1260 matches found
PT-2021-7845
Name of the Vulnerable Software and Affected Versions Java SE versions 7u311, 8u301, 11.0.12, 17 Oracle GraalVM Enterprise Edition versions 20.3.3 and 21.2.0 Description The issue is related to an unspecified vulnerability in the Utility component of Java SE and Oracle GraalVM Enterprise Edition...
PT-2021-6914
Name of the Vulnerable Software and Affected Versions Java SE version 8u301 Description The issue is related to insufficient input validation in the Deployment component of Java SE, allowing an unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful...
PT-2021-7847
Name of the Vulnerable Software and Affected Versions Java SE versions 7u311, 8u301, 11.0.12 Oracle GraalVM Enterprise Edition versions 20.3.3, 21.2.0 Description The issue is related to the JSSE component and allows an unauthenticated attacker with network access via TLS to compromise Java SE an...
PT-2021-7886
Name of the Vulnerable Software and Affected Versions Java SE versions 8u301, 11.0.12, 17 Oracle GraalVM Enterprise Edition versions 20.3.3 and 21.2.0 Description The issue is related to a vulnerability in the Libraries component of Oracle Java SE and Oracle GraalVM Enterprise Edition, which can ...
PT-2021-7844
Name of the Vulnerable Software and Affected Versions Java SE versions 7u311, 8u301, 11.0.12, 17 Oracle GraalVM Enterprise Edition versions 20.3.3 and 21.2.0 Description The issue is related to the Swing component and allows an unauthenticated attacker with network access via multiple protocols t...
Tenable SecurityCenter < 5.19.0 Multiple XSS Vulnerabilities (TNS-2021-14)
According to its self-reported version, the Tenable SecurityCenter application installed on the remote host is less than 5.19.0 and is therefore affected by multiple vulnerabilities in the following components: - Bootstrap - SimpleSAML Note that successful exploitation of the most serious issues...
YAML deserialization can run untrusted code
Impact An authorized user can upload a zip-format plugin with a crafted plugin.yaml, or a crafted aclpolicy yaml file, or upload an untrusted project archive with a crafted aclpolicy yaml file, that can cause the server to run untrusted code on Rundeck Community or Enterprise Edition. An...
GHSA-Q4RF-3FHX-88PF YAML deserialization can run untrusted code
Impact An authorized user can upload a zip-format plugin with a crafted plugin.yaml, or a crafted aclpolicy yaml file, or upload an untrusted project archive with a crafted aclpolicy yaml file, that can cause the server to run untrusted code on Rundeck Community or Enterprise Edition. An...
Cross-Site Request Forgery (CSRF) can run untrusted code on Rundeck server
Impact A user with admin access to the system resource type is potentially vulnerable to a CSRF attack that could cause the server to run untrusted code on all Rundeck editions. Patches Available in Rundeck 3.4.3 and 3.3.14 Workarounds Please visit https://rundeck.com/security for information abo...
GHSA-3JMW-C69H-426C Cross-Site Request Forgery (CSRF) can run untrusted code on Rundeck server
Impact A user with admin access to the system resource type is potentially vulnerable to a CSRF attack that could cause the server to run untrusted code on all Rundeck editions. Patches Available in Rundeck 3.4.3 and 3.3.14 Workarounds Please visit https://rundeck.com/security for information abo...
Rundeck Cross-Site Request Forgery Vulnerability
Rundeck is an open source automation service with a web console, command line tools and WebAPI from Rundeck, Inc. that is primarily used to run automation tasks. a cross-site request forgery vulnerability exists in Rundeck, which stems from the fact that users with access to the "system" resource...
Rundeck code issue vulnerability
Rundeck is an open source automation service with a Web console, command line tools, and WebAPI from Rundeck USA, which is primarily used to run automation tasks.A code issue vulnerability exists in Rundeck Enterprise Edition, which stems from the fact that an authenticated user can issue a POST...
UNIX Symbolic Link (Symlink) Following in @npmcli/arborist
Impact Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution @npmcli/arborist, the library that calculates dependency trees and manages the nodemodules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and t...
CVE-2021-39132
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to version 3.3.14 and version 3.4.3, an authorized user can upload a zip-format plugin with a crafted plugin.yaml, or a crafted aclpolicy yaml file, or upload an untrusted project archive with ...
CVE-2021-39133
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to version 3.3.14 and version 3.4.3, a user with admin access to the system resource type is potentially vulnerable to a CSRF attack that could cause the server to run untrusted code on all...
CVE-2021-39133 Cross-Site Request Forgery (CSRF) can run untrusted code on Rundeck server
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to version 3.3.14 and version 3.4.3, a user with admin access to the system resource type is potentially vulnerable to a CSRF attack that could cause the server to run untrusted code on all...
CVE-2021-39132
CVE-2021-39132 affects Rundeck prior to versions 3.3.14 and 3.4.3. An authorized user can upload a crafted zip plugin (plugin.yaml) or crafted aclpolicy files, or an untrusted project archive with a crafted aclpolicy, potentially causing the server to run untrusted code (Community/Enterprise). An...
Rundeck代码问题漏洞
Rundeck is an open source automation service with a Web console, command line tools, and WebAPI from Rundeck USA, which is primarily used to run automation tasks.A code issue vulnerability exists in Rundeck Enterprise Edition, which stems from the fact that an authenticated user can issue a POST...
Rundeck跨站请求伪造漏洞
Rundeck is an open source automation service with a web console, command line tools and WebAPI from Rundeck, Inc. that is primarily used to run automation tasks. a cross-site request forgery vulnerability exists in Rundeck, which stems from the fact that users with access to the "system" resource...
Oracle Linux 7 : bootstrap (ELSA-2021-9400)
The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2021-9400 advisory. 3.0.0-7.0.1 - Backport jQuery CVE-2020-11023 fixes from jQuery v3.5.0 to bundled v1.10.2 Orabug: 33181852 Tenable has extracted the preceding description block...