CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 2022/02/25 12:0 a.m.•46 views

RHEL 8 : OpenShift Container Platform 4.6.55 (RHSA-2022:0565)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0565 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...

RedHat Linux•added 2022/02/24 3:15 p.m.•2 views

Exploits0References6

jenkins-2-plugins/docker-commons: does not sanitize the name of an image or a tag which could result in an OS command execution

An OS command execution vulnerability was found in the Jenkins Docker Commons plugin. Due to a lack of sanitization in the name of an image or a tag, an attacker with Item/Configure permission or the ability to control the contents of a previously configured job’s SCM repository may be able to...

8.8CVSS5.9AI score0.02258EPSS

RedHat Linux•added 2022/02/24 3:15 p.m.•52 views

Important: Red Hat Security Advisory: OpenShift Container Platform 3.11.634 security update

Red Hat OpenShift Container Platform release 3.11.634 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score,...

8.8CVSS6.8AI score0.02258EPSS

Tenable Nessus•added 2022/02/24 12:0 a.m.•39 views

RHEL 7 : OpenShift Container Platform 3.11.634 (RHSA-2022:0555)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0555 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...

CNVD•added 2022/02/18 12:0 a.m.•39 views

Exploits0References8

Reolink RLC-410W OS Command Injection Vulnerability

Reolink Rlc-410W is a Wifi security camera from Reolink China. The Reolink RLC-410W suffers from an OS command injection vulnerability. An attacker can exploit this vulnerability to cause command execution by sending a specially crafted HTTP request...

9.1CVSS7.4AI score0.27876EPSS

Exploits1References1

RedhatCVE•added 2022/02/17 3:47 p.m.•89 views

CVE-2022-25173

A flaw was found in Jenkins. The Pipeline: Groovy Plugin uses the same checkout directories for distinct SCMs when reading the script file typically Jenkinsfile for Pipelines. This flaw allows attackers with item/configure permission to invoke arbitrary OS commands on the controller through craft...

8.8CVSS3.8AI score0.01422EPSS

RedhatCVE•added 2022/02/17 3:47 p.m.•53 views

CVE-2022-25174

A flaw was found in Jenkins. The JenkinsPipeline: Shared Groovy Libraries uses the same checkout directories for distinct SCMs for Pipeline libraries. This flaw allows attackers with item/configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents. This...

8.8CVSS5.5AI score0.01421EPSS

Huntr•added 2022/02/17 2:55 a.m.•46 views

Improper Access Control to Remote Code Execution

Description In Webmin v1.984, affecting File Manager module, any authenticated low privilege user without access rights to the File Manager module could interact with file manager functionalities such as download file from remote URL and change file permission chmod. It is possible to achieve...

9CVSS0.9AI score0.96977EPSS

Exploits13

RedHat Linux•added 2022/02/16 11:19 a.m.•2 views

jenkins-2-plugins/docker-commons: does not sanitize the name of an image or a tag which could result in an OS command execution

8.8CVSS5.9AI score0.02258EPSS

RedHat Linux•added 2022/02/16 6:50 a.m.•80 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.8.31 security update

Red Hat OpenShift Container Platform release 4.8.31 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.8. Red Hat Product Security has rated this update as having a...

Github Security Blog•added 2022/02/16 12:1 a.m.•41 views

Improper Neutralization of Special Elements used in an OS Command in Jenkins Pipeline: Groovy Plugin

Jenkins Pipeline: Groovy Plugin prior to 2656.vf7ae7b75a457, 2.94.1, and 2.92.1 uses the same checkout directories for distinct SCMs when reading the script file typically Jenkinsfile for Pipelines, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controlle...

8.8CVSS8.4AI score0.01422EPSS

Exploits0References6Affected Software1

OSV•added 2022/02/16 12:1 a.m.•18 views

GHSA-4M7P-55JM-3VWV Improper Neutralization of Special Elements used in an OS Command in Jenkins Pipeline: Groovy Plugin

8.8CVSS8.6AI score0.01422EPSS

Github Security Blog•added 2022/02/16 12:1 a.m.•35 views

Improper Neutralization of Special Elements used in an OS Command in Jenkins Pipeline: Shared Groovy Libraries Plugin

Jenkins Pipeline: Shared Groovy Libraries Plugin prior to 561.vace0de3c2d69, 2.21.1, and 2.18.1 uses the same checkout directories for distinct SCMs for Pipeline libraries, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM...

8.8CVSS8.4AI score0.01421EPSS

Exploits0References5Affected Software1

Github Security Blog•added 2022/02/16 12:1 a.m.•32 views

Jenkins Pipeline: Multibranch Plugin vulnerable to OS Command Injection

Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier uses distinct checkout directories per SCM for the readTrusted step, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents...

8.8CVSS4.4AI score0.01382EPSS

Exploits0References4Affected Software1

OSV•added 2022/02/16 12:1 a.m.•37 views

GHSA-PJ84-QJM3-77MG Jenkins Pipeline: Multibranch Plugin vulnerable to OS Command Injection

8.8CVSS8.6AI score0.01382EPSS

Tenable Nessus•added 2022/02/16 12:0 a.m.•28 views

RHEL 8 : OpenShift Container Platform 4.7.43 (RHSA-2022:0491)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0491 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...

Tenable Nessus•added 2022/02/16 12:0 a.m.•30 views

Exploits0References6

RHEL 8 : OpenShift Container Platform 4.8.31 (RHSA-2022:0483)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0483 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...