Lucene search
K

835 matches found

Cvelist
Cvelist
added 2022/04/12 7:50 p.m.29 views

CVE-2022-29037

Jenkins CVS Plugin 2.19 and earlier does not escape the name and description of CVS Symbolic Name parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.8AI score0.00662EPSS
Exploits0References1
CVE
CVE
added 2022/04/12 7:50 p.m.100 views

CVE-2022-29037

CVE-2022-29037 affects Jenkins CVS Plugin, versions 2.19 and earlier. Root cause: the plugin does not escape the name/description of CVS Symbolic Name parameters on parameter-views, causing stored XSS. Exploitation requires Item/Configure permission; no exploitation details or patches are provide...

5.4CVSS5.4AI score0.00662EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVE
added 2022/01/28 9:28 p.m.84 views

CVE-2021-4160

There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered unlikely and include reusing private keys. Analysis...

5.9CVSS6.7AI score0.03803EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/12 11:43 p.m.88 views

Security Bulletin: Vulnerability in Apache Log4j affects IBM Spectrum Archive Enterprise Edition (CVE-2021-44228)

Summary A vulnerability in Apache Log4j could allow an attacker to execute arbitrary code on the system. This vulnerability may affect the IBM Spectrum Archive Enterprise Edition EE. The below fix package includes Apache Log4j 2.15. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache...

10CVSS0.6AI score0.99999EPSS
Exploits351Affected Software2
OSV
OSV
added 2021/12/15 8:15 p.m.18 views

CVE-2021-43806

Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. In affected versions Tuleap does not sanitize properly user settings when constructing the SQL query to browse and search commits in the CVS repositories. A authenticated malicious user with...

8.8CVSS7.5AI score
Exploits0References4
NVD
NVD
added 2021/12/15 8:15 p.m.17 views

CVE-2021-43806

Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. In affected versions Tuleap does not sanitize properly user settings when constructing the SQL query to browse and search commits in the CVS repositories. A authenticated malicious user with...

8.8CVSS0.01544EPSS
Exploits0References4
Prion
Prion
added 2021/12/15 8:15 p.m.15 views

Sql injection

Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. In affected versions Tuleap does not sanitize properly user settings when constructing the SQL query to browse and search commits in the CVS repositories. A authenticated malicious user with...

6.5CVSS8.7AI score0.01544EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2021/12/15 7:45 p.m.19 views

CVE-2021-43806 SQL injection in Tuleap

Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. In affected versions Tuleap does not sanitize properly user settings when constructing the SQL query to browse and search commits in the CVS repositories. A authenticated malicious user with...

8.8CVSS8.9AI score0.01544EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2021/12/10 9:15 p.m.32 views

CVE-2021-43815

Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 has a directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data source enabled and configured. The vulnerabili...

4.3CVSS6.7AI score0.01746EPSS
Exploits0References7
OSV
OSV
added 2021/10/18 10:15 p.m.11 views

CVE-2021-41155

Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not sanitize properly user inputs when constructing the SQL query to browse and search revisions in the CVS repositories. The following versions contain the fix:...

8.8CVSS7.4AI score
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2021/10/18 10:15 p.m.3 views

CVE-2021-41155

Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not sanitize properly user inputs when constructing the SQL query to browse and search revisions in the CVS repositories. The following versions contain the fix:...

8.8CVSS7.3AI score0.01478EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2021/10/18 9:10 p.m.49 views

CVE-2021-41155

CVE-2021-41155 affects Tuleap: SQL injection in the CVS revisions browser due to improper input sanitization. Affected fixes are Tuleap Community Edition 11.17.99.146, Tuleap Enterprise Edition 11.17-5, and Tuleap Enterprise Edition 11.16-7. The vulnerability arises when constructing SQL queries ...

8.8CVSS8.9AI score0.01478EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2021/10/18 9:10 p.m.24 views

CVE-2021-41155 SQL injection in CVS revisions browser

Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not sanitize properly user inputs when constructing the SQL query to browse and search revisions in the CVS repositories. The following versions contain the fix:...

8.8CVSS9.1AI score0.01478EPSS
Exploits0References4
Rosalinux
Rosalinux
added 2021/07/02 4:37 p.m.19 views

Advisory ROSA-SA-2021-1819

Software: cvs 1.11.23 OS: Cobalt 7.9 CVE-ID: CVE-2020-2324 CVE-Crit: HIGH CVE-DESC: The Jenkins CVS 2.16 and earlier plug-in does not configure its XML syntactic parser to prevent attacks on XML external objects XXE. CVE-STATUS: default CVE-REV: default...

7.5CVSS7.1AI score0.01342EPSS
Exploits0
ThreatPost
ThreatPost
added 2021/06/17 4:47 p.m.195 views

CVS Health Records for 1.1 Billion Customers Exposed

More than 1 billion records for CVS Health customers were left in the database of a third-party, unnamed vendor – exposed, unprotected, online. Researchers said the data points revealed could be strung together to create an extremely personal snapshot of someones’s medical situation. The glitch i...

7AI score
Exploits0References8
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.15 views

SUSE: Security Advisory (SUSE-SU-2012:0311-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS6.6AI score0.08396EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.16 views

SUSE: Security Advisory (SUSE-SU-2017:2422-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.9AI score0.05968EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.16 views

SUSE: Security Advisory (SUSE-SU-2017:2419-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.9AI score0.05968EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2021/03/10 12:0 a.m.19 views

EulerOS Virtualization 3.0.6.6 : cvs (EulerOS-SA-2021-1467)

According to the version of the cvs package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository...

7.5CVSS7.1AI score0.05968EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2021/03/05 12:0 a.m.19 views

Huawei EulerOS: Security Advisory for cvs (EulerOS-SA-2021-1467)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.7AI score0.05968EPSS
Exploits1References2
Rows per page
Query Builder