Lucene search
+L

835 matches found

Fedora
Fedora
added 2021/02/12 1:44 a.m.72 views

[SECURITY] Fedora 33 Update: subversion-1.14.1-1.fc33

Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file...

7.5CVSS7.3AI score0.40075EPSS
Exploits1
NVD
NVD
added 2020/12/03 4:15 p.m.30 views

CVE-2020-2324

Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

7.5CVSS7.5AI score0.01342EPSS
Exploits0References2
Prion
Prion
added 2020/12/03 4:15 p.m.15 views

Xxe

Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

5CVSS7.5AI score0.01342EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/12/03 3:55 p.m.27 views

CVE-2020-2324

Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

7.5AI score0.01342EPSS
Exploits0References2
CVE
CVE
added 2020/12/03 3:55 p.m.73 views

CVE-2020-2324

The CVE-2020-2324 issue affects Jenkins CVS Plugin versions 2.16 and earlier. The root cause is that the plugin’s XML parser does not disable XML External Entity (XXE) processing, enabling an attacker who can control an agent process to have Jenkins parse a crafted changelog file that can exfiltr...

7.5CVSS7.5AI score0.01342EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2020/12/03 12:0 a.m.7 views

PT-2020-15558 · Jenkins · Jenkins Cas Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins CVS Plugin versions 2.16 and earlier Description: The issue allows attackers who can control an agent process to have Jenkins parse a crafted changelog file, using external entities for extraction of secrets from the Jenkins controlle...

7.5CVSS7.4AI score0.01342EPSS
Exploits0References8
IBM Security Bulletins
IBM Security Bulletins
added 2020/11/25 9:1 a.m.17 views

Security Bulletin: IBM Cloud Pak for Security (CP4S) is potentially vulnerable to CVS injection (CVE-2020-4627)

Summary IBM Cloud Pak for Security CP4S potentially vulnerable to CVS Injection due to improper data sanitization. The issue has been addressed. Vulnerability Details CVEID: CVE-2020-4627 DESCRIPTION: IBM Cloud Pak for Security CP4S potentially vulnerable to CVS Injection. A remote attacker could...

9CVSS1.9AI score0.01591EPSS
Exploits0Affected Software1
NVD
NVD
added 2020/11/09 9:15 p.m.27 views

CVE-2020-4759

IBM FileNet Content Manager 5.5.4 and 5.5.5 is potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 188736...

9.3CVSS7.4AI score0.01984EPSS
Exploits0References2
Prion
Prion
added 2020/11/09 9:15 p.m.21 views

Input validation

IBM FileNet Content Manager 5.5.4 and 5.5.5 is potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 188736...

9.3CVSS7.7AI score0.01984EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/11/09 8:25 p.m.56 views

CVE-2020-4759

CVE-2020-4759 affects IBM FileNet Content Manager 5.5.4 and 5.5.5 via CSV Injection in the ACCE component. Root cause: improper validation of CSV file contents leading to potential remote code execution. Impact: attacker could execute arbitrary commands on vulnerable systems; CVSS base score 7.0–...

9.3CVSS7.8AI score0.01984EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/11/09 8:25 p.m.29 views

CVE-2020-4759

IBM FileNet Content Manager 5.5.4 and 5.5.5 is potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 188736...

7CVSS7.8AI score0.01984EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2020/11/04 12:0 a.m.14 views

Huawei EulerOS: Security Advisory for cvs (EulerOS-SA-2020-2338)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.7AI score0.05968EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2020/11/03 12:0 a.m.35 views

EulerOS 2.0 SP2 : cvs (EulerOS-SA-2020-2338)

According to the version of the cvs package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a...

7.5CVSS7.2AI score0.05968EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2020/10/30 12:0 a.m.18 views

Huawei EulerOS: Security Advisory for cvs (EulerOS-SA-2020-2280)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.7AI score0.05968EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2020/10/30 12:0 a.m.30 views

EulerOS 2.0 SP5 : cvs (EulerOS-SA-2020-2280)

According to the version of the cvs package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a...

7.5CVSS7.2AI score0.05968EPSS
Exploits1References2
NVD
NVD
added 2020/10/12 2:15 p.m.20 views

CVE-2020-4689

IBM Security Guardium 11.2 is vulnerable to CVS Injection. A remote privileged attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-ForceID: 186696...

8.5CVSS0.02352EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/10/12 1:20 p.m.21 views

CVE-2020-4689

IBM Security Guardium 11.2 is vulnerable to CVS Injection. A remote privileged attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-ForceID: 186696...

6.8CVSS6.9AI score0.02352EPSS
Exploits0References2
CVE
CVE
added 2020/10/12 1:20 p.m.53 views

CVE-2020-4689

CVE-2020-4689 affects IBM Security Guardium 11.2 and is a CVS Injection flaw caused by improper validation of CSV file contents. Remote privileged attackers could execute arbitrary commands on the system. CVSS v3.1 base score 6.8 (MEDIUM) with high impact on confidentiality, integrity, and availa...

8.5CVSS6.8AI score0.02352EPSS
Exploits0References2Affected Software1
OpenVAS
OpenVAS
added 2020/09/29 12:0 a.m.6 views

Huawei EulerOS: Security Advisory for cvs (EulerOS-SA-2020-2128)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.7AI score0.05968EPSS
Exploits1References2
Veracode
Veracode
added 2020/08/06 9:38 p.m.37 views

Arbitrary Code Execution

CVSis vulnerable to arbitrary code execution. When configured to use SSH for remote repositories, a remote attacker is able to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by -oProxyCommand=id;localhost:/bar...

7.5CVSS4.2AI score0.05968EPSS
Exploits1References8Affected Software1
Rows per page
Query Builder