Lucene search
K

76 matches found

EUVD
EUVD
added 2024/08/16 2:51 p.m.5 views

EUVD-2024-40458

In JetBrains TeamCity before 2024.07.1 multiple stored XSS was possible on Clouds page...

5.4CVSS5.5AI score0.00324EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/08/16 2:51 p.m.19 views

CVE-2024-43807

In JetBrains TeamCity before 2024.07.1 multiple stored XSS was possible on Clouds page...

4.6CVSS0.00324EPSS
Exploits0References1
CVE
CVE
added 2024/08/16 2:51 p.m.56 views

CVE-2024-43807

JetBrains TeamCity before 2024.07.1 is affected by multiple stored XSS on the Clouds page (CVE-2024-43807). The issue is discussed across sources (Red Hat CVE entry and Nessus plugin) with remediation implied as updating to 2024.07.1 or newer. There are no explicit exploitation details in the pro...

5.4CVSS6AI score0.00324EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/08/16 12:0 a.m.6 views

JetBrains TeamCity 安全漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. JetBrains TeamCity suffers from a cross-site...

5.4CVSS6.3AI score0.00324EPSS
Exploits0References2
OSV
OSV
added 2024/03/06 11:5 a.m.22 views

BIT-SOLR-2023-50290 Apache Solr: Host environment variables are published via the Metrics API

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr. The Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users are able to specify which environment variables to hide, however, the default list is designe...

6.5CVSS6.6AI score0.68665EPSS
Exploits0References2
Microsoft KB
Microsoft KB
added 2024/02/29 12:0 a.m.6 views

February 29, 2024—KB5034843 (OS Build 19045.4123) Preview

February 29, 2024—KB5034843 OS Build 19045.4123 Preview 11/17/20 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 10, version 22H2, see its update history page. Note Follow...

6.8AI score
Exploits0
OSV
OSV
added 2024/02/09 6:31 p.m.1 views

GHSA-XRJ7-X7GP-WWQR Apache Solr's Streaming Expressions allow users to extract data from other Solr Clouds

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr. This issue affects Apache Solr from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. Solr Streaming Expressions allows users to extract data from other Solr Clouds, using a "zkHost" parameter. When original...

8.2CVSS7AI score0.01564EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2024/02/09 6:31 p.m.23 views

Apache Solr's Streaming Expressions allow users to extract data from other Solr Clouds

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr. This issue affects Apache Solr from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. Solr Streaming Expressions allows users to extract data from other Solr Clouds, using a "zkHost" parameter. When original...

7.5CVSS6.9AI score0.01564EPSS
Exploits0References8Affected Software2
Cvelist
Cvelist
added 2024/02/09 5:29 p.m.43 views

CVE-2023-50291 Apache Solr: System Property redaction logic inconsistency can lead to leaked passwords

Insufficiently Protected Credentials vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0. One of the two endpoints that publishes the Solr process' Java system properties, /admin/info/properties, was only setup to hide system properties...

7.7AI score0.03306EPSS
Exploits0References2
CNVD
CNVD
added 2024/02/05 12:0 a.m.13 views

IBM Cloud Pak System Information Disclosure Vulnerability (CNVD-2024-07607)

IBM Cloud Pak System is a full-stack, converged infrastructure with configurable, pre-integrated software from International Business Machines IBM. The product supports deploying, managing and moving application environments across hybrid clouds. An information disclosure vulnerability exists in...

7.5CVSS6.3AI score0.00674EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/01/15 9:32 a.m.36 views

CVE-2023-50290 Apache Solr: Host environment variables are published via the Metrics API

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr. The Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users are able to specify which environment variables to hide, however, the default list is designe...

6.6AI score0.68665EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2023/10/25 3:52 p.m.71 views

Important: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.3.3 security updates and bug fixes

Multicluster Engine for Kubernetes 2.3.3 General Availability release images, which contain security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severit...

7.5CVSS8.5AI score0.99999EPSS
Exploits19References44
BDU FSTEC
BDU FSTEC
added 2023/09/22 12:0 a.m.6 views

The vulnerability of Acronis Cloud Manager, a platform for managing hybrid clouds, stems from insufficient validation of input data. This allows attackers to gain access to confidential information.

The vulnerability of Acronis Cloud Manager, a platform for managing hybrid clouds, is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker operating remotely to access confidential information...

7.8CVSS6.5AI score0.00362EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/07/12 6:30 p.m.16 views

GHSA-J54R-W587-95Q7 Jenkins Oracle Cloud Infrastructure Compute Plugin missing SSH host key validation

Jenkins Oracle Cloud Infrastructure Compute Plugin 1.0.16 and earlier does not perform SSH host key validation when connecting to OCI clouds. This lack of validation could be abused using a man-in-the-middle attack to intercept these connections to OCI clouds. Oracle Cloud Infrastructure Compute...

4.8CVSS3.9AI score0.00424EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/07/12 6:30 p.m.28 views

Jenkins Oracle Cloud Infrastructure Compute Plugin missing SSH host key validation

Jenkins Oracle Cloud Infrastructure Compute Plugin 1.0.16 and earlier does not perform SSH host key validation when connecting to OCI clouds. This lack of validation could be abused using a man-in-the-middle attack to intercept these connections to OCI clouds. Oracle Cloud Infrastructure Compute...

3.7CVSS6.4AI score0.00424EPSS
Exploits0References4Affected Software1
RedHat Linux
RedHat Linux
added 2023/05/30 4:47 p.m.43 views

Critical: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.0.9 security fixes and container updates

Multicluster Engine for Kubernetes 2.0.9 General Availability release images, which fix security issues and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detaile...

10CVSS7AI score0.05642EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2023/04/19 11:49 p.m.42 views

Critical: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.2.3 security updates and bug fixes

Multicluster Engine for Kubernetes 2.2.3 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

10CVSS7AI score0.72087EPSS
Exploits8References5
OpenVAS
OpenVAS
added 2022/09/13 12:0 a.m.12 views

Fedora: Security Advisory for cloudcompare (FEDORA-2022-9cbdf39a5a)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.8CVSS8.7AI score0.02793EPSS
Exploits1References2
Fedora
Fedora
added 2022/09/12 5:58 p.m.38 views

[SECURITY] Fedora 37 Update: cloudcompare-2.11.3-4.fc37

CloudCompare is a 3D point cloud and triangular mesh processing software. It has been originally designed to perform comparison between two 3D points clouds such as the ones obtained with a laser scanner or between a point cloud and a triangular mesh. It relies on a specific octree structure that...

8.8CVSS1.2AI score0.02793EPSS
Exploits1
Fedora
Fedora
added 2022/09/10 7:54 p.m.35 views

[SECURITY] Fedora 35 Update: cloudcompare-2.9.1-16.fc35

CloudCompare is a 3D point cloud and triangular mesh processing software. It has been originally designed to perform comparison between two 3D points clouds such as the ones obtained with a laser scanner or between a point cloud and a triangular mesh. It relies on a specific octree structure that...

8.8CVSS1.2AI score0.02793EPSS
Exploits1
Rows per page
Query Builder