22 matches found
EUVD-2024-44242
Malicious code in bioql PyPI...
EUVD-2022-6278
Malicious code in bioql PyPI...
EUVD-2022-6247
Malicious code in bioql PyPI...
CVE-2022-36909
A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenkins controller file system ...
CVE-2022-36908
A cross-site request forgery CSRF vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenkins controller file system to an...
CVE-2024-4638
OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in the web key upload function. An attacker could modify the intended commands sent to target functions, which could cause malicious users to execute unauthorized...
CVE-2024-4638 OnCell G3470A-LTE Series: Authenticated Command Injection via webUploadKey
OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in the web key upload function. An attacker could modify the intended commands sent to target functions, which could cause malicious users to execute unauthorized...
CVE-2024-4638
CVE-2024-4638 affects MOXA OnCell G3470A-LTE Series (v1.7.7 and earlier). Root cause: web key upload input not neutralized, allowing an attacker to modify commands sent to target functions and potentially execute unauthorized commands. Reports consistently describe command injection risk without ...
MOXA OnCell G3470A-LTE 安全漏洞
MOXA OnCell G3470A-LTE is a series of cellular gateway/router from MOXA China. A command injection vulnerability exists in MOXA OnCell G3470A-LTE v1.7.7 and earlier firmware versions, which stems from the lack of a neutralization input in the Web Key Upload function, and can be exploited by an...
PT-2024-4285 · Moxa · Oncell G3470A-Lte Series
Name of the Vulnerable Software and Affected Versions: OnCell G3470A-LTE Series firmware versions v1.7.7 and prior Description: The issue is related to a lack of neutralized inputs in the web key upload function, allowing an attacker to modify intended commands sent to target functions. This coul...
Missing permission check in Jenkins OpenShift Deployer Plugin
OpenShift Deployer Plugin 1.2.0 and earlier does not perform permission checks in methods implementing form validation. This allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key fi...
CVE-2022-36909
A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenkins controller file system ...
Design/Logic Flaw
A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenkins controller file system ...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenkins controller file system to an...
Jenkins OpenShift Deployer Plugin 跨站请求伪造漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A cross-site request...
PT-2022-4767 · Jenkins · Jenkins Openshift Deployer Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins OpenShift Deployer Plugin versions 1.2.0 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to check for the existence of an attacker-specified file path on the Jenkins controller file system and...
PT-2022-5099 · Jenkins · Jenkins Openshift Deployer Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins OpenShift Deployer Plugin versions 1.2.0 and earlier Description: A missing permission check in the Jenkins OpenShift Deployer Plugin allows attackers with Overall/Read permission to check for the existence of an attacker-specified fi...
Jenkins OpenShift Deployer Plugin 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
CVE-2017-18001
Trustwave Secure Web Gateway SWG through 11.8.0.27 allows remote attackers to append an arbitrary public key to the device's SSH Authorized Keys data, and consequently obtain remote root access, via the publicKey parameter to the /sendKey URI...
CVE-2013-4490
The SSH key upload feature lib/gitlabkeys.rb in gitlab-shell before 1.7.3, as used in GitLab 5.0 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands via shell metacharacters in the public key...