OSV:GHSA-6Q8M-42QQ-64R7...