Lucene search
K

22 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-3909

Malicious code in bioql PyPI...

6.5CVSS6.4AI score0.00864EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-2844

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00844EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2023-46673

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate...

7.5CVSS7.2AI score0.00844EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/05/17 12:0 a.m.19 views

GitLab 13.0 < 13.3.9 / 13.4.0 < 13.4.5 / 13.5.0 < 13.5.2 (CVE-2020-13351)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Insufficient permission checks in scheduled pipeline API in GitLab CE/EE 13.0+ allows an attacker to read variable names and values for scheduled pipelines on projects visible to the attacker. Affecte...

6.5CVSS6.5AI score0.01345EPSS
Exploits0References4
OSV
OSV
added 2024/03/06 10:51 a.m.28 views

BIT-ELASTICSEARCH-2023-46673

It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API...

7.5CVSS7.3AI score0.00844EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/11/24 2:0 a.m.3 views

SUSE CVE-2023-46673

It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API...

7.5CVSS6.9AI score0.00844EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2023/11/23 1:57 a.m.94 views

CVE-2023-46673

A flaw was found in Elasticsearch. A malicious script used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API. Mitigation No mitigation is yet available for this flaw...

7.5CVSS6.8AI score0.00844EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2023/11/22 12:30 p.m.36 views

Elasticsearch Improper Handling of Exceptional Conditions

It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API...

7.5CVSS7.1AI score0.00844EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2023/11/22 10:15 a.m.23 views

CVE-2023-46673

It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API...

7.5CVSS0.00844EPSS
Exploits0References2
Prion
Prion
added 2023/11/22 10:15 a.m.28 views

Code injection

It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API...

5CVSS6.9AI score0.00844EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/11/22 10:15 a.m.2 views

UBUNTU-CVE-2023-46673

It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API...

7.5CVSS7.1AI score0.00844EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/11/22 9:27 a.m.40 views

CVE-2023-46673

It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API...

6.5CVSS7.6AI score0.00844EPSS
Exploits0References2
CVE
CVE
added 2023/11/22 9:27 a.m.119 views

CVE-2023-46673

CVE-2023-46673 affects Elastic Elasticsearch. Malformed scripts in the script processor of an Ingest Pipeline can cause an Elasticsearch node to crash when calling the Simulate Pipeline API, enabling a denial of service. The vulnerability is tied to the Simulate Pipeline API handling and may impa...

7.5CVSS7.3AI score0.00844EPSS
Exploits0References2Affected Software1
vulnersOsv
vulnersOsv
added 2023/05/16 6:30 p.m.5 views

io.jenkins.blueocean:blueocean-pipeline-scm-api (>=1.27.4 <=1.27.5.1), io.jenkins.plugins:code-coverage-api (>=4.2.0 <=4.7.0) +12 more potentially affected by CVE-2023-32977 via org.jenkins-ci.plugins.workflow:workflow-job (>=0.1-beta-1 <=1292.v27d8cc3e2602)

org.jenkins-ci.plugins.workflow:workflow-job MAVEN version =0.1-beta-1, =1.27.4, =4.2.0, =1.17.vd2468d9c5e85, =0.1-beta-1, =1.14, =1.16.4 - org.jenkins-ci.plugins:gradle =2.12.0.1 - org.jenkins-ci.plugins:inline-pipeline =1.0.3 Source cves: CVE-2023-32977 Source advisory: OSV:GHSA-2WVV-PHHW-QVMC...

5.4CVSS6AI score0.00586EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2023/03/06 9:1 a.m.9 views

plugin: User-scoped credentials exposed to other users by Pipeline SCM API for Blue Ocean Plugin

Jenkins Pipeline SCM API for Blue Ocean Plugin 1.25.3 and earlier allows attackers with Job/Configure permission to access credentials with attacker-specified IDs stored in the private per-user credentials stores of any attacker-specified user in Jenkins...

6.5CVSS5.8AI score0.00864EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/02/23 12:1 a.m.6 views

plugin: User-scoped credentials exposed to other users by Pipeline SCM API for Blue Ocean Plugin

Jenkins Pipeline SCM API for Blue Ocean Plugin 1.25.3 and earlier allows attackers with Job/Configure permission to access credentials with attacker-specified IDs stored in the private per-user credentials stores of any attacker-specified user in Jenkins...

6.5CVSS5.8AI score0.00864EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/10/19 12:0 a.m.3 views

PT-2022-26893 · Jenkins · Jenkins Pipeline: Supporting Apis Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline: Supporting APIs Plugin versions 838.va 3a 087b 4055b and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs because the Jenkins Pipeline: Supporting APIs Plugin does not...

8CVSS5.1AI score0.00655EPSS
Exploits0References8
vulnersOsv
vulnersOsv
added 2022/05/24 4:50 p.m.6 views

com.nirima:docker-plugin (>=0.17 <=1.0.4), com.testinium.jenkins:testinium (=1.0) +37 more potentially affected by CVE-2019-1010241 via org.jenkins-ci.plugins:credentials-binding (>=1.10 <=1.16)

org.jenkins-ci.plugins:credentials-binding MAVEN version =1.10, =0.17, =1.0.43, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.1-preview-1, =1.2.7, =0.1.0, =0.1.1, =0.4.2 and more Source cves: CVE-2019-1010241 Source advisory: SNYK:JAVA-ORGJENKINSCIPLUGINS-9402853...

6.5CVSS6.5AI score0.01468EPSS
Exploits1
OSV
OSV
added 2022/05/18 12:0 a.m.3 views

GHSA-G74W-93CP-5P3P Insufficiently Protected Credentials in Jenkins Pipeline SCM API for Blue Ocean Plugin

When pipelines are created using the pipeline creation wizard in Blue Ocean, the credentials used are stored in the per-user credentials store of the user creating the pipeline. To allow pipelines to use this credential to scan repositories and checkout from SCM, the Blue Ocean Credentials Provid...

5.3CVSS5.7AI score0.00864EPSS
Exploits0References5
OSV
OSV
added 2020/11/17 6:15 p.m.19 views

CVE-2020-13351

Insufficient permission checks in scheduled pipeline API in GitLab CE/EE 13.0+ allows an attacker to read variable names and values for scheduled pipelines on projects visible to the attacker. Affected versions are =13.0, =13.4.0, =13.5.0, 13.5.2...

6.5CVSS6.3AI score0.01345EPSS
Exploits0References3
Rows per page
Query Builder