Lucene search
+L

329 matches found

OSV
OSV
added 2022/01/06 6:45 p.m.27 views

GHSA-P479-RWHP-RWJX Stored XSS vulnerability in Jenkins Scriptler Plugin

Jenkins Scriptler Plugin 3.2 and earlier does not escape parameter names shown in job configuration forms. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Scriptler/Configure permission. Jenkins Scriptler Plugin 3.3 escapes parameter names shown in jo...

5.4CVSS5.2AI score0.75742EPSS
Exploits0References5
OSV
OSV
added 2021/12/20 6:21 p.m.24 views

GHSA-GP4J-W3VJ-7299 Information Exposure in RunC

RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or...

6.4CVSS6.7AI score0.00377EPSS
Exploits0References19
Github Security Blog
Github Security Blog
added 2021/12/20 6:21 p.m.40 views

Information Exposure in RunC

RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or...

6.4CVSS3.3AI score0.00377EPSS
Exploits0References20Affected Software1
CNNVD
CNNVD
added 2021/09/10 12:0 a.m.5 views

Ascensio System ONLYOFFICE Document Server 安全漏洞

Ascensio System ONLYOFFICE Document Server is an online office collaboration suite from Ascensio System, Latvia. The product supports viewing and editing of text, spreadsheets and presentations. A security vulnerability exists in versions 6.1.x through 6.3.0.71 of the Translate plug-in for...

9.8CVSS8.3AI score0.02317EPSS
Exploits0References3
NVD
NVD
added 2021/08/17 4:15 p.m.23 views

CVE-2021-32829

ZStack is open source IaaSinfrastructure as a service software aiming to automate datacenters, managing resources of compute, storage, and networking all by APIs. Affected versions of ZStack REST API are vulnerable to post-authentication Remote Code Execution RCE via bypass of the Groovy shell...

9.9CVSS0.02902EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.24 views

SUSE: Security Advisory (SUSE-SU-2016:1785-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.8AI score0.06336EPSS
Exploits3References39
CNNVD
CNNVD
added 2021/01/29 12:0 a.m.7 views

Foris Security Vulnerabilities

Turris Foris is a netconf and nuci based device routing application from the Czech organization Turris that can be managed via a web interface. A security vulnerability exists in Foris before 101.1.1 due to the lack of certain HTML escapes in the login template...

9.8CVSS7.3AI score0.01594EPSS
Exploits0References4
Rockylinux
Rockylinux
added 2020/11/03 12:31 p.m.20 views

new module: perl:5.30

An update is available for perl-Pod-Perldoc, perl-DBI, perl-Pod-Escapes, perl-Devel-PPPort, perl-Pod-Usage, perl-Sub-Exporter, perl-perlfaq, perl-Object-HashBase, perl-CPAN-Meta-YAML, perl-Digest, perl-podlators, perl-bignum, perl-Text-ParseWords, perl-Text-Template, perl-DBD-MySQL, perl-Text-Glo...

1.8AI score
Exploits0
NVD
NVD
added 2020/09/05 4:15 a.m.17 views

CVE-2020-15709

Versions of add-apt-repository before 0.98.9.2, 0.96.24.32.14, 0.96.20.10, and 0.92.37.8ubuntu0.1esm1, printed a PPA personal package archive description to the terminal as-is, which allowed PPA owners to provide ANSI terminal escapes to modify terminal contents in unexpected ways...

5.5CVSS5.3AI score0.00313EPSS
Exploits0References1
OSV
OSV
added 2020/09/05 4:15 a.m.1 views

DEBIAN-CVE-2020-15709

Versions of add-apt-repository before 0.98.9.2, 0.96.24.32.14, 0.96.20.10, and 0.92.37.8ubuntu0.1esm1, printed a PPA personal package archive description to the terminal as-is, which allowed PPA owners to provide ANSI terminal escapes to modify terminal contents in unexpected ways...

5.5CVSS5.6AI score0.00313EPSS
Exploits0References1
Prion
Prion
added 2020/09/05 4:15 a.m.18 views

Code injection

Versions of add-apt-repository before 0.98.9.2, 0.96.24.32.14, 0.96.20.10, and 0.92.37.8ubuntu0.1esm1, printed a PPA personal package archive description to the terminal as-is, which allowed PPA owners to provide ANSI terminal escapes to modify terminal contents in unexpected ways...

2.1CVSS5.3AI score0.00313EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/09/05 3:30 a.m.282 views

CVE-2020-15709

CVE-2020-15709 affects add-apt-repository prior to versions 0.98.9.2, 0.96.24.32.14, 0.96.20.10, and 0.92.37.8ubuntu0.1~esm1. The issue arises because the PPA description is printed to the terminal as-is, allowing PPA owners to inject ANSI terminal escapes that can modify terminal contents in uni...

5.5CVSS5.2AI score0.00313EPSS
Exploits0References1Affected Software1
UbuntuCve
UbuntuCve
added 2020/08/03 2:41 p.m.25 views

CVE-2020-15709

Versions of add-apt-repository before 0.98.9.2, 0.96.24.32.14, 0.96.20.10, and 0.92.37.8ubuntu0.1esm1, printed a PPA personal package archive description to the terminal as-is, which allowed PPA owners to provide ANSI terminal escapes to modify terminal contents in unexpected ways...

5.5CVSS6.1AI score0.00313EPSS
Exploits0References4
OSV
OSV
added 2020/03/19 6:15 p.m.2 views

UBUNTU-CVE-2020-5267

In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the j or escapejavascript methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2...

4.8CVSS6.6AI score0.01543EPSS
Exploits1References7
Cvelist
Cvelist
added 2019/11/20 3:41 p.m.23 views

CVE-2010-4660

Unspecified vulnerability in statusnet through 2010 due to the way addslashes are used in SQL string escapes...

9.7AI score0.01315EPSS
Exploits0References2
CVE
CVE
added 2019/11/20 3:41 p.m.51 views

CVE-2010-4660

CVE-2010-4660 relates to the open‑source micro‑blogging app StatusNet . It describes an SQL injection vulnerability caused by the way addslashes is used in SQL string escapes, affecting StatusNet up through 2010 and prior versions. The connected records confirm a PHP-based issue with database inp...

9.8CVSS9.5AI score0.01315EPSS
Exploits0References2Affected Software1
Qualys Blog
Qualys Blog
added 2019/11/12 7:28 p.m.494 views

November 2019 Patch Tuesday – 74 vulns, 13 Critical, Actively Attacked IE vuln, Hyper-V escapes, Adobe

This month’s Microsoft Patch Tuesday addresses 74 vulnerabilities with 13 of them labeled as Critical. Of the 13 Critical vulns, 5 are for browsers and scripting engines. Out of the 8 remaining Critical vulns, 4 are potential hypervisor escapes in Hyper-V, as well as vulnerabilities in Microsoft...

9CVSS1.6AI score0.72626EPSS
Exploits3
The Hacker News
The Hacker News
added 2019/08/30 7:33 a.m.2 views

Google Uncovers How Just Visiting Some Sites Were Secretly Hacking iPhones For Years

Beware Apple users! Your iPhone can be hacked just by visiting an innocent-looking website, confirms a terrifying report Google researchers released earlier today. The story goes back to a widespread iPhone hacking campaign that cybersecurity researchers from Google's Project Zero discovered...

9.3CVSS8.5AI score0.15705EPSS
Exploits2
CNVD
CNVD
added 2019/06/24 12:0 a.m.6 views

RDK CcspWifiAgent Module Command Execution Vulnerability

RDK is a modular, portable, customizable open source IoT software solution from the RDK Management community. ccspWifiAgent is one of the modules that supports WiFi functionality. A security vulnerability exists in the cosawifiapis.c file of the CcspWifiAgent module in RDK version RDKB-20181217-1...

8.5CVSS7.7AI score0.01591EPSS
Exploits0References1
OSV
OSV
added 2019/06/06 1:44 p.m.2 views

USN-4011-2 jinja2 vulnerabilities

USN-4011-1 fixed several vulnerabilities in Jinja2. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Olivier Dony discovered that Jinja incorrectly handled str.format. An attacker could possibly use this issue to escape the sandbo...

8.6CVSS6.9AI score0.03603EPSS
Exploits1References3
Rows per page
Query Builder