Lucene search
+L

352 matches found

CNNVD
CNNVD
added 2021/05/11 12:0 a.m.7 views

Jenkins 信息泄露漏洞

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A vulnerability exists in...

4.3CVSS5.8AI score0.00865EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/05/03 12:0 a.m.6 views

Google Android 信息泄露漏洞

Google Android is a Linux-based open source operating system from the Google Open Handheld Consortium Google. An elevation of privilege vulnerability exists in Google Android 11. The vulnerability arises due to a missing privilege check in isBackupServiceActive of BackupManagerService.java. An...

5.5CVSS5.8AI score0.00108EPSS
Exploits0References4
CNVD
CNVD
added 2021/04/23 12:0 a.m.8 views

CloudBees Jenkins Config File Provider Plugin Privilege Check Vulnerability

CloudBees Jenkins formerly known as Hudson Labs is the United States CloudBees set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software release/testing projects and some of the timed execution of the task.Config File Provider Plugin is...

6.5CVSS6.2AI score0.01082EPSS
Exploits0References1
CNVD
CNVD
added 2021/04/22 12:0 a.m.46 views

Atlassian Jira Server and Jira Data Center have unspecified vulnerabilities

Atlassian JIRA Server and Atlassian JIRA Data Center are both products of Atlassian Australia, Atlassian JIRA Server is a server version of a defect tracking management system. Atlassian JIRA Data Center is the data center version of Atlassian JIRA. Atlassian JIRA Server and Atlassian JIRA Data...

5.3CVSS4.8AI score0.08951EPSS
Exploits1References1
NVD
NVD
added 2021/04/16 10:15 p.m.33 views

CVE-2021-29452

a12n-server is an npm package which aims to provide a simple authentication system. A new HAL-Form was added to allow editing users in version 0.18.0. This feature should only have been accessible to admins. Unfortunately, privileges were incorrectly checked allowing any logged in user to make th...

8.1CVSS0.00781EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/04/08 12:0 a.m.8 views

Atlassian JIRA Server和Atlassian JIRA Data Center 安全漏洞

Atlassian JIRA Server and Atlassian JIRA Data Center are both products of Atlassian Australia, Atlassian JIRA Server is a server version of a defect tracking management system. Atlassian JIRA Data Center is the data center version of Atlassian JIRA. Atlassian JIRA Server and Atlassian JIRA Data...

5.3CVSS5.6AI score0.08951EPSS
Exploits1References2
CNVD
CNVD
added 2021/04/06 12:0 a.m.25 views

Atlassian Jira Server and Data Center has an unspecified vulnerability

Atlassian JIRA Server and Atlassian JIRA Data Center are both products of Atlassian Australia, Atlassian JIRA Server is a server version of a defect tracking management system. Atlassian JIRA Data Center is the data center version of Atlassian JIRA, which is a security vulnerability that could be...

5.3CVSS4.9AI score0.01591EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/03/31 12:0 a.m.6 views

Atlassian Jira Server and Data Center 安全漏洞

Atlassian JIRA Server and Atlassian JIRA Data Center are both products of Atlassian Australia, Atlassian JIRA Server is a server version of a defect tracking management system. Atlassian JIRA Data Center is the data center version of Atlassian JIRA, which is a security vulnerability that could be...

5.3CVSS5.6AI score0.01591EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/03/30 12:0 a.m.4 views

Jenkins OWASP Dependency-Track 跨站请求伪造漏洞

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site request forgery...

8.8CVSS5.8AI score0.0077EPSS
Exploits0References5
CNVD
CNVD
added 2021/03/05 12:0 a.m.27 views

Samsung knox_custom service security feature issue vulnerability

Samsung knoxcustom service is a mobile application from Samsung South Korea. A simplicity mode is provided. A security signature issue vulnerability exists in knoxcustom service prior to SMR Mar-2021 Release 1, which stems from a missing privilege check and can be exploited by an attacker to obta...

6.2CVSS6.7AI score0.00118EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/03/04 12:0 a.m.5 views

knox_custom service 安全特征问题漏洞

Samsung knoxcustom service is a mobile application from Samsung South Korea. A simplicity mode is provided. A security signature issue vulnerability exists in knoxcustom service prior to SMR Mar-2021 Release 1, which stems from a missing privilege check and can be exploited by an attacker to obta...

6.2CVSS5.6AI score0.00118EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/03/02 12:0 a.m.7 views

Google Android 缓冲区错误漏洞

Google Android is a Linux-based open source operating system from the USGoogleOpen Handheld Alliance Google. A security vulnerability exists in Google Android/Pixel that stems from a lack of privilege checking in callCallbackForRequest in ConnectivityService.java, which could bypass privileges...

7.2CVSS6.8AI score0.00131EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/02/26 12:0 a.m.8 views

MediaTek netdiag 信息泄露漏洞

MediaTek netdiag is an application chip from MediaTek China. Improved processing capabilities. A security vulnerability exists in MediaTek netdiag. The vulnerability stems from a lack of privilege checking and could lead to the disclosure of local information with required system execution...

4.4CVSS5.9AI score0.00125EPSS
Exploits0References2
OSV
OSV
added 2021/02/22 12:55 p.m.8 views

SUSE-SU-2021:0543-1 Security update for postgresql13

This update for postgresql13 fixes the following issues: Upgrade to version 13.2: Updating stored views and reindexing might be needed after applying this update. CVE-2021-3393, bsc1182040: Fix information leakage in constraint-violation error messages. CVE-2021-20229, bsc1182039: Fix failure to...

4.3CVSS5.5AI score0.01466EPSS
Exploits2References6
CNVD
CNVD
added 2020/12/31 12:0 a.m.4 views

Apache Accumulo Access Control Error Vulnerability

Apache Accumulo is a reliable, scalable, high-performance sorted distributed Key-Value storage application from the Apache Foundation. An access control error vulnerability exists in Apache Accumulo versions 1.5.0 through 1.10.0 and 2.0.0 due to an authenticated user failing to properly check the...

8.1CVSS6.7AI score0.03655EPSS
Exploits0References1
Prion
Prion
added 2020/08/11 1:15 p.m.22 views

Design/Logic Flaw

Red Hat CloudForms 4.7 and 5 leads to insecure direct object references IDOR and functional level access control bypass due to missing privilege check. Therefore, if an attacker knows the right criteria, it is possible to access some sensitive data within the CloudForms...

4CVSS6.8AI score0.00776EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2020/08/04 8:15 p.m.7 views

CVE-2020-15943

An issue was discovered in the Gantt-Chart module before 5.5.4 for Jira. Due to a missing privilege check, it is possible to read and write to the module configuration of other users. This can also be used to deliver an XSS payload to other users' dashboards. To exploit this vulnerability, an...

8.1CVSS7.2AI score0.01834EPSS
Exploits3References4
Prion
Prion
added 2020/08/04 8:15 p.m.12 views

Design/Logic Flaw

An issue was discovered in the Gantt-Chart module before 5.5.4 for Jira. Due to a missing privilege check, it is possible to read and write to the module configuration of other users. This can also be used to deliver an XSS payload to other users' dashboards. To exploit this vulnerability, an...

5.5CVSS7.7AI score0.01834EPSS
Exploits3References4Affected Software1
CVE
CVE
added 2020/08/04 7:7 p.m.66 views

CVE-2020-15943

The CVE-2020-15943 entry affects Atlassian Jira Gantt-Chart module before 5.5.4. A missing privilege check allows an authenticated attacker to read and write the module configuration of other users, with potential to deliver an XSS payload to other users’ dashboards. Exploitation requires authent...

8.1CVSS7.6AI score0.01834EPSS
Exploits3References4Affected Software1
Positive Technologies
Positive Technologies
added 2020/08/04 12:0 a.m.8 views

PT-2020-14726 · Atlassian · Gantt-Chart For Jira

Name of the Vulnerable Software and Affected Versions: Gantt-Chart for Jira versions prior to 5.5.4 Description: An issue in the Gantt-Chart module allows authenticated attackers to read and write to the module configuration of other users due to a missing privilege check. This can also be used t...

8.1CVSS7.7AI score0.01834EPSS
Exploits3References14
Rows per page
Query Builder