Lucene search
K

81 matches found

vulnersOsv
vulnersOsv
โ€ขadded 2022/03/07 11:44 p.m.โ€ข5 views

dalineunit (>=0.0.31 <=0.0.69), encapsia-cli (>=0.1.8 <=0.5.1) +5 more potentially affected by CVE-2022-24737 via httpie (>=1.0.3 <=2.6.0)

httpie PYPI version =1.0.3, =0.0.31, =0.1.8, =0.0.14, =1.0.0, =1.3.21, =1.9.24 - veracode-api-signing =21.3.0 Source cves: CVE-2022-24737 Source advisory: OSV:GHSA-9W4W-CPC8-H2FQ...

6.5CVSS6.4AI score0.01625EPSS
Exploits1
vulnersOsv
vulnersOsv
โ€ขadded 2022/03/07 11:15 p.m.โ€ข6 views

dalineunit (>=0.0.31 <=0.0.69), encapsia-cli (>=0.1.8 <=0.5.1) +5 more potentially affected by CVE-2022-24737 via httpie (>=1.0.3 <=2.6.0)

httpie PYPI version =1.0.3, =0.0.31, =0.1.8, =0.0.14, =1.0.0, =1.3.21, =1.9.24 - veracode-api-signing =21.3.0 Source cves: CVE-2022-24737 Source advisory: OSV:PYSEC-2022-34...

6.5CVSS6.4AI score0.01625EPSS
Exploits1
Github Security Blog
Github Security Blog
โ€ขadded 2021/12/14 9:7 p.m.โ€ข197 views

Apache Log4j Remote Code Execution

Impact Opencast uses an Apache Log4j2 version which, combined with older JDK versions, can be used for remote code execution attacks which have been found to be actively exploited. Apache Log4j2 =2.14.1 JNDI features is not sufficiently protected. An attacker who can control log messages or log...

10CVSS4.4AI score0.99999EPSS
Exploits351References6Affected Software1
HackRead
HackRead
โ€ขadded 2021/03/13 8:12 p.m.โ€ข55 views

โ€œHacker Gamesโ€ launched to challenge and improve cybersecurity skills

By Habiba Rashid Launched by Veracode; Hacker Games will last for 2 weeks March 15-26, 2021. This is a post from HackRead.com Read the original post: โ€œHacker Gamesโ€ launched to challenge and improve cybersecurity skills...

3.4AI score
Exploits0
ThreatPost
ThreatPost
โ€ขadded 2020/05/25 1:0 p.m.โ€ข51 views

70 Percent of Mobile, Desktop Apps Contain Open-Source Bugs

A full 70 percent of applications being used today have at least one security flaw stemming from the use of an open-source library. According to Veracodeโ€™s annual State of Software Security report, these open-source libraries โ€“ free, centralized code repositories that provide ready-made applicati...

0.2AI score
Exploits0References6
Schneier on Security
Schneier on Security
โ€ขadded 2019/11/04 12:6 p.m.โ€ข51 views

Homemade TEMPEST Receiver

Tom's Guide writes about home brew TEMPEST receivers: Today, dirt-cheap technology and free software make it possible for ordinary citizens to run their own Tempest programs and listen to what their own -- and their neighbors' -- electronic devices are doing. Elliott, a researcher at Boston-based...

1.3AI score
Exploits0
CNVD
CNVD
โ€ขadded 2019/10/14 12:0 a.m.โ€ข4 views

CloudBees Jenkins veracode-scanner Plugin Trust Management Issue Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version of the release/testing project and some timed tasks . veracode-scanner Plugin is used in one...

8.8CVSS6.8AI score0.01365EPSS
Exploits0References1
Hacker One
Hacker One
โ€ขadded 2019/08/07 9:22 p.m.โ€ข122 views

Nextcloud: Veracode and security audit record are publicly available

Leakage of sensitive data through open endpoint Risk management and Compliance Document written by NCC Here is what the document says: ๐˜—๐˜ณ๐˜ฐ๐˜ฑ๐˜ณ๐˜ช๐˜ฆ๐˜ต๐˜ข๐˜ณ๐˜บ ๐˜๐˜ฏ๐˜ง๐˜ฐ๐˜ณ๐˜ฎ๐˜ข๐˜ต๐˜ช๐˜ฐ๐˜ฏ ๐˜›๐˜ฉ๐˜ช๐˜ด ๐˜ฅ๐˜ฐ๐˜ค๐˜ถ๐˜ฎ๐˜ฆ๐˜ฏ๐˜ต ๐˜ค๐˜ฐ๐˜ฏ๐˜ต๐˜ข๐˜ช๐˜ฏ๐˜ด ๐˜ฅ๐˜ฆ๐˜ต๐˜ข๐˜ช๐˜ญ๐˜ฆ๐˜ฅ ๐˜ค๐˜ฐ๐˜ฎ๐˜ฎ๐˜ฆ๐˜ณ๐˜ค๐˜ช๐˜ข๐˜ญ, ๐˜ง๐˜ช๐˜ฏ๐˜ข๐˜ฏ๐˜ค๐˜ช๐˜ข๐˜ญ ๐˜ข๐˜ฏ๐˜ฅ ๐˜ญ๐˜ฆ๐˜จ๐˜ข๐˜ญ ๐˜ช๐˜ฏ๐˜ง๐˜ฐ๐˜ณ๐˜ฎ๐˜ข๐˜ต๐˜ช๐˜ฐ๐˜ฏ, ๐˜ธ๐˜ฉ๐˜ช๐˜ค๐˜ฉ ๐˜ช๐˜ด ๐˜ค๐˜ฐ๐˜ฏ๐˜ง๐˜ช๐˜ฅ๐˜ฆ๐˜ฏ๐˜ต๐˜ช๐˜ข๐˜ญ ๐˜ข๐˜ฏ๐˜ฅ ๐˜ค๐˜ฐ๐˜ฎ๐˜ฎ๐˜ฆ๐˜ณ๐˜ค๐˜ช๐˜ข๐˜ญ๐˜ญ๐˜บ ๐˜ด๐˜ฆ๐˜ฏ๐˜ด๐˜ช๐˜ต๐˜ช๐˜ท๐˜ฆ. ๐˜›๐˜ฉ๐˜ฆ ๐˜ณ๐˜ฆ๐˜ญ๐˜ฆ๐˜ข๐˜ด๐˜ฆ...

6.7AI score
Exploits0
ThreatPost
ThreatPost
โ€ขadded 2019/06/21 7:50 p.m.โ€ข255 views

Microsoft Outlook for Android Open to XSS Attacks

Microsoft has patched a vulnerability in Microsoft Outlook for Android, which opens the door to cross-site scripting XSS attacks. The software giant said that CVE-2019-1105, rated โ€œimportant,โ€ is a spoofing vulnerability that exists in the way Microsoft Outlook for Android software parses...

4.3CVSS6.3AI score0.09024EPSS
Exploits0References6
NVD
NVD
โ€ขadded 2019/04/04 4:29 p.m.โ€ข24 views

CVE-2019-1003070

Jenkins veracode-scanner Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

8.8CVSS8.7AI score0.01365EPSS
Exploits0References3
Prion
Prion
โ€ขadded 2019/04/04 4:29 p.m.โ€ข13 views

Design/Logic Flaw

Jenkins veracode-scanner Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

4CVSS8.6AI score0.01365EPSS
Exploits0References3
Cvelist
Cvelist
โ€ขadded 2019/04/04 3:38 p.m.โ€ข25 views

CVE-2019-1003070

Jenkins veracode-scanner Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

8.7AI score0.01365EPSS
Exploits0References3
AlpineLinux
AlpineLinux
โ€ขadded 2019/04/04 3:38 p.m.โ€ข27 views

CVE-2019-1003070

Jenkins veracode-scanner Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

8.8CVSS3.5AI score0.01365EPSS
Exploits0References3
CVE
CVE
โ€ขadded 2019/04/04 3:38 p.m.โ€ข65 views

CVE-2019-1003070

The CVE-2019-1003070 case affects the Jenkins veracode-scanner Plugin, where credentials are stored unencrypted in the pluginโ€™s global configuration file on the Jenkins master. The root cause is unencrypted credential storage in VeracodeNotifier.xml, making sensitive data viewable by anyone with ...

8.8CVSS8.6AI score0.01365EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
โ€ขadded 2019/04/04 12:0 a.m.โ€ข6 views

PT-2019-11360 ยท Jenkins ยท Veracode Scan Jenkins Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins veracode-scanner Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within the global configuration file of the Jenkins veracode-scanner Plugin, specifically in t...

8.8CVSS8.4AI score0.01365EPSS
Exploits0References5
Openbugbounty
Openbugbounty
โ€ขadded 2018/11/08 12:32 a.m.โ€ข8 views

info.veracode.com XSS vulnerability

Open Bug Bounty ID: OBB-695988 Description| Value ---|--- Affected Website:| info.veracode.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Exploits0
0day.today
0day.today
โ€ขadded 2017/08/16 12:0 a.m.โ€ข64 views

Philex CMS 0.2 Directory Traversal Vulnerability

Exploit for php platform in category web applications Title: ======= Philex CMS - Directory Traversal Introduction: ============== A content management system CMS is a computer application that supports the creation and modification of digital content. It is often used to support multiple users...

7.1AI score
Exploits0
Packet Storm
Packet Storm
โ€ขadded 2017/08/16 12:0 a.m.โ€ข39 views

Philex CMS 0.2 Directory Traversal

Title: ======= Philex CMS - Directory Traversal Introduction: ============== A content management system CMS is a computer application that supports the creation and modification of digital content. It is often used to support multiple users working in a collaborative environment. CMS features va...

Exploits0
ThreatPost
ThreatPost
โ€ขadded 2017/04/11 2:41 p.m.โ€ข11 views

Microsoft Patches Word Zero-Day Spreading Dridex Malware

Microsoft on Tuesday released a patch for a zero-day vulnerability that was discovered late last week and used to spread the Dridex banking Trojan. Attacks were spreading via a massive spam campaign where emails contain Microsoft Word documents with malicious attachments that exploited a...

8.3AI score
Exploits0References6
ThreatPost
ThreatPost
โ€ขadded 2017/01/23 1:31 p.m.โ€ข5 views

Heartbleed Persists on 200,000 Servers, Devices

Almost 200,000 servers and devices are still vulnerable to Heartbleed, the OpenSSL flaw patched nearly three years ago. The numbers come from search engine Shodan, which released data showing U.S. servers hosted on Amazon AWS are disproportionately vulnerable to the flaw. โ€œThereโ€™s a lot to be...

7.2AI score
Exploits0References5
Rows per page
Query Builder