Lucene search
K

129 matches found

Tenable Nessus
Tenable Nessus
added 2019/01/02 12:0 a.m.33 views

SUSE SLES15 Security Update : java-1_8_0-openjdk (SUSE-SU-2018:1938-2)

This update for java-180-openjdk to version 8u171 fixes the following issues: These security issues were fixed : - S8180881: Better packaging of deserialization - S8182362: Update CipherOutputStream Usage - S8183032: Upgrade to LittleCMS 2.9 - S8189123: More consistent classloading - S8189969,...

8.3CVSS5.7AI score0.15141EPSS
Exploits0References32
Hacker One
Hacker One
added 2018/12/21 11:28 p.m.157 views

RATELIMITED: Hackerone1

NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report! Summary: add summary of the vulnerabili...

1.2AI score
Exploits0
Hacker One
Hacker One
added 2018/12/19 7:34 p.m.23 views

GitLab: DoS on the Issue page by exploiting Mermaid.

Summary: An attacker could exploit Mermaid available in Markdown and cause DoS. Description: Markdown supported by GitLab can generate diagrams and flowcharts from text using Mermaid. An Attacker can exploit this function to prevent users from successfully accessing some functions. For example, y...

2.6AI score
Exploits0
Fedora
Fedora
added 2018/12/11 1:58 a.m.38 views

[SECURITY] Fedora 28 Update: kernel-tools-4.19.7-200.fc28

This package contains the tools/ directory from the kernel source and the supporting documentation...

7.8CVSS1.9AI score0.00564EPSS
Exploits0
Fedora
Fedora
added 2018/12/01 2:7 a.m.49 views

[SECURITY] Fedora 28 Update: kernel-tools-4.19.5-200.fc28

This package contains the tools/ directory from the kernel source and the supporting documentation...

5.5CVSS1.9AI score0.0053EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2018/10/22 12:0 a.m.41 views

SUSE SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2018:1692-2)

This update for java-170-openjdk to version 7u181 fixes the following issues : S8162488: JDK should be updated to use LittleCMS 2.8 S8180881: Better packaging of deserialization S8182362: Update CipherOutputStream Usage S8183032: Upgrade to LittleCMS 2.9 S8189123: More consistent classloading...

8.3CVSS5.7AI score0.15141EPSS
Exploits0References31
Tenable Nessus
Tenable Nessus
added 2018/10/22 12:0 a.m.51 views

SUSE SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2018:1690-2)

This update for java-180-openjdk to version 8u171 fixes the following issues : These security issues were fixed : S8180881: Better packaging of deserialization S8182362: Update CipherOutputStream Usage S8183032: Upgrade to LittleCMS 2.9 S8189123: More consistent classloading S8189969,...

8.3CVSS5.7AI score0.15141EPSS
Exploits0References32
Fedora
Fedora
added 2018/10/01 1:23 a.m.44 views

[SECURITY] Fedora 27 Update: kernel-tools-4.18.10-100.fc27

This package contains the tools/ directory from the kernel source and the supporting documentation...

8.3CVSS1.9AI score0.08743EPSS
Exploits0
Fedora
Fedora
added 2018/08/14 9:12 p.m.34 views

[SECURITY] Fedora 28 Update: php-symfony-2.8.44-1.fc28

PHP framework for web projects...

7.2CVSS1.5AI score0.58061EPSS
Exploits0
Fedora
Fedora
added 2018/06/23 8:49 p.m.25 views

[SECURITY] Fedora 28 Update: kernel-tools-4.17.2-200.fc28

This package contains the tools/ directory from the kernel source and the supporting documentation...

5.9CVSS1.9AI score0.16352EPSS
Exploits4
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 10:30 p.m.35 views

Security Bulletin: Multiple vulnerabilities in IBM Cloud Orchestrator, IBM Cloud Orchestrator Enterprise, and products shipped with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise

Summary Multiple vulnerabilities have been identified in IBM Cloud Orchestrator, IBM Cloud Orchestrator Enterprise, and in supporting products shipped with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise. Vulnerability Details This security bulletin covers multiple vulnerabilities in...

10CVSS0.7AI score0.9986EPSS
Exploits1Affected Software1
OPENSUSE Linux
OPENSUSE Linux
added 2018/06/16 3:8 p.m.99 views

Security update for java-1_8_0-openjdk (important)

This update for java-180-openjdk to version 8u171 fixes the following issues: These security issues were fixed: - S8180881: Better packaging of deserialization - S8182362: Update CipherOutputStream Usage - S8183032: Upgrade to LittleCMS 2.9 - S8189123: More consistent classloading - S8189969,...

5.1CVSS0.3AI score0.15141EPSS
Exploits0References11
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 1:47 p.m.18 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM ILOG Optimization Decision Manager Enterprise (CVE-2017-1194)

Summary IBM WebSphere Application Server is shipped as a component of IBM ILOG ODM Enterprise. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the security bulletin Cross-site...

0.6AI score0.00877EPSS
Exploits0Affected Software1
Microsoft Secure
Microsoft Secure
added 2018/05/31 4:0 p.m.57 views

Getting the most value out of your security deployment

This blog is part of a series that responds to common questions we receive from customers about deployment of Microsoft 365 security solutions. In this series youll find context, answers, and guidance for deployment and driving adoption within your organization. Check out our last blog Now that y...

7.2AI score
Exploits0
Hacker One
Hacker One
added 2018/05/29 6:4 a.m.35 views

Node.js third-party modules: [serve] Server Directory Traversal

I would like to report a Server Directory Traversal vulnerability in serve. It allows reading local files on the target server. Module module name: serve version: 7.0.1 npm page: https://www.npmjs.com/package/serve Module Description Assuming you would like to serve a static site, single page...

5CVSS7.2AI score0.0221EPSS
Exploits1
CNVD
CNVD
added 2018/02/27 12:0 a.m.5 views

CloudBees Jenkins Pipeline: Supporting APIs Plugin Code Execution Vulnerability

CloudBees Jenkins formerly known as Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software release/testing projects and some of the timed execution of the task . Pipeline: Supporting...

8.8CVSS7.5AI score0.02617EPSS
Exploits0References1
Hacker One
Hacker One
added 2018/02/25 6:53 a.m.30 views

Node.js third-party modules: `whereis` concatenates unsanitized input into exec() command

I would like to report command injection in whereis It allows to inject arbitrary shell commands by trying to locate crafted filenames. Module module name: whereis version: 0.4.0 npm page: https://www.npmjs.com/package/whereis Module Description Simply get the first path to a bin on any system...

7.5CVSS9.6AI score0.0276EPSS
Exploits1
Hacker One
Hacker One
added 2018/02/25 5:29 a.m.27 views

Node.js third-party modules: `macaddress` concatenates unsanitized input into exec() command

NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report! I would like to report code injection i...

0.4AI score
Exploits0
NVD
NVD
added 2018/02/09 11:29 p.m.32 views

CVE-2018-1000058

Jenkins Pipeline: Supporting APIs Plugin 2.17 and earlier have an arbitrary code execution due to incomplete sandbox protection: Methods related to Java deserialization like readResolve implemented in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary...

8.8CVSS9.2AI score0.02617EPSS
Exploits0References2
CVE
CVE
added 2018/02/09 11:0 p.m.50 views

CVE-2018-1000058

CVE-2018-1000058 affects Jenkins Pipeline: Supporting APIs Plugin up to version 2.17. Root cause: incomplete sandbox protection allowing deserialization via readResolve in Pipeline scripts, enabling arbitrary code execution. Impact: remote code execution with network access; high severity per lin...

8.8CVSS9.2AI score0.02617EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder