Lucene search
+L

71 matches found

Tenable Nessus
Tenable Nessus
added 2023/05/16 12:0 a.m.50 views

Jenkins Enterprise and Operations Center 2.346.x < 2.346.40.0.17 Multiple Vulnerabilities (CloudBees Security Advisory 2023-05-16)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.346.x prior to 2.346.40.0.17. It is, therefore, affected by multiple vulnerabilities including the following: - CSRF vulnerability and missing permission checks in Code Dx Plugin CVE-2023-2195,...

8.8CVSS6.2AI score0.72358EPSS
Exploits0References37
Positive Technologies
Positive Technologies
added 2022/11/15 12:0 a.m.6 views

PT-2022-24516 · Jenkins · Jenkins Ns-Nd Integration Performance Publisher Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins NS-ND Integration Performance Publisher Plugin versions 4.8.0.146 and earlier Description: The issue concerns the unconditional disabling of SSL/TLS certificate and hostname validation for several features. There are no known...

7.5CVSS6.5AI score0.00396EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2022/02/19 3:15 a.m.3 views

CVE-2022-25366

Cryptomator through 1.6.5 allows DYLIB injection because, although it has the flag 0x1000 for Hardened Runtime, it has the com.apple.security.cs.disable-library-validation and com.apple.security.cs.allow-dyld-environment-variables entitlements. An attacker can exploit this by creating a malicious...

7.8CVSS7.1AI score0.00556EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/02/19 12:0 a.m.4 views

PT-2022-17244 · Unknown · Cryptomator

Name of the Vulnerable Software and Affected Versions: Cryptomator versions 1.6.5 and earlier Description: The issue allows DYLIB injection because, although it has the flag 0x1000 for Hardened Runtime, it has the com.apple.security.cs.disable-library-validation and...

7.8CVSS7.6AI score0.00556EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2021/09/21 12:0 a.m.3 views

CVE-2021-41531

NLnet Labs Routinator prior to 0.10.0 produces invalid RTR payload if an RPKI CA uses too large values in the max-length parameter in a ROA. This will lead to RTR clients such as routers to reject the RPKI data set, effectively disabling Route Origin Validation...

7.5CVSS7.1AI score0.0093EPSS
Exploits0References2
OSV
OSV
added 2021/04/14 8:4 p.m.26 views

GO-2020-0049 Improper input validation in github.com/justinas/nosurf

Due to improper validation of caller input, validation is silently disabled if the provided expected token is malformed, causing any user supplied token to be considered valid...

7.5CVSS7.4AI score0.00722EPSS
Exploits0References2
OSV
OSV
added 2020/11/17 2:15 a.m.2 views

CVE-2020-27192

BinaryNights ForkLift 3.4 was compiled with the com.apple.security.cs.disable-library-validation flag enabled which allowed a local attacker to inject code into ForkLift. This would allow the attacker to run malicious code with escalated privileges through ForkLift's helper tool...

7.8CVSS7.2AI score0.0038EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2020/06/29 12:0 a.m.3 views

PT-2020-3435 · Palo Alto Networks · Prisma Access +5

Name of the Vulnerable Software and Affected Versions: Palo Alto Networks PAN-OS versions prior to 9.1.3 Palo Alto Networks PAN-OS versions prior to 9.0.9 Palo Alto Networks PAN-OS versions prior to 8.1.15 Palo Alto Networks PAN-OS 8.0 EOL Description: When Security Assertion Markup Language SAML...

10CVSS9.8AI score0.04362EPSS
Exploits1References22
Positive Technologies
Positive Technologies
added 2019/08/07 12:0 a.m.7 views

PT-2019-11777 · Jenkins · Jenkins Codefresh Integration Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Codefresh Integration Plugin versions 1.8 and earlier Description: The issue concerns the Jenkins Codefresh Integration Plugin, which unconditionally disables SSL/TLS certificate validation for the entire Jenkins controller JVM. This...

7.5CVSS7.3AI score0.01117EPSS
Exploits0References5
OSV
OSV
added 2014/05/07 12:0 a.m.3 views

UBUNTU-CVE-2014-0191

The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitution or validation i...

4.3CVSS6.8AI score0.081EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2013/01/04 12:0 a.m.5 views

PT-2013-1519 · Red Hat · Red Hat Enterprise Virtualization Manager

Name of the Vulnerable Software and Affected Versions: Red Hat Enterprise Virtualization Manager RHEV-M versions prior to 3.1 Description: The issue concerns the use of the -k curl parameter by the vds installer when adding a host, which prevents SSL certificates from being validated. This allows...

6.8CVSS7.1AI score0.00895EPSS
Exploits0References7
Rows per page
Query Builder