Lucene search
K

14899 matches found

CNNVD
CNNVD
added 2022/01/12 12:0 a.m.6 views

Jenkins Plugin 跨站请求伪造漏洞

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Publish Over SSH Plugin in version 1.22 and earlier contains a cross-site request forgery vulnerability that stems...

4.3CVSS5.5AI score0.27553EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/01/12 12:0 a.m.4 views

Jenkins Publish Over SSH Plugin安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

3.3CVSS5.1AI score0.00307EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2022/01/12 12:0 a.m.4 views

PT-2022-15853 · Jenkins · Jenkins Publish Over Ssh Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Publish Over SSH Plugin versions 1.22 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. This occurs because the SSH server name is not properly escaped, allowing attackers with...

4.8CVSS4.5AI score0.00819EPSS
Exploits0References11
CNVD
CNVD
added 2022/01/12 12:0 a.m.28 views

Apache Guacamole Information Disclosure Vulnerability (CNVD-2022-04988)

Apache Guacamole is a clientless remote desktop gateway from the Apache Foundation in the United States. The product supports protocols such as VNC, RDP, and SSH. A security vulnerability exists in Apache Guacamole 1.3.0, which stems from the fact that Apache Guacamole 1.3.0 and earlier versions...

6.5CVSS3.1AI score0.01933EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/01/12 12:0 a.m.3 views

PT-2022-15857 · Jenkins · Jenkins Publish Over Ssh Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Publish Over SSH Plugin versions 1.22 and earlier Description: The issue allows passwords to be stored unencrypted in the global configuration file on the Jenkins controller. This can be viewed by users with access to the Jenkins...

3.3CVSS3.7AI score0.00307EPSS
Exploits0References12
OpenVAS
OpenVAS
added 2022/01/11 12:0 a.m.29 views

SUSE: Security Advisory (SUSE-SU-2022:0040-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.7AI score0.00948EPSS
Exploits0References2
OSV
OSV
added 2022/01/10 9:45 a.m.6 views

OPENSUSE-SU-2022:0040-1 Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-operator-container

This update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-operator-container fixes the following issues: - CVE-2021-43565: Fixes a vulnerability in the golang.org/x/crypto/ssh package which allowed unauthenticated clients to cau...

7.5CVSS7.5AI score0.00948EPSS
Exploits0References5
OSV
OSV
added 2022/01/10 9:45 a.m.3 views

SUSE-SU-2022:0040-1 Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-operator-container

This update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-operator-container fixes the following issues: - CVE-2021-43565: Fixes a vulnerability in the golang.org/x/crypto/ssh package which allowed unauthenticated clients to cau...

7.5CVSS7.5AI score0.00948EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/01/10 12:0 a.m.2 views

Google Golang 输入验证错误漏洞

Google Golang is a static, strongly typed, compiled language from Google.The syntax of Go is close to C, but with differences in variable declarations.Go supports garbage collection.Go's parallel model is based on Tony Hall's Communicating Sequential Processes CSP, and other languages with a...

7.5CVSS6.8AI score0.00948EPSS
Exploits0References25
Positive Technologies
Positive Technologies
added 2022/01/10 12:0 a.m.4 views

PT-2022-6957

Name of the Vulnerable Software and Affected Versions golang.org/x/crypto/ssh package versions prior to 0.0.0-20211202192323-5770296d904e Description The issue is related to insufficient input validation in the golang.org/x/crypto/ssh package, which can be exploited by a remote attacker to cause ...

7.8CVSS5.9AI score0.00948EPSS
Exploits0References304
ThreatPost
ThreatPost
added 2022/01/07 4:14 p.m.230 views

QNAP: Get NAS Devices Off the Internet Now

Get your internet-exposed, network-attached storage NAS devices off the internet now, Taiwanese manufacturer QNAP warns: Ransomware and brute-force attacks are widely targeting all network devices. “The most vulnerable victims will be those devices exposed to the Internet without any protection,”...

10CVSS9.6AI score0.78395EPSS
Exploits0References15
CNVD
CNVD
added 2021/12/30 12:0 a.m.18 views

Stormshield Network Security Code Issue Vulnerability

Stormshield Network Security is a next-generation UTM Unified Threat Management firewall from Stormshield France. Stormshield Network Security SNS suffers from a code issue vulnerability that stems from the first SSH password change not properly clearing the old password under certain update...

7.5CVSS7.7AI score0.00887EPSS
Exploits0References1
NVD
NVD
added 2021/12/29 5:15 p.m.10 views

CVE-2021-45885

An issue was discovered in Stormshield Network Security SNS 4.2.2 through 4.2.7 fixed in 4.2.8. Under a specific update-migration scenario, the first SSH password change does not properly clear the old password...

7.5CVSS0.00887EPSS
Exploits0References2
OSV
OSV
added 2021/12/29 5:15 p.m.1 views

CVE-2021-45885

An issue was discovered in Stormshield Network Security SNS 4.2.2 through 4.2.7 fixed in 4.2.8. Under a specific update-migration scenario, the first SSH password change does not properly clear the old password...

7.5CVSS5.8AI score0.00887EPSS
Exploits0References2
Prion
Prion
added 2021/12/29 5:15 p.m.17 views

Default credentials

An issue was discovered in Stormshield Network Security SNS 4.2.2 through 4.2.7 fixed in 4.2.8. Under a specific update-migration scenario, the first SSH password change does not properly clear the old password...

4.3CVSS7.6AI score0.00887EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/12/29 4:2 p.m.15 views

CVE-2021-45885

An issue was discovered in Stormshield Network Security SNS 4.2.2 through 4.2.7 fixed in 4.2.8. Under a specific update-migration scenario, the first SSH password change does not properly clear the old password...

7.8AI score0.00887EPSS
Exploits0References2
CVE
CVE
added 2021/12/29 4:2 p.m.54 views

CVE-2021-45885

Stormshield Network Security (SNS) versions 4.2.2–4.2.7 are affected by a password handling issue where the first SSH password change does not properly clear the old password during a specific update-migration scenario. This can impact confidentiality (as per CVSS 3.1 base score 7.5) and is mitig...

7.5CVSS7.5AI score0.00887EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2021/12/28 12:0 a.m.45 views

Debian DLA-2860-1 : paramiko - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2860 advisory. - Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This...

9.8CVSS8AI score0.27065EPSS
Exploits10References8
Tenable Nessus
Tenable Nessus
added 2021/12/25 12:0 a.m.63 views

openSUSE 15 Security Update : openssh (openSUSE-SU-2021:4153-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:4153-1 advisory. - ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access o...

7.1CVSS7.3AI score0.03422EPSS
Exploits1References4
OSV
OSV
added 2021/12/24 11:3 a.m.5 views

OESA-2021-1468 xorg-x11-server security update

Xorg server common files. Security Fixes: A security issue has been found in X.Org before version 21.1.2 and Xwayland before version 21.1.4. The handler for the CompositeGlyphs request of the Render extension does not properly validate the request length leading to out of bounds memory write. Thi...

7.8CVSS7.5AI score0.00571EPSS
Exploits0References5
Rows per page
Query Builder