2286 matches found
GHSA-64Q9-F38H-9MWX Protection Mechanism Failure in Jenkins Doktor Plugin
Jenkins Doktor Plugin 0.4.1 and earlier implements functionality that allows agent processes to render files on the controller as Markdown or Asciidoc, and error messages allow attackers able to control agent processes to determine whether a file with a given name exists...
Protection Mechanism Failure in Jenkins Doktor Plugin
Jenkins Doktor Plugin 0.4.1 and earlier implements functionality that allows agent processes to render files on the controller as Markdown or Asciidoc, and error messages allow attackers able to control agent processes to determine whether a file with a given name exists...
CVE-2022-25204
Jenkins Doktor Plugin 0.4.1 and earlier implements functionality that allows agent processes to render files on the controller as Markdown or Asciidoc, and error messages allow attackers able to control agent processes to determine whether a file with a given name exists...
CVE-2022-25186
Jenkins HashiCorp Vault Plugin 3.8.0 and earlier implements functionality that allows agent processes to retrieve any Vault secrets for use on the agent, allowing attackers able to control agent processes to obtain Vault secrets for an attacker-specified path and key...
CVE-2022-25186
CVE-2022-25186 affects the Jenkins HashiCorp Vault Plugin (3.8.0 and earlier). The vulnerability lets an attacker who can control an agent process retrieve vault secrets for an attacker-specified path and key from the agent side. In practical terms, compromised agents can exfiltrate sensitive Vau...
CVE-2022-25186
Jenkins HashiCorp Vault Plugin 3.8.0 and earlier implements functionality that allows agent processes to retrieve any Vault secrets for use on the agent, allowing attackers able to control agent processes to obtain Vault secrets for an attacker-specified path and key...
PT-2022-1879 · Hashicorp +1 · Jenkins Hashicorp Vault Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins HashiCorp Vault Plugin versions 336.v182c0fbaaeb7 and earlier Description: The issue allows agent processes to read arbitrary files on the Jenkins controller file system. This can be exploited by attackers who can control agent...
Schneider Electric Multiple Products Cross the Line to Write Vulnerability
Schneider Electric Modicon Quantum and Schneider Electric Modicon M340 are both products of Schneider Electric, a French company. Schneider Electric Modicon M340 is a medium-range PLC programmable logic controller for industrial processes and infrastructure. Send a specially crafted HTTP request ...
Schneider Electric Interactive Graphical SCADA System Access Control Error Vulnerability (CNVD-2022-13067)
Schneider Electric Interactive Graphical SCADA System IGSS is a SCADA Data Acquisition and Supervisory System system for monitoring and controlling industrial processes from Schneider Electric, France. An access control error vulnerability exists in the Schneider Electric Interactive Graphical...
Schneider Electric Interactive Graphical SCADA System Authorization Issues Vulnerability
Schneider Electric Interactive Graphical SCADA System IGSS is a SCADA Data Acquisition and Supervisory System system for monitoring and controlling industrial processes from Schneider Electric, France. An authorization issue vulnerability exists in the Schneider Electric Interactive Graphical SCA...
Schneider Electric Interactive Graphical SCADA System Out-of-Bounds Read Vulnerability
Schneider Electric Interactive Graphical SCADA System IGSS is a SCADA Data Acquisition and Supervisory System system for monitoring and controlling industrial processes from Schneider Electric, France. An out-of-bounds read vulnerability exists in the Schneider Electric Interactive Graphical SCAD...
CVE-2022-24975
The --mirror documentation for Git through 2.35.1 does not mention the availability of deleted content, aka the "GitBleed" issue. This could present a security risk if information-disclosure auditing processes rely on a clone operation without the --mirror option. Note: This has been disputed by...
Sealevel Systems SeaConnect 370w out-of-bounds write vulnerability (CNVD-2022-10696)
Sealevel Systems SeaConnect 370W is an Industrial Internet of Things Iiot edge device from Sealevel Systems, Inc. used to remotely monitor and control the status of actual I/O processes. The Sealevel Systems SeaConnect 370w is vulnerable to an out-of-bounds write vulnerability that could be...
GlobalProtect App: Improper Link Resolution Vulnerability Leads to Local Privilege Escalation
An improper link resolution before file access 'link following' vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that enables a local attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges under certain circumstances. Work...
EDRHunt - Scan Installed EDRs And AVs On Windows
EDRHunt scans Windows services, drivers, processes, registry for installed EDRs Endpoint Detection And Response. Read more about EDRHunt here. Install Binary Download the latest release from the release section. Releases are built for windows/amd64. Go Requires Go to be installed on system. Teste...
Invoke-EDRChecker - Checks Running Processes, Process Metadata, Dlls Loaded Into Your Current Process And The Each DLLs Metadata, Common Install Directories, Installed Services, The Registry And Running Drivers For The Presence Of Known Defensive Products Such As AV's, EDR's And Logging Tools
The script will check running processes, process metadata, Dlls loaded into your current process and the each DLLs metadata, common install directories, installed services, the registry and running drivers for the presence of known defensive products such as AV's, EDR's and logging tools. This...
CVE-2022-24113
Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Cyber Protect 15 Windows before build 28035, Acronis Agent Windows before build 27147, Acronis Cyber Protect Home Office Windows before build 39612, Acronis True Image...
CVE-2022-24113 Local privilege escalation due to excessive permissions assigned to child processes
Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Cyber Protect 15 Windows before build 28035, Acronis Agent Windows before build 27147, Acronis Cyber Protect Home Office Windows before build 39612, Acronis True Image...
UBUNTU-CVE-2022-22942
The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling 'file' pointer...
Why Security in Kubernetes Isn't the Same as in Linux: Part 1
Kubernetes was first presented in 2014, and it almost entirely changed the way technological and even non-tech companies use infrastructure for running their applications. The Kubernetes platform still feels new and exciting — it has awesome features and can fit most use cases. But hackers find t...