Lucene search
K

938 matches found

Positive Technologies
Positive Technologies
added 2023/06/13 12:0 a.m.4 views

PT-2023-3214 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to errors in privilege management within the Windows GDI component, allowing an attacker to potentially elevate their privileges. Recommendations: At the moment, there ...

7.8CVSS9.3AI score0.0473EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2023/06/07 12:0 a.m.8 views

PT-2023-15936 · WordPress · Cool Plugins

Name of the Vulnerable Software and Affected Versions: Cool Plugins WordPress plugins affected versions not specified Description: The issue allows for arbitrary plugin installation and activation, potentially leading to remote code execution. This can be exploited by authenticated attackers with...

8.8CVSS8.8AI score0.01377EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/06/07 12:0 a.m.2 views

PT-2023-9104 · Glib +6 · Glib +6

Name of the Vulnerable Software and Affected Versions: Glib affected versions not specified Description: The issue is related to uncontrolled resource consumption in the Glib library. It may allow an attacker to cause a denial of service. Recommendations: At the moment, there is no information...

7.8CVSS6.5AI score0.02622EPSS
Exploits1References64
Positive Technologies
Positive Technologies
added 2023/06/06 12:0 a.m.4 views

PT-2023-18322 · Unknown · Wlan Firmware

Name of the Vulnerable Software and Affected Versions: WLAN Firmware affected versions not specified Description: The issue is related to a transient Denial of Service DOS in WLAN Firmware. It occurs when the firmware processes frames with missing header fields. Recommendations: At the moment,...

7.5CVSS6.9AI score0.00383EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/06/06 12:0 a.m.4 views

PT-2023-15782 · Unknown · Dialer Service

Name of the Vulnerable Software and Affected Versions: Dialer service affected versions not specified Description: The issue is related to a possible missing permission check in the dialer service. This could lead to a local denial of service with no additional execution privileges...

6.2CVSS6.8AI score0.00075EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/06/06 12:0 a.m.3 views

PT-2023-15789 · Unknown · Telephony Service

Name of the Vulnerable Software and Affected Versions: Telephony service affected versions not specified Description: The issue is related to a possible missing permission check in the telephony service. This could lead to a local denial of service with no additional execution privileges...

5.5CVSS6.8AI score0.00083EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/06/06 12:0 a.m.3 views

PT-2023-15786 · Unknown · Telephony Service

Name of the Vulnerable Software and Affected Versions: Telephony service affected versions not specified Description: The issue is related to a possible missing permission check in the telephony service, which could lead to a local denial of service with no additional execution privileges...

5.9CVSS6.9AI score0.00083EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/05/30 12:0 a.m.11 views

PT-2023-19322 · Broadcom · Symantec Siteminder Webagent

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: A user can supply malicious HTML and JavaScript code that will be executed in the client browser. Recommendations: At the moment, there is no information about a newer version that...

6.1CVSS6.9AI score0.03083EPSS
Exploits3References7
Positive Technologies
Positive Technologies
added 2023/05/26 12:0 a.m.4 views

PT-2023-16023 · Huawei · Emui +1

Name of the Vulnerable Software and Affected Versions: Reminder module affected versions not specified Description: The issue is related to the reminder module lacking an authentication mechanism for broadcasts received. This could potentially affect availability upon successful exploitation...

7.5CVSS7AI score0.00452EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2023/05/17 5:53 p.m.3 views

plugin: CSRF vulnerability in Blue Ocean Plugin

A cross-site request forgery CSRF vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server...

6.5CVSS5.7AI score0.00633EPSS
Exploits0References5
OSV
OSV
added 2023/05/16 7:15 p.m.5 views

CVE-2023-2195

A cross-site request forgery CSRF vulnerability in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers to connect to an attacker-specified URL...

3.5CVSS5.8AI score0.00411EPSS
Exploits0References1
Prion
Prion
added 2023/05/16 7:15 p.m.17 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers to connect to an attacker-specified URL...

3.5CVSS4.1AI score0.00411EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2023/05/16 6:30 p.m.21 views

Jenkins File Parameter Plugin arbitrary file write vulnerability

Jenkins File Parameter Plugin 285.v757c5b67ac25 and earlier does not restrict the name and resulting uploaded file name of Stashed File Parameters. This allows attackers with Item/Configure permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specifi...

8.8CVSS6.8AI score0.63137EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/05/16 6:30 p.m.22 views

GHSA-VGFW-766V-7Q82 Jenkins AppSpider Plugin Cross-Site Request Forgery vulnerability

A cross-site request forgery CSRF vulnerability in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials...

4.3CVSS8.7AI score0.00502EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2023/05/16 6:2 p.m.20 views

CVE-2023-2195

A cross-site request forgery CSRF vulnerability in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers to connect to an attacker-specified URL...

4.3CVSS7AI score0.00411EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2023/05/16 5:46 p.m.18 views

CVE-2023-2196

A missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers with Item/Read permission to check for the existence of an attacker-specified file path on an agent file system...

4.3CVSS6.9AI score0.00953EPSS
Exploits0References1
OSV
OSV
added 2023/05/16 5:15 p.m.3 views

CVE-2023-32998

A cross-site request forgery CSRF vulnerability in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials...

8.8CVSS7.3AI score0.00502EPSS
Exploits0References1
Prion
Prion
added 2023/05/16 4:15 p.m.19 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins LDAP Plugin allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials...

4.3CVSS4.6AI score0.003EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/05/16 4:15 p.m.22 views

Arbitrary file deletion

An arbitrary file write vulnerability in Jenkins Pipeline Utility Steps Plugin 2.15.2 and earlier allows attackers able to provide crafted archives as parameters to create or replace arbitrary files on the agent file system with attacker-specified content...

6.5CVSS8.6AI score0.01016EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/05/16 4:0 p.m.13 views

CVE-2023-32999

A missing permission check in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials...

6.5AI score0.00509EPSS
Exploits0References1
Rows per page
Query Builder