16 matches found
EUVD-2018-12670
Malware in sbrugna...
EUVD-2022-2780
Malicious code in bioql PyPI...
EUVD-2023-0332
Malicious code in bioql PyPI...
Docker Desktop < 4.44.3 Container Escape
The version of Docker Desktop is prior to 4.44.3. It is therefore affected by a container escape vulnerability. The vulnerability allows local running Linux containers to access the Docker Engine API via the configured Docker subnet, at 192.168.65.7:2375 by default. This vulnerability occurs with...
CVE-2023-30523
Jenkins Report Portal Plugin 0.5 and earlier stores ReportPortal access tokens unencrypted in job config.xml files on the Jenkins controller as part of its configuration where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2020-2297
Jenkins SMS Notification Plugin 1.2 and earlier stores an access token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...
CVE-2023-50772
Jenkins Dingding JSON Pusher Plugin 2.0 and earlier stores access tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
GHSA-2894-QCQF-G23G asyncua Improper Authentication vulnerability
Versions of the package asyncua before 0.9.96 are vulnerable to Improper Authentication such that it is possible to access Address Space without encryption and authentication. Note: This issue is a result of missing checks for services that require an active session...
PYSEC-2023-189
Versions of the package asyncua before 0.9.96 are vulnerable to Improper Authentication such that it is possible to access Address Space without encryption and authentication. Note: This issue is a result of missing checks for services that require an active session...
Design/Logic Flaw
Jenkins Metrics Plugin 4.0.2.8 and earlier stores an access key unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...
CVE-2022-20621
CVE-2022-20621 affects Jenkins Metrics Plugin, where versions 4.0.2.8 and earlier store an access key unencrypted in the plugin’s global configuration on the Jenkins controller. This plaintext key can be viewed by users with filesystem access to the Jenkins controller, creating a confidentiality ...
CVE-2022-20621
Jenkins Metrics Plugin 4.0.2.8 and earlier stores an access key unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...
OpenJDK: Credentials sent over unencrypted LDAP connection (JNDI, 8237990)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JNDI. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...
CVE-2020-2297
The CVE-2020-2297 entry concerns Jenkins SMS Notification Plugin versions 1.2 and earlier, where an access token is stored unencrypted in the global configuration file on the Jenkins controller. The file com.hoiio.jenkins.plugin.SMSNotification.xml can be viewed by users with filesystem access, e...
CVE-2019-9681
Online upgrade information in some firmware packages of Dahua products is not encrypted. Attackers can obtain this information by analyzing firmware packages by specific means. Affected products include:...
CVE-2017-7649
The network enabled distribution of Kura before 2.1.0 takes control over the device's firewall setup but does not allow IPv6 firewall rules to be configured. Still the Equinox console port 5002 is left open, allowing to log into Kura without any user credentials over unencrypted telnet and...