352 matches found
Jenkins 信息泄露漏洞
CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A vulnerability exists in...
Google Android 信息泄露漏洞
Google Android is a Linux-based open source operating system from the Google Open Handheld Consortium Google. An elevation of privilege vulnerability exists in Google Android 11. The vulnerability arises due to a missing privilege check in isBackupServiceActive of BackupManagerService.java. An...
CloudBees Jenkins Config File Provider Plugin Privilege Check Vulnerability
CloudBees Jenkins formerly known as Hudson Labs is the United States CloudBees set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software release/testing projects and some of the timed execution of the task.Config File Provider Plugin is...
Atlassian Jira Server and Jira Data Center have unspecified vulnerabilities
Atlassian JIRA Server and Atlassian JIRA Data Center are both products of Atlassian Australia, Atlassian JIRA Server is a server version of a defect tracking management system. Atlassian JIRA Data Center is the data center version of Atlassian JIRA. Atlassian JIRA Server and Atlassian JIRA Data...
CVE-2021-29452
a12n-server is an npm package which aims to provide a simple authentication system. A new HAL-Form was added to allow editing users in version 0.18.0. This feature should only have been accessible to admins. Unfortunately, privileges were incorrectly checked allowing any logged in user to make th...
Atlassian JIRA Server和Atlassian JIRA Data Center 安全漏洞
Atlassian JIRA Server and Atlassian JIRA Data Center are both products of Atlassian Australia, Atlassian JIRA Server is a server version of a defect tracking management system. Atlassian JIRA Data Center is the data center version of Atlassian JIRA. Atlassian JIRA Server and Atlassian JIRA Data...
Atlassian Jira Server and Data Center has an unspecified vulnerability
Atlassian JIRA Server and Atlassian JIRA Data Center are both products of Atlassian Australia, Atlassian JIRA Server is a server version of a defect tracking management system. Atlassian JIRA Data Center is the data center version of Atlassian JIRA, which is a security vulnerability that could be...
Atlassian Jira Server and Data Center 安全漏洞
Atlassian JIRA Server and Atlassian JIRA Data Center are both products of Atlassian Australia, Atlassian JIRA Server is a server version of a defect tracking management system. Atlassian JIRA Data Center is the data center version of Atlassian JIRA, which is a security vulnerability that could be...
Jenkins OWASP Dependency-Track 跨站请求伪造漏洞
CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site request forgery...
Samsung knox_custom service security feature issue vulnerability
Samsung knoxcustom service is a mobile application from Samsung South Korea. A simplicity mode is provided. A security signature issue vulnerability exists in knoxcustom service prior to SMR Mar-2021 Release 1, which stems from a missing privilege check and can be exploited by an attacker to obta...
knox_custom service 安全特征问题漏洞
Samsung knoxcustom service is a mobile application from Samsung South Korea. A simplicity mode is provided. A security signature issue vulnerability exists in knoxcustom service prior to SMR Mar-2021 Release 1, which stems from a missing privilege check and can be exploited by an attacker to obta...
Google Android 缓冲区错误漏洞
Google Android is a Linux-based open source operating system from the USGoogleOpen Handheld Alliance Google. A security vulnerability exists in Google Android/Pixel that stems from a lack of privilege checking in callCallbackForRequest in ConnectivityService.java, which could bypass privileges...
MediaTek netdiag 信息泄露漏洞
MediaTek netdiag is an application chip from MediaTek China. Improved processing capabilities. A security vulnerability exists in MediaTek netdiag. The vulnerability stems from a lack of privilege checking and could lead to the disclosure of local information with required system execution...
SUSE-SU-2021:0543-1 Security update for postgresql13
This update for postgresql13 fixes the following issues: Upgrade to version 13.2: Updating stored views and reindexing might be needed after applying this update. CVE-2021-3393, bsc1182040: Fix information leakage in constraint-violation error messages. CVE-2021-20229, bsc1182039: Fix failure to...
Apache Accumulo Access Control Error Vulnerability
Apache Accumulo is a reliable, scalable, high-performance sorted distributed Key-Value storage application from the Apache Foundation. An access control error vulnerability exists in Apache Accumulo versions 1.5.0 through 1.10.0 and 2.0.0 due to an authenticated user failing to properly check the...
Design/Logic Flaw
Red Hat CloudForms 4.7 and 5 leads to insecure direct object references IDOR and functional level access control bypass due to missing privilege check. Therefore, if an attacker knows the right criteria, it is possible to access some sensitive data within the CloudForms...
CVE-2020-15943
An issue was discovered in the Gantt-Chart module before 5.5.4 for Jira. Due to a missing privilege check, it is possible to read and write to the module configuration of other users. This can also be used to deliver an XSS payload to other users' dashboards. To exploit this vulnerability, an...
Design/Logic Flaw
An issue was discovered in the Gantt-Chart module before 5.5.4 for Jira. Due to a missing privilege check, it is possible to read and write to the module configuration of other users. This can also be used to deliver an XSS payload to other users' dashboards. To exploit this vulnerability, an...
CVE-2020-15943
The CVE-2020-15943 entry affects Atlassian Jira Gantt-Chart module before 5.5.4. A missing privilege check allows an authenticated attacker to read and write the module configuration of other users, with potential to deliver an XSS payload to other users’ dashboards. Exploitation requires authent...
PT-2020-14726 · Atlassian · Gantt-Chart For Jira
Name of the Vulnerable Software and Affected Versions: Gantt-Chart for Jira versions prior to 5.5.4 Description: An issue in the Gantt-Chart module allows authenticated attackers to read and write to the module configuration of other users due to a missing privilege check. This can also be used t...