137 matches found
GHSA-PR98-23F8-JWXV vulnerabilities
Vulnerabilities for packages: thingsboard, trino, sonarqube, cassandra, ontop-fips, management-api-for-apache-cassandra-4.1, zookeeper-fips, cassandra-fips, akhq, dependency-track, management-api-for-apache-cassandra-5.0, management-api-for-apache-cassandra-4.0, cassandra-reaper, sonar-scanner-cl...
GHSA-6V67-2WR5-GVF4 vulnerabilities
Vulnerabilities for packages: thingsboard, trino, sonarqube, cassandra, ontop-fips, management-api-for-apache-cassandra-4.1, zookeeper-fips, cassandra-fips, akhq, dependency-track, management-api-for-apache-cassandra-5.0, management-api-for-apache-cassandra-4.0, cassandra-reaper, sonar-scanner-cl...
CVE-2024-12801 vulnerabilities
Vulnerabilities for packages: thingsboard, trino, sonarqube, cassandra, ontop-fips, management-api-for-apache-cassandra-4.1, zookeeper-fips, cassandra-fips, akhq, dependency-track, management-api-for-apache-cassandra-5.0, management-api-for-apache-cassandra-4.0, cassandra-reaper, sonar-scanner-cl...
CVE-2024-12798 vulnerabilities
Vulnerabilities for packages: thingsboard, trino, sonarqube, cassandra, ontop-fips, management-api-for-apache-cassandra-4.1, zookeeper-fips, cassandra-fips, akhq, dependency-track, management-api-for-apache-cassandra-5.0, management-api-for-apache-cassandra-4.0, cassandra-reaper, sonar-scanner-cl...
The vulnerability of the CI/CD system’s registration data protection mechanism in TeamCity allows attackers to compromise user passwords.
The vulnerability of the Continuous Integration and Deployment application delivery system CI/CD of TeamCity in JetBrains is related to insufficient protection for registration data. Exploiting this vulnerability could allow a malicious actor to obtain user passwords through the Sonar Runner REST...
Unspecified Vulnerability in JetBrains TeamCity
JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. A security vulnerability exists in JetBrains...
CVE-2024-47161
In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST API...
CVE-2024-47161
In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST API...
CVE-2024-47161
CVE-2024-47161 affects JetBrains TeamCity prior to 2024.07.3. The vulnerability allows password disclosure via the Sonar runner REST API. Root cause and exact impacted components are not detailed in the provided documents beyond the general description. Impact is described as confidential data ex...
CVE-2024-47161
In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST API...
CVE-2024-47161
In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST API...
JetBrains TeamCity 安全漏洞
JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. A security vulnerability exists in JetBrains...
CISA Warns of Critical Jenkins Vulnerability Exploited in Ransomware Attacks
The U.S. Cybersecurity and Infrastructure Security Agency CISA has added a critical security flaw impacting Jenkins to its Known Exploited Vulnerabilities KEV catalog, following its exploitation in ransomware attacks. The vulnerability, tracked as CVE-2024-23897 CVSS score: 9.8, is a path travers...
Exploit for Path Traversal in Jenkins
Jenkins CVE-2024-23897 PoC A proof-of-concept PoC for CVE-2...
GHSA-4R5X-X283-WM96 Jumpserver Koko vulnerable to remote code execution on the host system via MongoDB shell
Impact An authenticated user can exploit a vulnerability in MongoDB sessions to execute arbitrary commands, leading to remote code execution. This vulnerability may further be leveraged to gain root privileges on the host system. Details Through the WEB CLI interface provided by koko, a user logs...
The Risks of Exposing DICOM Data to the Internet
Introduction Digital Imaging and Communications in Medicine DICOM is the international standard for the transmission, storage, retrieval, print, and display of medical images and related information. While DICOM has revolutionized the medical imaging industry, allowing for enhanced patient care...
OpenRefine's Zip Slip Vulnerability Could Let Attackers Execute Malicious Code
A high-severity security flaw has been disclosed in the open-source OpenRefine data cleanup and transformation tool that could result in arbitrary code execution on affected systems. Tracked as CVE-2023-37476 CVSS score: 7.8, the vulnerability is a Zip Slip vulnerability that could have adverse...
Critical JetBrains TeamCity Flaw Could Expose Source Code and Build Pipelines to Attackers
A critical security vulnerability in the JetBrains TeamCity continuous integration and continuous deployment CI/CD software could be exploited by unauthenticated attackers to achieve remote code execution on affected systems. The flaw, tracked as CVE-2023-42793, carries a CVSS score of 9.8 and ha...
Jenkins plugins Multiple Vulnerabilities (2022-12-07)
According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins Plot Plugin 2.1.11 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. CVE-2022-46682 - Jenki...
SUSE CVE-2021-31523
The Debian xscreensaver 5.42+dfsg1-1 package for XScreenSaver has capnetraw enabled for the /usr/libexec/xscreensaver/sonar file, which allows local users to gain privileges because this is arguably incompatible with the design of the Mesa 3D Graphics library dependency...