Lucene search
K

670 matches found

AlpineLinux
AlpineLinux
added 2023/03/23 11:26 a.m.26 views

CVE-2023-28669

Jenkins JaCoCo Plugin 3.3.2 and earlier does not escape class and method names shown on the UI, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control input files for the 'Record JaCoCo coverage report' post-build action...

5.4CVSS5.6AI score0.0056EPSS
Exploits0References1
Prion
Prion
added 2023/03/15 10:15 p.m.18 views

Design/Logic Flaw

OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.7 and 3.2.4, OpenSIPS crashes when a malformed SDP body is received and is processed by the deletesdpline function in the sipmsgops module. This issue can be reproduced by calling the function with an SDP...

5CVSS7.3AI score0.0099EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2023/03/15 10:11 p.m.31 views

CVE-2023-28098 OpenSIPS has vulnerability in the Digest Authentication Parser

OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.7 and 3.2.4, a specially crafted Authorization header causes OpenSIPS to crash or behave in an unexpected way due to a bug in the function parseparamname . This issue was discovered while performing coverag...

5.9CVSS7.6AI score0.00905EPSS
Exploits0References3
Wiz blog
Wiz blog
added 2023/03/09 1:55 p.m.6 views

Wiz enhances its industry leading data security solution with broader cloud data coverage and customizable platform capabilities

Wiz for DSPM, now generally available, helps customers reduce the time it takes to discover and fix cloud data exposure before it becomes a costly breach...

6.9AI score
Exploits0
OSV
OSV
added 2023/03/03 1:0 p.m.14 views

OSV-2023-137 Heap-buffer-overflow in OT::Layout::Common::Coverage::get_population

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=56510 Crash type: Heap-buffer-overflow READ 1 Crash state: OT::Layout::Common::Coverage::getpopulation OT::Layout::GPOSimpl::SinglePosFormat1::sanitize hbsanitizecontextt::returnt OT::Layout::GPOSimpl::PosLookupSubTable::dispa...

7.2AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2023/02/22 7:15 p.m.76 views

GeoServer OGC Filter SQL Injection Vulnerabilities

Impact GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language CQL as part of the Web Feature Service WFS and Web Map Service WMS protocols. CQL is also supported through the Web Coverage Service WCS protocol for ImageMosaic coverages. SQL Injection...

9.8CVSS9.7AI score0.85247EPSS
Exploits2References4Affected Software1
OSV
OSV
added 2023/02/20 5:15 p.m.3 views

UBUNTU-CVE-2022-48320

Cross-site Request Forgery CSRF in Tribe29's Checkmk = 2.1.0p17, Checkmk = 2.0.0p31, and all versions of Checkmk 1.6.0 EOL allow an attacker to add new visual elements to multiple pages...

5.4CVSS5.8AI score0.00229EPSS
Exploits0References3
OSV
OSV
added 2023/01/26 9:30 p.m.41 views

GHSA-4X65-4FJX-R7M6 Plaintext storage of Access Token in Jenkins GitHub Pull Request Coverage Status Plugin

Jenkins GitHub Pull Request Coverage Status Plugin 2.2.0 and earlier stores the GitHub Personal Access Token, Sonar access token and Sonar password unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file...

5.5CVSS5.8AI score0.00229EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/01/26 12:0 a.m.3 views

Jenkins Plugin GitHub Pull Request Coverage Status 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. Jenkins Plugin GitHub Pul...

5.5CVSS5.8AI score0.00229EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/01/24 12:0 a.m.21 views

CVE-2023-24442

Jenkins GitHub Pull Request Coverage Status Plugin 2.2.0 and earlier stores the GitHub Personal Access Token, Sonar access token and Sonar password unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file...

5.8AI score0.00229EPSS
Exploits0References1
Code423n4
Code423n4
added 2023/01/19 12:0 a.m.5 views

_buyoutLien() does not properly validate the liquidationInitialAsk

Lines of code Vulnerability details Impact Illegal liquidationInitialAsk, resulting in insufficient bids to cover the debt Proof of Concept buyoutLien will validate against liquidationInitialAsk, but incorrectly uses the old stack for validation function buyoutLien LienStorage storage s,...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/01/19 12:0 a.m.12 views

createLien() The first LienToken does not check for liquidationInitialAsk and maxPotentialDebt

Lines of code Vulnerability details Impact Illegal liquidationInitialAsk and maxPotentialDebt may result in bids amount do not cover the debt Proof of Concept With the current implementation, the first LienToken does not check liquidationInitialAsk and maxPotentialDebt function appendStack...

6.9AI score
Exploits0
Akamai Blog
Akamai Blog
added 2023/01/13 2:0 p.m.20 views

Improving Popularity Rankings for Better Threat Intelligence, Part 1

AkaRank can overcome biases in current domain popularity lists and help ensure the best threat coverage and user experience...

1.7AI score
Exploits0
Kitploit
Kitploit
added 2022/12/19 11:30 a.m.162 views

Shennina - Automating Host Exploitation With AI

Shennina is an automated host exploitation framework. The mission of the project is to fully automate the scanning, vulnerability scanning/analysis, and exploitation using Artificial Intelligence. Shennina is integrated with Metasploit and Nmap for performing the attacks, as well as being...

7.3AI score
Exploits0References3
Microsoft Secure
Microsoft Secure
added 2022/12/07 5:0 p.m.28 views

Mitigate threats with the new threat matrix for Kubernetes

Today, we are glad to release the third version of the threat matrix for Kubernetes, an evolving knowledge base for security threats that target Kubernetes clusters. The matrix, first released by Microsoft in 2020, was the first attempt to systematically cover the attack landscape of Kubernetes...

7.1AI score
Exploits0
Positive Technologies
Positive Technologies
added 2022/11/14 12:0 a.m.4 views

PT-2022-35718 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.19.264 Description: The issue is related to an unreliable stack dump with gcov in the x86/unwind/orc component. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux...

7.2AI score
Exploits0References1
The Hacker News
The Hacker News
added 2022/11/10 12:13 p.m.20 views

Is Cybersecurity Awareness Month Anything More Than PR?

Cybersecurity Awareness Month has been going on since 2004. This year, Cybersecurity Awareness Month urged the public, professionals, and industry partners to "see themselves in cyber" in the following ways: 1. The public, by taking action to stay safe online. 2. Professionals, by joining the cyb...

0.3AI score
Exploits0
The Hacker News
The Hacker News
added 2022/11/10 7:30 a.m.33 views

Re-Focusing Cyber Insurance with Security Validation

The rise in the costs of data breaches, ransomware, and other cyber attacks leads to rising cyber insurance premiums and more limited cyber insurance coverage. This cyber insurance situation increases risks for organizations struggling to find coverage or facing steep increases. Some Akin Gump...

7.2AI score
Exploits0
Microsoft KB
Microsoft KB
added 2022/11/08 8:0 a.m.82 views

November 8, 2022—KB5020005 (Security-only update)

November 8, 2022—KB5020005 Security-only update Summary Learn more about this security-only update, including improvements, any known issues, and how to get the update. REMINDER Windows Server 2008 Service Pack 2 SP2 has reached the end of mainstream support and are now in extended support...

8.8CVSS8.9AI score0.08053EPSS
Exploits0
Qualys Blog
Qualys Blog
added 2022/10/26 1:57 a.m.52 views

Leeloo Multipath: Authorization bypass and symlink attack in multipathd (CVE-2022-41974 and CVE-2022-41973)

The Qualys Research Team has discovered two vulnerabilities in multipathd, the most important of which can be exploited for authorization bypass. Qualys recommends security teams apply patches for these vulnerabilities as soon as possible. The Qualys Research Team combined these two vulnerabiliti...

0.2AI score0.00658EPSS
Exploits5
Rows per page
Query Builder