RCE vulnerability in Jenkins Code Coverage API Plugin

Jenkins Code Coverage API Plugin 1.4.0 and earlier does not apply JEP-200 deserialization protection to Java objects it deserializes from disk. This results in a remote code execution RCE vulnerability exploitable by attackers able to control agent processes. Jenkins Code Coverage API Plugin 1.4....

Put SecOps in the Driver’s Seat with Custom Assessment and Remediation

When zero-day threats emerge, time is of the essence. Security teams struggle to manage and respond to a range of challenges that often require custom approaches outside of existing vulnerability and security programs. Recently, many companies scrambled to mount their defenses against the Log4She...

The vulnerability of the software solution that supports the closing, consolidation, and reporting processes of IBM Cognos Controller arises from incorrect restrictions on XML references to external objects. This allows attackers to disclose sensitive information or exploit memory resources.

The vulnerability of the software solution that supports the closing, consolidation, and reporting processes of IBM Cognos Controller is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability could allow a malicious actor to disclose sensitive...

The vulnerability of the software solution that supports the closing, consolidation, and reporting processes of IBM Cognos Controller arises from incorrect restrictions on XML references to external objects. This allows attackers to disclose sensitive information or exploit memory resources.

The vulnerability of the IBM Cognos Controller software, which supports closing processes, consolidating data, and generating reports, is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability could allow a malicious actor to disclose sensitive...

CVE-2022-30951

Jenkins WMI Windows Agents Plugin 1.8 and earlier includes the Windows Remote Command library does not implement access control, potentially allowing users to start processes even if they're not allowed to log in...

CVE-2022-30695

Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Snap Deploy Windows before build 3640...

CVE-2022-30695 Local privilege escalation due to excessive permissions assigned to child processes

Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Snap Deploy Windows before build 3640...

SUSE-SU-2022:1666-1 Security update for slurm

This update for slurm fixes the following issues: - CVE-2022-29500: Fixed architectural flaw that could have been exploited to allow an unprivileged user to execute arbitrary processes as root bsc1199278. - CVE-2022-29501: Fixed a problem that an unprivileged user could have sent data to arbitrar...

Acronis Snap Deploy 安全漏洞

Acronis Snap Deploy, an Acronis platform for bulk deployment of system images, is vulnerable to an elevation of privilege vulnerability that stems from assigning too many privileges to child processes, which could be exploited by an attacker to cause a local elevation of privilege...

phpMyAdmin CSRF Vulnerability

phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are affected by a series of CSRF flaws. By deceiving a user into clicking on a crafted URL, it is possible to perform harmful SQL operations such as renaming databases, creating new tables/routines, deleting designer pages, adding/deleting users,...

RogueAssemblyHunter - Rogue Assembly Hunter Is A Utility For Discovering 'Interesting' .NET CLR Modules In Running Processes

Rogue Assembly Hunter is a utility for discovering 'interesting' .NET CLR modules in running processes. Author: @bohops License: MIT Project: https://github.com/bohops/RogueAssemblyHunter Background .NET is a very powerful and capable development platform and runtime framework for building and...

UBUNTU-CVE-2021-46787

The AMS module has a vulnerability of improper permission control.Successful exploitation of this vulnerability may cause non-system application processes to crash...

Design/Logic Flaw

The AMS module has a vulnerability of improper permission control.Successful exploitation of this vulnerability may cause non-system application processes to crash...

CVE-2021-46787

The AMS module has a vulnerability of improper permission control.Successful exploitation of this vulnerability may cause non-system application processes to crash...

CVE-2021-46787

Summary: CVE-2021-46787 affects the AMS module of Huawei/HarmonyOS, where an improper permission control could let non-system processes crash. The vulnerability is documented across multiple feeds (including OSV Ubuntu, CNVD, CNNVD, and Nessus plugins) with consistent description of the AMS modul...

GHSA-9R7F-RQHW-J8H8 Incorrect permission checks in Pipeline: Nodes and Processes plugin

On Jenkins instances with Authorize Project plugin, the authentication associated with a build may lack the Computer/Build permission on some agents. This did not prevent the execution of Pipeline node blocks on those agents due to incorrect permissions checks in Pipeline: Nodes and Processes...

CVE-2022-0024

A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated network-based PAN-OS administrator to upload a specifically created configuration that disrupts system processes and potentially execute arbitrary code with root privileges when the configuration is committ...

Code injection

A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated network-based PAN-OS administrator to upload a specifically created configuration that disrupts system processes and potentially execute arbitrary code with root privileges when the configuration is committ...

PAN-OS: Improper Neutralization Vulnerability Leads to Unintended Program Execution During Configuration Commit

A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated network-based PAN-OS administrator to upload a specifically created configuration that disrupts system processes and potentially execute arbitrary code with root privileges when the configuration is committ...

Microsoft security experts outline next steps after compromise recovery

Who is CRSP? The Microsoft Compromise Recovery Security Practice CRSP is a worldwide team of cybersecurity experts operating in most countries, across both public and private organizations, with deep expertise to secure an environment post-security breach and to help you prevent a breach in the...