Lucene search
K

40 matches found

RustSec
RustSec
added 2021/01/04 12:0 p.m.23 views

EventList's From<EventList> conversions can double drop on panic.

Affected versions of this crate read from a container using ptr::read in From, and then call a user specified Into function. This issue can result in a double-free if the user provided function panics...

7.5CVSS2.9AI score0.01327EPSS
Exploits1Affected Software1
OSV
OSV
added 2021/01/04 12:0 p.m.30 views

RUSTSEC-2021-0011 EventList's From<EventList> conversions can double drop on panic.

Affected versions of this crate read from a container using ptr::read in From, and then call a user specified Into function. This issue can result in a double-free if the user provided function panics...

7.5CVSS7.4AI score0.01327EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2020/10/22 10:49 a.m.83 views

Important: Red Hat Security Advisory: OpenShift Container Platform 3.11.306 jenkins security update

An update for jenkins is now available for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.4CVSS6.8AI score0.83053EPSS
Exploits8References5
Veracode
Veracode
added 2020/10/01 3:52 a.m.29 views

Cross-Site Scripting (XSS)

jenkins is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary Javascript in a user's browser via the user-specified tooltip values...

5.4CVSS3.5AI score0.06765EPSS
Exploits3References5Affected Software2
NVD
NVD
added 2020/09/16 2:15 p.m.25 views

CVE-2020-2276

Jenkins Selection tasks Plugin 1.0 and earlier executes a user-specified program on the Jenkins controller, allowing attackers with Job/Configure permission to execute an arbitrary system command on the Jenkins controller as the OS user that the Jenkins process is running as...

9CVSS0.01623EPSS
Exploits0References2
NVD
NVD
added 2020/07/21 5:15 p.m.17 views

CVE-2016-7063

A flaw was found in pritunl-client before version 1.0.1116.6. Arbitrary write to user specified path may lead to privilege escalation...

9.8CVSS9.4AI score0.02392EPSS
Exploits1References3
OSV
OSV
added 2020/07/21 5:15 p.m.19 views

CVE-2016-7063

A flaw was found in pritunl-client before version 1.0.1116.6. Arbitrary write to user specified path may lead to privilege escalation...

9.8CVSS6.8AI score0.02392EPSS
Exploits1References3
Atlassian
Atlassian
added 2019/09/26 4:6 p.m.37 views

Improper Authorization in Crowd through ATST Plugin - CVE-2019-15005

The Atlassian Troubleshooting and Support Tools ATST plugin prior to version 1.17.2 which was used in Crowd & Crowd Data Center before version 3.6.0, allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization...

4.3CVSS3.9AI score0.01334EPSS
Exploits0Affected Software1
UbuntuCve
UbuntuCve
added 2018/06/11 9:29 p.m.20 views

CVE-2017-5463

Android intents can be used to launch Firefox for Android in reader mode with a user specified URL. This allows an attacker to spoof the contents of the addressbar as displayed to users. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerabili...

5.3CVSS6.8AI score0.01471EPSS
Exploits0References2
Prion
Prion
added 2018/02/09 10:29 p.m.16 views

Security feature bypass

The crash reporting feature in Abrt allows local users to gain privileges by leveraging an execve by root after a chroot into a user-specified directory in a namedspaced environment...

6.9CVSS6.9AI score0.03081EPSS
Exploits13References10Affected Software1
Prion
Prion
added 2017/10/05 1:29 a.m.22 views

Default credentials

Git Plugin connects to a user-specified Git repository as part of form validation. An attacker with no direct access to Jenkins but able to guess at a username/password credentials ID could trick a developer with job configuration permissions into following a link with a maliciously crafted Jenki...

2.6CVSS7.5AI score0.00769EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2017/06/20 8:20 p.m.11 views

SAT 5 XSS in the Failed Systems page

A cross-site scripting XSS flaw was found in how the failed action entry is processed in Satellite 5. A user able to specify a failed action could exploit this flaw to perform XSS attacks against other Satellite users...

5.4CVSS5.6AI score0.00641EPSS
Exploits0References4
Mageia
Mageia
added 2016/01/15 1:52 a.m.18 views

Updated ruby-mail packages fix security vulnerability

The Mail library does not impose a length limit on email addresses, so an attacker can send a long spam message via a recipient address unless there is a limit on the application's side. The attacker-injected message in the recipient address is processed by the server. This type of vulnerability...

1.8AI score
Exploits0References3
OSV
OSV
added 2016/01/15 1:52 a.m.5 views

MGASA-2016-0019 Updated ruby-mail packages fix security vulnerability

The Mail library does not impose a length limit on email addresses, so an attacker can send a long spam message via a recipient address unless there is a limit on the application's side. The attacker-injected message in the recipient address is processed by the server. This type of vulnerability...

7AI score
Exploits0References4
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.16 views

Oatmeal Studios Mail File 1.10 Arbitrary File Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1807/info OatMeal studios' Mail-File is a cgi application that allows for sending of certain files to user-specified email addresses via a web interface. A vulnerability exists in this script that can be used to send the...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2011/06/07 12:0 a.m.30 views

Novell iPrint Client < 5.64 Multiple Vulnerabilities

The version of Novell iPrint Client installed on the remote host is prior to 5.64. It is, therefore, affected by one or more of the following vulnerabilities in the nipplib.dll component, as used by both types of browser plugins, that can allow for arbitrary code execution : - The uri parameter...

9.3CVSS6AI score0.05869EPSS
Exploits0References31
ATTACKERKB
ATTACKERKB
added 2009/05/11 3:30 p.m.3 views

CVE-2009-0194

The domain-locking implementation in the GARMINAXCONTROL.GarminAxControlt.1 ActiveX control in npGarmin.dll in the Garmin Communicator Plug-In 2.6.4.0 does not properly enforce the restrictions that 1 download and 2 upload requests come from a web site specified by the user, which allows remote...

9.3CVSS5.4AI score0.02255EPSS
Exploits0References9
securityvulns
securityvulns
added 2004/09/08 12:0 a.m.28 views

cdrecord privilege escalation

Privileges are not dropped on user specified program invocation...

3.1AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2004/04/20 12:0 a.m.25 views

ssmtp insecure file creation

Hi, ssmtp 2.50.6 create a logfile /tmp/ssmtp.log. The data in this logfile is user specified. It's possible to overwrite any file with the permissons of the ssmtp program normally root. The vulnerable call is in logevent. logevent vulnerable call: ifdef LOGFILE iffp = fopen"/tmp/ssmtp.log", "a" !...

0.6AI score
Exploits0
Exploit DB
Exploit DB
added 2004/04/08 12:0 a.m.22 views

KPhone 2.x/3.x/4.0.1 - Malformed STUN Packet Denial of Service

source: https://www.securityfocus.com/bid/10159/info A denial of service vulnerability has been reported in KPhone. This issue may be triggered by a malformed SIP Session Initiation Protocol STUN message. This is due to insufficient validation of user-specified STUN packet attribute lengths,...

7.4AI score
Exploits0
Rows per page
Query Builder