Lucene search
K

2289 matches found

Debian CVE
Debian CVE
added 2021/11/19 4:11 p.m.30 views

CVE-2021-3962

A flaw was found in ImageMagick where it did not properly sanitize certain input before using it to invoke convert processes. This flaw allows an attacker to create a specially crafted image that leads to a use-after-free vulnerability when processed by ImageMagick. The highest threat from this...

7.8CVSS7.4AI score0.05838EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2021/11/19 12:0 a.m.28 views

Jenkins Enterprise and Operations Center < 2.277.43.0.2 / 2.303.3.3 Multiple Vulnerabilities (CloudBees Security Advisory 2021-11-04)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.277.x prior to 2.277.43.0.2, or 2.x prior to 2.303.3.3. It is, therefore, affected by multiple vulnerabilities, including the following: - Agent processes are able to completely bypass file path...

9.8CVSS8AI score0.02451EPSS
Exploits0References15
Oracle linux
Oracle linux
added 2021/11/16 12:0 a.m.54 views

gcc security and bug fix update

8.5.0-3.0.2 - Fix Orabug 33451471 and backport CTF/BTF enhancements ctfc: Free CTF container elements in ctfcdeletecontainer ctf: Do not warn for CTF not supported for GNU GIMPLE ICE in btffinalize when compiling with -gbtf PR debug/102507, Orabug 33451471 Reviewed-by: Jose E. Marchesi 8.5.0-3.0....

6.5CVSS7AI score0.01637EPSS
Exploits1
Microsoft Malware Protection
Microsoft Malware Protection
added 2021/11/15 7:0 p.m.29 views

How Open Systems uses Microsoft tools to improve security maturity

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. We’ve all seen it happen—an organization has all the top-notch security tools in place and still, they get breached. In today’s rapidly evolving threat landscape, complexity leads to...

6.8AI score
Exploits0
Prion
Prion
added 2021/11/10 5:15 p.m.39 views

Memory corruption

A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to disrupt system processes and potentially execute arbitrary code with root privileges. The attacker must have network access to the...

10CVSS9.7AI score0.19087EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2021/11/10 5:10 p.m.194 views

CVE-2021-3064

CVE-2021-3064 affects PAN-OS GlobalProtect portal and gateway interfaces on PAN-OS 8.1.x before 8.1.17, causing memory corruption that can lead to unauthenticated remote code execution with root privileges when an attacker can reach the GlobalProtect service port (default 443) over the network. T...

10CVSS9.7AI score0.19087EPSS
Exploits1References1Affected Software1
Palo Alto Networks
Palo Alto Networks
added 2021/11/10 5:0 p.m.370 views

PAN-OS: Memory Corruption Vulnerability in GlobalProtect Portal and Gateway Interfaces

A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to disrupt system processes and potentially execute arbitrary code with root privileges. The attacker must have network access to the...

9.8CVSS9.6AI score0.19087EPSS
Exploits1References1
AlmaLinux
AlmaLinux
added 2021/11/09 9:1 a.m.36 views

Moderate: python-psutil security update

psutil is a module providing an interface for retrieving information on all running processes and system utilization CPU, memory, disks, network, users in a portable way by using Python. Security Fixes: python-psutil: double free because of refcount mishandling CVE-2019-18874 For more details abo...

7.5CVSS7.7AI score0.03522EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2021/11/05 12:0 a.m.31 views

SUSE SLED15: libjavascriptcoregtk-4_0-18 / libwebkit2gtk-4_0-37 / etc (SUSE-SU-2021:3603-1)

The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:3603-1 advisory. - CVE-2021-42762: Updated seccomp rules with latest changes from flatpak bsc1191937. Tenable has extracted the preceding description block...

5.3CVSS6.4AI score0.00501EPSS
Exploits1References4
OSV
OSV
added 2021/11/04 5:15 p.m.13 views

CVE-2021-21690

Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier...

9.8CVSS6.5AI score
Exploits0References1
Prion
Prion
added 2021/11/04 5:15 p.m.18 views

Design/Logic Flaw

Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier...

7.5CVSS9.2AI score0.02451EPSS
Exploits0References1Affected Software1
AlpineLinux
AlpineLinux
added 2021/11/04 5:15 p.m.22 views

CVE-2021-21690

Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier...

9.8CVSS9.1AI score0.02451EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2021/11/04 4:52 p.m.30 views

CVE-2021-21690

A file path filtering bypass vulnerability was found in Jenkins. Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path. This may allow an attacker who controls the agent process to get read and write access to arbitrary files on the...

9.8CVSS8.9AI score0.02451EPSS
Exploits0References4
Cvelist
Cvelist
added 2021/11/04 4:30 p.m.20 views

CVE-2021-21690

Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier...

9.6AI score0.02451EPSS
Exploits0References1
CVE
CVE
added 2021/11/04 4:30 p.m.163 views

CVE-2021-21690

Jenkins prior to 2.319 (and LTS 2.303.3 previously) is affected by CVE-2021-21690 where agent processes can completely bypass file path filtering by wrapping file operations in an agent file path. This allows potential reading/writing of arbitrary files on the Jenkins controller and is part of a ...

9.8CVSS9.2AI score0.02451EPSS
Exploits0References1Affected Software1
The Hacker News
The Hacker News
added 2021/10/29 11:3 a.m.52 views

New 'Shrootless' Bug Could Let Attackers Install Rootkit on macOS Systems

Microsoft on Thursday disclosed details of a new vulnerability that could allow an attacker to bypass security restrictions in macOS and take complete control of the device to perform arbitrary operations on the device without getting flagged by traditional security solutions. Dubbed "Shrootless"...

5.5CVSS1AI score0.10269EPSS
Exploits0
OSV
OSV
added 2021/10/28 1:15 p.m.2 views

CVE-2021-22453

A component of the HarmonyOS has a Improper Input Validation vulnerability. Local attackers may exploit this vulnerability to cause nearby process crash...

3.3CVSS5.8AI score0.00144EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/10/28 12:0 a.m.3 views

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei, a Chinese company that provides a microkernel-based distributed operating system. Huawei HarmonyOS 2.0 previously had a security vulnerability that could be exploited by an attacker to cause nearby processes to crash...

5.5CVSS5.7AI score0.00144EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/10/28 12:0 a.m.4 views

HUAWEI HarmonyOS 缓冲区错误漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a microkernel-based, fully distributed operating system. Huawei HarmonyOS handles a data out-of-bounds vulnerability in the Bluetooth protocol, which could be exploited by local attackers to cause nearby processes to crash...

3.3CVSS5.7AI score0.00144EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/10/28 12:0 a.m.3 views

Huawei HarmonyOS 代码问题漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A denial of service vulnerability exists in HarmonyOS prior to version 2.0, which stems from a null pointer dereference vulnerability in a component of...

5.5CVSS5.7AI score0.00144EPSS
Exploits0References2
Rows per page
Query Builder