Amazon Corretto Java 8.x < 8.332.08.1 Multiple Vulnerabilities

The version of Amazon Corretto installed on the remote host is prior to 8 8.332.08.1. It is, therefore, affected by multiple vulnerabilities as referenced in the corretto-8-2022-Apr-19 advisory. - zlib before 1.2.12 allows memory corruption when deflating i.e., when compressing if the input has...

Amazon Corretto Java 8.x < 8.312.07.1 Multiple Vulnerabilities

The version of Amazon Corretto installed on the remote host is prior to 8 8.312.07.1. It is, therefore, affected by multiple vulnerabilities as referenced in the corretto-8-2021-Oct-19 advisory. - security-libs/javax.net.ssl CVE-2021-35550, CVE-2021-35578, CVE-2021-35603 - client-libs/javax.swing...

feling87-nodejs-libs (>=0.0.1 <=0.0.3) potentially affected by CVE-2022-24717 via @finastra/ssr-pages (=0.1.3)

@finastra/ssr-pages NPM version =0.1.3 is affected by a known vulnerability. The following packages have a transitive dependency on @finastra/ssr-pages and may be impacted: - feling87-nodejs-libs =0.0.1, =0.0.3 Source cves: CVE-2022-24717 Source advisory: OSV:GHSA-7F63-H6G3-7CWM...

feling87-nodejs-libs (>=0.0.1 <=0.0.3) potentially affected by CVE-2022-24718 via @finastra/ssr-pages (=0.1.3)

@finastra/ssr-pages NPM version =0.1.3 is affected by a known vulnerability. The following packages have a transitive dependency on @finastra/ssr-pages and may be impacted: - feling87-nodejs-libs =0.0.1, =0.0.3 Source cves: CVE-2022-24718 Source advisory: OSV:GHSA-W6CX-QG2Q-RVQ8...

Huawei EulerOS: Security Advisory for rpm (EulerOS-SA-2022-1143)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

AlmaLinux 8 : net-snmp (ALSA-2020:5480)

The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2020:5480 advisory. - Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root...

AlmaLinux 8 : cups (ALSA-2020:4469)

The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2020:4469 advisory. - A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.4. An application may be able to gain elevated...

AlmaLinux 8 : python3 (ALSA-2021:4057)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2021:4057 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 70300 C Tenable Network...

SUSE: Security Advisory (SUSE-SU-2022:0283-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle OpenJDK Unspecified Vulnerability (CVE-2022-21349)

Oracle OpenJDK is prone to an unspecified vulnerability in the client-libs/2d component. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later Thi...

Huawei EulerOS: Security Advisory for rpm (EulerOS-SA-2021-2876)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

jenkins: Agent-to-controller access control allowed writing to sensitive directory used by Pipeline: Shared Groovy Libraries Plugin

An incorrect permissions validation vulnerability was found in Jenkins. An agent process read/write access to the libs/ directory inside build directories when using the FilePath APIs is not limited. This allows attackers in control of agent processes to replace the code of a trusted library with...

jenkins: Agent-to-controller access control allowed writing to sensitive directory used by Pipeline: Shared Groovy Libraries Plugin

An incorrect permissions validation vulnerability was found in Jenkins. An agent process read/write access to the libs/ directory inside build directories when using the FilePath APIs is not limited. This allows attackers in control of agent processes to replace the code of a trusted library with...

The vulnerability of the FilePath API implementation in the Jenkins automation server allows a hacker to execute arbitrary code.

The vulnerability of the FilePath API implementation in the Jenkins automation server relates to unlimited access to the libs/ directory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

jenkins: Agent-to-controller access control allowed writing to sensitive directory used by Pipeline: Shared Groovy Libraries Plugin

An incorrect permissions validation vulnerability was found in Jenkins. An agent process read/write access to the libs/ directory inside build directories when using the FilePath APIs is not limited. This allows attackers in control of agent processes to replace the code of a trusted library with...

jenkins: Agent-to-controller access control allowed writing to sensitive directory used by Pipeline: Shared Groovy Libraries Plugin

An incorrect permissions validation vulnerability was found in Jenkins. An agent process read/write access to the libs/ directory inside build directories when using the FilePath APIs is not limited. This allows attackers in control of agent processes to replace the code of a trusted library with...

CentOS 8 : freerdp (CESA-2021:4622)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:4622 advisory. - freerdp: improper client input validation for gateway connections allows to overwrite memory CVE-2021-41159 - freerdp: improper region checks in all...

Jenkins Access Control Error Vulnerability (CNVD-2021-103366)

Jenkins is a Jenkins open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins has an access control error vulnerability in versions 2.318 and earlier and LTS 2.303 and earlier, which stems from the use of the FilePath AP...

PT-2021-4993 · Jenkins · Remoting Security Workaround Plugin +2

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.318 and earlier, LTS versions 2.303.2 and earlier Description: The issue is related to the implementation of the FilePath API in the Jenkins automation server, which does not limit agent read/write access to the libs/...

0.8.18-p11 (=0.8.18-p12), @msvx/component (>=1.0.1 <=1.2.2) +24 more potentially affected by CVE-2021-42227 via kindeditor (=4.1.10)

kindeditor NPM version =4.1.10 is affected by a known vulnerability. The following packages have a transitive dependency on kindeditor and may be impacted: - 0.8.18-p11 =0.8.18-p12 - @msvx/component =1.0.1, =0.0.1, =0.2.3, =0.1.1, =0.0.1, =0.0.3-p12, =4.1.9, =1.3.50, =1.0.0, =0.0.1, =0.2.49,...