670 matches found
CVE-2023-28669
Jenkins JaCoCo Plugin 3.3.2 and earlier does not escape class and method names shown on the UI, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control input files for the 'Record JaCoCo coverage report' post-build action...
Design/Logic Flaw
OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.7 and 3.2.4, OpenSIPS crashes when a malformed SDP body is received and is processed by the deletesdpline function in the sipmsgops module. This issue can be reproduced by calling the function with an SDP...
CVE-2023-28098 OpenSIPS has vulnerability in the Digest Authentication Parser
OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.7 and 3.2.4, a specially crafted Authorization header causes OpenSIPS to crash or behave in an unexpected way due to a bug in the function parseparamname . This issue was discovered while performing coverag...
Wiz enhances its industry leading data security solution with broader cloud data coverage and customizable platform capabilities
Wiz for DSPM, now generally available, helps customers reduce the time it takes to discover and fix cloud data exposure before it becomes a costly breach...
OSV-2023-137 Heap-buffer-overflow in OT::Layout::Common::Coverage::get_population
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=56510 Crash type: Heap-buffer-overflow READ 1 Crash state: OT::Layout::Common::Coverage::getpopulation OT::Layout::GPOSimpl::SinglePosFormat1::sanitize hbsanitizecontextt::returnt OT::Layout::GPOSimpl::PosLookupSubTable::dispa...
GeoServer OGC Filter SQL Injection Vulnerabilities
Impact GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language CQL as part of the Web Feature Service WFS and Web Map Service WMS protocols. CQL is also supported through the Web Coverage Service WCS protocol for ImageMosaic coverages. SQL Injection...
UBUNTU-CVE-2022-48320
Cross-site Request Forgery CSRF in Tribe29's Checkmk = 2.1.0p17, Checkmk = 2.0.0p31, and all versions of Checkmk 1.6.0 EOL allow an attacker to add new visual elements to multiple pages...
GHSA-4X65-4FJX-R7M6 Plaintext storage of Access Token in Jenkins GitHub Pull Request Coverage Status Plugin
Jenkins GitHub Pull Request Coverage Status Plugin 2.2.0 and earlier stores the GitHub Personal Access Token, Sonar access token and Sonar password unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file...
Jenkins Plugin GitHub Pull Request Coverage Status 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. Jenkins Plugin GitHub Pul...
CVE-2023-24442
Jenkins GitHub Pull Request Coverage Status Plugin 2.2.0 and earlier stores the GitHub Personal Access Token, Sonar access token and Sonar password unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file...
_buyoutLien() does not properly validate the liquidationInitialAsk
Lines of code Vulnerability details Impact Illegal liquidationInitialAsk, resulting in insufficient bids to cover the debt Proof of Concept buyoutLien will validate against liquidationInitialAsk, but incorrectly uses the old stack for validation function buyoutLien LienStorage storage s,...
createLien() The first LienToken does not check for liquidationInitialAsk and maxPotentialDebt
Lines of code Vulnerability details Impact Illegal liquidationInitialAsk and maxPotentialDebt may result in bids amount do not cover the debt Proof of Concept With the current implementation, the first LienToken does not check liquidationInitialAsk and maxPotentialDebt function appendStack...
Improving Popularity Rankings for Better Threat Intelligence, Part 1
AkaRank can overcome biases in current domain popularity lists and help ensure the best threat coverage and user experience...
Shennina - Automating Host Exploitation With AI
Shennina is an automated host exploitation framework. The mission of the project is to fully automate the scanning, vulnerability scanning/analysis, and exploitation using Artificial Intelligence. Shennina is integrated with Metasploit and Nmap for performing the attacks, as well as being...
Mitigate threats with the new threat matrix for Kubernetes
Today, we are glad to release the third version of the threat matrix for Kubernetes, an evolving knowledge base for security threats that target Kubernetes clusters. The matrix, first released by Microsoft in 2020, was the first attempt to systematically cover the attack landscape of Kubernetes...
PT-2022-35718 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.19.264 Description: The issue is related to an unreliable stack dump with gcov in the x86/unwind/orc component. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux...
Is Cybersecurity Awareness Month Anything More Than PR?
Cybersecurity Awareness Month has been going on since 2004. This year, Cybersecurity Awareness Month urged the public, professionals, and industry partners to "see themselves in cyber" in the following ways: 1. The public, by taking action to stay safe online. 2. Professionals, by joining the cyb...
Re-Focusing Cyber Insurance with Security Validation
The rise in the costs of data breaches, ransomware, and other cyber attacks leads to rising cyber insurance premiums and more limited cyber insurance coverage. This cyber insurance situation increases risks for organizations struggling to find coverage or facing steep increases. Some Akin Gump...
November 8, 2022—KB5020005 (Security-only update)
November 8, 2022—KB5020005 Security-only update Summary Learn more about this security-only update, including improvements, any known issues, and how to get the update. REMINDER Windows Server 2008 Service Pack 2 SP2 has reached the end of mainstream support and are now in extended support...
Leeloo Multipath: Authorization bypass and symlink attack in multipathd (CVE-2022-41974 and CVE-2022-41973)
The Qualys Research Team has discovered two vulnerabilities in multipathd, the most important of which can be exploited for authorization bypass. Qualys recommends security teams apply patches for these vulnerabilities as soon as possible. The Qualys Research Team combined these two vulnerabiliti...