2272 matches found
Schneider Electric Interactive Graphical Scada System Integer Overflow Vulnerability
The Schneider Electric Interactive Graphical Scada System Igss is a Scada system for monitoring and controlling industrial processes from Schneider Electric, France. The Schneider Electric Interactive Graphical Scada System has an integer overflow vulnerability that can be exploited by an attacke...
Schneider Electric Interactive Graphical SCADA System Initialization Error Vulnerability
Schneider Electric Interactive Graphical SCADA System IGSS is a SCADA Data Acquisition and Supervisory System system for monitoring and controlling industrial processes from Schneider Electric, France. An initialization error vulnerability exists in the Schneider Electric Interactive Graphical...
GHSA-FM6Q-97GW-C4WH Agent-to-controller security bypass in Jenkins HashiCorp Vault Plugin
Jenkins HashiCorp Vault Plugin 3.8.0 and earlier implements functionality that allows agent processes to retrieve any Vault secrets for use on the agent, allowing attackers able to control agent processes to obtain Vault secrets for an attacker-specified path and key...
Agent-to-controller security bypass in Jenkins HashiCorp Vault Plugin
Jenkins HashiCorp Vault Plugin 3.8.0 and earlier implements functionality that allows agent processes to retrieve any Vault secrets for use on the agent, allowing attackers able to control agent processes to obtain Vault secrets for an attacker-specified path and key...
Agent-to-controller security bypass in Jenkins HashiCorp Vault Plugin allows reading arbitrary files
Jenkins HashiCorp Vault Plugin 336.v182c0fbaaeb7 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system. This allows attackers able to control agent processes to read arbitrary files on the Jenkins controller file system. Thi...
GHSA-2587-W93G-63M2 Agent-to-controller security bypass in Jenkins HashiCorp Vault Plugin allows reading arbitrary files
Jenkins HashiCorp Vault Plugin 336.v182c0fbaaeb7 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system. This allows attackers able to control agent processes to read arbitrary files on the Jenkins controller file system. Thi...
GHSA-64Q9-F38H-9MWX Protection Mechanism Failure in Jenkins Doktor Plugin
Jenkins Doktor Plugin 0.4.1 and earlier implements functionality that allows agent processes to render files on the controller as Markdown or Asciidoc, and error messages allow attackers able to control agent processes to determine whether a file with a given name exists...
Protection Mechanism Failure in Jenkins Doktor Plugin
Jenkins Doktor Plugin 0.4.1 and earlier implements functionality that allows agent processes to render files on the controller as Markdown or Asciidoc, and error messages allow attackers able to control agent processes to determine whether a file with a given name exists...
CVE-2022-25204
Jenkins Doktor Plugin 0.4.1 and earlier implements functionality that allows agent processes to render files on the controller as Markdown or Asciidoc, and error messages allow attackers able to control agent processes to determine whether a file with a given name exists...
CVE-2022-25186
Jenkins HashiCorp Vault Plugin 3.8.0 and earlier implements functionality that allows agent processes to retrieve any Vault secrets for use on the agent, allowing attackers able to control agent processes to obtain Vault secrets for an attacker-specified path and key...
CVE-2022-25186
CVE-2022-25186 affects the Jenkins HashiCorp Vault Plugin (3.8.0 and earlier). The vulnerability lets an attacker who can control an agent process retrieve vault secrets for an attacker-specified path and key from the agent side. In practical terms, compromised agents can exfiltrate sensitive Vau...
CVE-2022-25186
Jenkins HashiCorp Vault Plugin 3.8.0 and earlier implements functionality that allows agent processes to retrieve any Vault secrets for use on the agent, allowing attackers able to control agent processes to obtain Vault secrets for an attacker-specified path and key...
Schneider Electric Interactive Graphical SCADA System Access Control Error Vulnerability (CNVD-2022-13067)
Schneider Electric Interactive Graphical SCADA System IGSS is a SCADA Data Acquisition and Supervisory System system for monitoring and controlling industrial processes from Schneider Electric, France. An access control error vulnerability exists in the Schneider Electric Interactive Graphical...
Schneider Electric Multiple Products Cross the Line to Write Vulnerability
Schneider Electric Modicon Quantum and Schneider Electric Modicon M340 are both products of Schneider Electric, a French company. Schneider Electric Modicon M340 is a medium-range PLC programmable logic controller for industrial processes and infrastructure. Send a specially crafted HTTP request ...
PT-2022-1879 · Hashicorp +1 · Jenkins Hashicorp Vault Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins HashiCorp Vault Plugin versions 336.v182c0fbaaeb7 and earlier Description: The issue allows agent processes to read arbitrary files on the Jenkins controller file system. This can be exploited by attackers who can control agent...
Schneider Electric Interactive Graphical SCADA System Out-of-Bounds Read Vulnerability
Schneider Electric Interactive Graphical SCADA System IGSS is a SCADA Data Acquisition and Supervisory System system for monitoring and controlling industrial processes from Schneider Electric, France. An out-of-bounds read vulnerability exists in the Schneider Electric Interactive Graphical SCAD...
Schneider Electric Interactive Graphical SCADA System Authorization Issues Vulnerability
Schneider Electric Interactive Graphical SCADA System IGSS is a SCADA Data Acquisition and Supervisory System system for monitoring and controlling industrial processes from Schneider Electric, France. An authorization issue vulnerability exists in the Schneider Electric Interactive Graphical SCA...
CVE-2022-24975
The --mirror documentation for Git through 2.35.1 does not mention the availability of deleted content, aka the "GitBleed" issue. This could present a security risk if information-disclosure auditing processes rely on a clone operation without the --mirror option. Note: This has been disputed by...
Sealevel Systems SeaConnect 370w out-of-bounds write vulnerability (CNVD-2022-10696)
Sealevel Systems SeaConnect 370W is an Industrial Internet of Things Iiot edge device from Sealevel Systems, Inc. used to remotely monitor and control the status of actual I/O processes. The Sealevel Systems SeaConnect 370w is vulnerable to an out-of-bounds write vulnerability that could be...
GlobalProtect App: Improper Link Resolution Vulnerability Leads to Local Privilege Escalation
An improper link resolution before file access 'link following' vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that enables a local attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges under certain circumstances. Work...