Lucene search
+L

137 matches found

Chainguard
Chainguard
added 2024/12/19 6:31 p.m.9 views

GHSA-PR98-23F8-JWXV vulnerabilities

Vulnerabilities for packages: thingsboard, trino, sonarqube, cassandra, ontop-fips, management-api-for-apache-cassandra-4.1, zookeeper-fips, cassandra-fips, akhq, dependency-track, management-api-for-apache-cassandra-5.0, management-api-for-apache-cassandra-4.0, cassandra-reaper, sonar-scanner-cl...

5.3AI score
Exploits0
Chainguard
Chainguard
added 2024/12/19 6:31 p.m.12 views

GHSA-6V67-2WR5-GVF4 vulnerabilities

Vulnerabilities for packages: thingsboard, trino, sonarqube, cassandra, ontop-fips, management-api-for-apache-cassandra-4.1, zookeeper-fips, cassandra-fips, akhq, dependency-track, management-api-for-apache-cassandra-5.0, management-api-for-apache-cassandra-4.0, cassandra-reaper, sonar-scanner-cl...

5.3AI score
Exploits0
Chainguard
Chainguard
added 2024/12/19 5:15 p.m.10 views

CVE-2024-12801 vulnerabilities

Vulnerabilities for packages: thingsboard, trino, sonarqube, cassandra, ontop-fips, management-api-for-apache-cassandra-4.1, zookeeper-fips, cassandra-fips, akhq, dependency-track, management-api-for-apache-cassandra-5.0, management-api-for-apache-cassandra-4.0, cassandra-reaper, sonar-scanner-cl...

2.4CVSS6.2AI score0.00225EPSS
Exploits0
Chainguard
Chainguard
added 2024/12/19 4:15 p.m.13 views

CVE-2024-12798 vulnerabilities

Vulnerabilities for packages: thingsboard, trino, sonarqube, cassandra, ontop-fips, management-api-for-apache-cassandra-4.1, zookeeper-fips, cassandra-fips, akhq, dependency-track, management-api-for-apache-cassandra-5.0, management-api-for-apache-cassandra-4.0, cassandra-reaper, sonar-scanner-cl...

5.9CVSS6.5AI score0.00404EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2024/11/07 12:0 a.m.6 views

The vulnerability of the CI/CD system’s registration data protection mechanism in TeamCity allows attackers to compromise user passwords.

The vulnerability of the Continuous Integration and Deployment application delivery system CI/CD of TeamCity in JetBrains is related to insufficient protection for registration data. Exploiting this vulnerability could allow a malicious actor to obtain user passwords through the Sonar Runner REST...

4.3CVSS5.5AI score0.00308EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2024/10/17 12:0 a.m.4 views

Unspecified Vulnerability in JetBrains TeamCity

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. A security vulnerability exists in JetBrains...

6.5CVSS7AI score0.00308EPSS
Exploits0References1
OSV
OSV
added 2024/10/08 4:15 p.m.3 views

CVE-2024-47161

In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST API...

6.5CVSS5.8AI score0.00308EPSS
Exploits0References1
NVD
NVD
added 2024/10/08 4:15 p.m.31 views

CVE-2024-47161

In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST API...

6.5CVSS0.00308EPSS
Exploits0References1
CVE
CVE
added 2024/10/08 3:48 p.m.108 views

CVE-2024-47161

CVE-2024-47161 affects JetBrains TeamCity prior to 2024.07.3. The vulnerability allows password disclosure via the Sonar runner REST API. Root cause and exact impacted components are not detailed in the provided documents beyond the general description. Impact is described as confidential data ex...

6.5CVSS4.9AI score0.00308EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/10/08 3:48 p.m.35 views

CVE-2024-47161

In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST API...

4.3CVSS0.00308EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/08 3:48 p.m.21 views

CVE-2024-47161

In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST API...

4.3CVSS7.3AI score0.00308EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/10/08 12:0 a.m.6 views

JetBrains TeamCity 安全漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. A security vulnerability exists in JetBrains...

6.5CVSS6.8AI score0.00308EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2024/08/20 4:53 a.m.62 views

CISA Warns of Critical Jenkins Vulnerability Exploited in Ransomware Attacks

The U.S. Cybersecurity and Infrastructure Security Agency CISA has added a critical security flaw impacting Jenkins to its Known Exploited Vulnerabilities KEV catalog, following its exploitation in ransomware attacks. The vulnerability, tracked as CVE-2024-23897 CVSS score: 9.8, is a path travers...

9.8CVSS9.9AI score0.99999EPSS
Exploits46
GithubExploit
GithubExploit
added 2024/02/01 3:17 a.m.185 views

Exploit for Path Traversal in Jenkins

Jenkins CVE-2024-23897 PoC A proof-of-concept PoC for CVE-2...

9.8CVSS9.2AI score0.99999EPSS
Exploits46
OSV
OSV
added 2023/10/24 7:47 p.m.32 views

GHSA-4R5X-X283-WM96 Jumpserver Koko vulnerable to remote code execution on the host system via MongoDB shell

Impact An authenticated user can exploit a vulnerability in MongoDB sessions to execute arbitrary commands, leading to remote code execution. This vulnerability may further be leveraged to gain root privileges on the host system. Details Through the WEB CLI interface provided by koko, a user logs...

6.4CVSS9.6AI score0.01716EPSS
Exploits1References5
Rapid7 Blog
Rapid7 Blog
added 2023/10/11 3:16 p.m.17 views

The Risks of Exposing DICOM Data to the Internet

Introduction Digital Imaging and Communications in Medicine DICOM is the international standard for the transmission, storage, retrieval, print, and display of medical images and related information. While DICOM has revolutionized the medical imaging industry, allowing for enhanced patient care...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2023/10/02 8:2 a.m.87 views

OpenRefine's Zip Slip Vulnerability Could Let Attackers Execute Malicious Code

A high-severity security flaw has been disclosed in the open-source OpenRefine data cleanup and transformation tool that could result in arbitrary code execution on affected systems. Tracked as CVE-2023-37476 CVSS score: 7.8, the vulnerability is a Zip Slip vulnerability that could have adverse...

9.8CVSS8.5AI score0.99649EPSS
Exploits21
The Hacker News
The Hacker News
added 2023/09/26 5:0 a.m.79 views

Critical JetBrains TeamCity Flaw Could Expose Source Code and Build Pipelines to Attackers

A critical security vulnerability in the JetBrains TeamCity continuous integration and continuous deployment CI/CD software could be exploited by unauthenticated attackers to achieve remote code execution on affected systems. The flaw, tracked as CVE-2023-42793, carries a CVSS score of 9.8 and ha...

9.8CVSS10AI score0.99979EPSS
Exploits21
Tenable Nessus
Tenable Nessus
added 2023/07/31 12:0 a.m.35 views

Jenkins plugins Multiple Vulnerabilities (2022-12-07)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins Plot Plugin 2.1.11 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. CVE-2022-46682 - Jenki...

9.8CVSS6AI score0.00947EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 3:41 a.m.2 views

SUSE CVE-2021-31523

The Debian xscreensaver 5.42+dfsg1-1 package for XScreenSaver has capnetraw enabled for the /usr/libexec/xscreensaver/sonar file, which allows local users to gain privileges because this is arguably incompatible with the design of the Mesa 3D Graphics library dependency...

7.8CVSS7AI score0.00318EPSS
Exploits0References3
Rows per page
Query Builder