Lucene search
K

213680 matches found

Prion
Prion
•added 2024/03/06 5:15 p.m.•20 views

Design/Logic Flaw

In JetBrains TeamCity between 2023.11 and 2023.11.4 custom build parameters of the "password" type could be disclosed...

4.3CVSS7.2AI score0.0053EPSS
Exploits0References1
Prion
Prion
•added 2024/03/06 5:15 p.m.•40 views

Cross site scripting

Jenkins iceScrum Plugin 1.1.6 and earlier does not sanitize iceScrum project URLs on build views, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to configure jobs...

5.4AI score0.01129EPSS
Exploits0References1
Prion
Prion
•added 2024/03/06 5:15 p.m.•24 views

Cross site scripting

A vulnerability in the web-based management interface of Cisco AppDynamics Controller could allow an authenticated, remote attacker to perform a reflected cross-site scripting XSS attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of...

4.9CVSS6.2AI score0.00358EPSS
Exploits0References1
Prion
Prion
•added 2024/03/06 5:15 p.m.•33 views

Default credentials

In Jenkins Delphix Plugin 3.0.1, a global option for administrators to enable or disable SSL/TLS certificate validation for Data Control Tower DCT connections is disabled by default...

6.6AI score0.00417EPSS
Exploits0References1
Prion
Prion
•added 2024/03/06 5:15 p.m.•27 views

Design/Logic Flaw

Jenkins AppSpider Plugin 1.0.16 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about available scan config names, engine group names, and client names...

6.2AI score0.0045EPSS
Exploits0References1
Prion
Prion
•added 2024/03/06 5:15 p.m.•31 views

Design/Logic Flaw

Jenkins HTML Publisher Plugin 1.32 and earlier archives invalid symbolic links in report directories on agents and recreates them on the controller, allowing attackers with Item/Configure permission to determine whether a path on the Jenkins controller file system exists, without being able to...

6.4AI score0.00939EPSS
Exploits0References1
Prion
Prion
•added 2024/03/06 5:15 p.m.•19 views

Code injection

In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plugin were authorized improperly...

5CVSS7.2AI score0.00336EPSS
Exploits0References1
Prion
Prion
•added 2024/03/06 5:15 p.m.•22 views

Directory traversal

A vulnerability in the file upload functionality of Cisco AppDynamics Controller could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this...

4CVSS7AI score0.02155EPSS
Exploits0References1
Prion
Prion
•added 2024/03/06 5:15 p.m.•28 views

Cross site scripting

Jenkins OWASP Dependency-Check Plugin 5.4.5 and earlier does not escape vulnerability metadata from Dependency-Check reports, resulting in a stored cross-site scripting XSS vulnerability...

5.6AI score0.00693EPSS
Exploits0References1
Prion
Prion
•added 2024/03/06 5:15 p.m.•33 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting future build step executions...

7.1AI score0.00408EPSS
Exploits0References1
Prion
Prion
•added 2024/03/06 5:15 p.m.•31 views

Authentication flaw

A vulnerability in Cisco Duo Authentication for Windows Logon and RDP could allow an authenticated, physical attacker to bypass secondary authentication and access an affected Windows device. This vulnerability is due to a failure to invalidate locally created trusted sessions after a reboot of t...

4CVSS7.1AI score0.00266EPSS
Exploits0References1
Prion
Prion
•added 2024/03/06 5:15 p.m.•24 views

Command injection

A vulnerability in the web-based management interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform command injection attacks against an affected device. In order to exploit this vulnerability, the attacker must have valid...

4.7CVSS8.4AI score0.00997EPSS
Exploits0References1
Prion
Prion
•added 2024/03/06 5:15 p.m.•44 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers to trigger a build...

6.6AI score0.00318EPSS
Exploits0References1
Prion
Prion
•added 2024/03/06 5:15 p.m.•47 views

Buffer overflow

A vulnerability in the web-based user interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform buffer overflow attacks against an affected device. In order to exploit this vulnerability, the attacker must have valid...

4.7CVSS8.4AI score0.00793EPSS
Exploits0References1
Prion
Prion
•added 2024/03/06 5:15 p.m.•43 views

Crlf injection

A vulnerability in the SAML authentication process of Cisco Secure Client could allow an unauthenticated, remote attacker to conduct a carriage return line feed CRLF injection attack against a user. This vulnerability is due to insufficient validation of user-supplied input. An attacker could...

5.8CVSS8.6AI score0.29906EPSS
Exploits0References1
Prion
Prion
•added 2024/03/06 5:15 p.m.•29 views

Cross site scripting

Jenkins HTML Publisher Plugin 1.16 through 1.32 both inclusive does not properly sanitize input, allowing attackers with Item/Configure permission to implement cross-site scripting XSS attacks and to determine whether a path on the Jenkins controller file system exists...

5.5AI score0.00698EPSS
Exploits0References1
Prion
Prion
•added 2024/03/06 5:15 p.m.•32 views

Information disclosure

A missing permission check in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers with Item/Read permission to trigger a build...

6.5AI score0.00495EPSS
Exploits0References1
Prion
Prion
•added 2024/03/06 5:15 p.m.•18 views

Input validation

A vulnerability in the logging component of Cisco Duo Authentication for Windows Logon and RDP could allow an authenticated, local attacker to view sensitive information in clear text on an affected system. This vulnerability is due to improper storage of an unencrypted registry key in certain...

1.4CVSS6.4AI score0.00109EPSS
Exploits0References1
Prion
Prion
•added 2024/03/06 5:15 p.m.•32 views

Design/Logic Flaw

A missing permission check in an HTTP endpoint in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting futu...

6.9AI score0.00826EPSS
Exploits0References1
Prion
Prion
•added 2024/03/06 5:15 p.m.•27 views

Cross site scripting

Jenkins GitBucket Plugin 0.8 and earlier does not sanitize Gitbucket URLs on build views, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to configure jobs...

5.4AI score0.01077EPSS
Exploits0References1
Prion
Prion
•added 2024/03/06 5:15 p.m.•21 views

Code injection

A vulnerability in the ISE Posture System Scan module of Cisco Secure Client for Linux could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to the use of an uncontrolled search path element. An attacker could exploit this vulnerabilit...

4.1CVSS7.8AI score0.00888EPSS
Exploits1References1
Prion
Prion
•added 2024/03/06 5:15 p.m.•40 views

Cross site scripting

Jenkins HTML Publisher Plugin 1.32 and earlier does not escape job names, report names, and index page titles shown as part of the report frame, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4AI score0.00681EPSS
Exploits0References1
Prion
Prion
•added 2024/03/06 5:15 p.m.•22 views

Default credentials

Jenkins MQ Notifier Plugin 1.4.0 and earlier logs potentially sensitive build parameters as part of debug information in build logs by default...

6.3AI score0.00679EPSS
Exploits0References1
Prion
Prion
•added 2024/03/06 5:15 p.m.•38 views

Design/Logic Flaw

In Jenkins Bitbucket Branch Source Plugin 866.vdea7dcd3008e and earlier, except 848.850.v6aa2a234ac81, when discovering pull requests from forks, the trust policy "Forks in the same account" allows changes to Jenkinsfiles from users without write access to the project when using Bitbucket Server...

6.6AI score0.00556EPSS
Exploits0References1
Prion
Prion
•added 2024/03/06 5:15 p.m.•34 views

Cross site scripting

Jenkins Build Monitor View Plugin 1.14-860.vd06ef2568b3f and earlier does not escape Build Monitor View names, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to configure Build Monitor Views...

5.4AI score0.80173EPSS
Exploits0References1
Prion
Prion
•added 2024/03/06 5:15 p.m.•30 views

Input validation

In Jenkins Delphix Plugin 3.0.1 through 3.1.0 both inclusive a global option for administrators to enable or disable SSL/TLS certificate validation for Data Control Tower DCT connections fails to take effect until Jenkins is restarted when switching from disabled validation to enabled validation...

6.6AI score0.00337EPSS
Exploits0References1
Prion
Prion
•added 2024/03/06 2:15 p.m.•23 views

Design/Logic Flaw

In Apache Linkis =1.4.0, The password is printed to the log when using the Oracle data source of the Linkis data source module. We recommend users upgrade the version of Linkis to version 1.5.0...

7AI score0.00901EPSS
Exploits0References1
Prion
Prion
•added 2024/03/06 12:15 p.m.•18 views

Privilege escalation

In Blue Planet® products through 22.12, a misconfiguration in the SAML implementation allows for privilege escalation. Only products using SAML authentication are affected. Blue Planet® has released software updates that address this vulnerability for the affected products. Customers are advised ...

6CVSS9.1AI score0.00453EPSS
Exploits0References1
Prion
Prion
•added 2024/03/06 12:15 p.m.•15 views

Design/Logic Flaw

This vulnerability exists in AppSamvid software due to the usage of a weaker cryptographic algorithm hash SHA1 in user login component. An attacker with local administrative privileges could exploit this to obtain the password of AppSamvid on the targeted system. Successful exploitation of this...

3.2CVSS7AI score0.00133EPSS
Exploits0References1
Prion
Prion
•added 2024/03/06 12:15 p.m.•14 views

Design/Logic Flaw

This vulnerability exists in AppSamvid software due to the usage of vulnerable and outdated components. An attacker with local administrative privileges could exploit this by placing malicious DLLs on the targeted system. Successful exploitation of this vulnerability could allow the attacker to...

4CVSS6.6AI score0.00175EPSS
Exploits0References1
Prion
Prion
•added 2024/03/06 12:15 p.m.•10 views

Design/Logic Flaw

This vulnerability exists in USB Pratirodh due to the usage of a weaker cryptographic algorithm hash SHA1 in user login component. A local attacker with administrative privileges could exploit this vulnerability to obtain the password of USB Pratirodh on the targeted system. Successful exploitati...

3.2CVSS7.2AI score0.00121EPSS
Exploits0References1
Prion
Prion
•added 2024/03/06 12:15 p.m.•12 views

Deserialization of untrusted data

Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.8.0 through 1.10.0, the attackers can use the specific payload to read from an arbitrary file. Users are advised to upgrade to Apache InLong's 1.11.0 or cherry-pick 1 to solve it. 1...

7.1AI score0.0122EPSS
Exploits0References1
Prion
Prion
•added 2024/03/06 11:15 a.m.•14 views

Cross site scripting

Cross-Site Scripting stored vulnerability in Gophish affecting version 0.12.1. This vulnerability could allow an attacker to store a malicious JavaScript payload in the campaign menu and trigger the payload when the campaign is removed from the menu...

4.9CVSS6.2AI score0.00292EPSS
Exploits0References1
Prion
Prion
•added 2024/03/06 7:15 a.m.•25 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: scsi: core: Move scsihostbusy out of host lock for waking up EH handler Inside scsiehwakeup, scsihostbusy is called & checked with host lock every time for deciding if error handler kthread needs to be waken up. This can be too...

6.7AI score0.00242EPSS
Exploits0References6
Prion
Prion
•added 2024/03/06 7:15 a.m.•23 views

Null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: powerpc/mm: Fix null-pointer dereference in pgtablecacheadd kasprintf returns a pointer to dynamically allocated memory which can be NULL upon failure. Ensure the allocation was successful by checking the pointer validity...

7AI score0.00234EPSS
Exploits0References8
Prion
Prion
•added 2024/03/06 7:15 a.m.•14 views

Out-of-bounds

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9khtctxstatus Fix an array-index-out-of-bounds read in ath9khtctxstatus. The bug occurs when txs-cnt, data from a URB provided by a USB device, is bigger than the si...

7.2AI score0.00248EPSS
Exploits0References8
Prion
Prion
•added 2024/03/06 7:15 a.m.•22 views

Null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: ACPI: extlog: fix NULL pointer dereference check The gcc plugin -fanalyzer 1 tries to detect various patterns of incorrect behaviour. The tool reports: drivers/acpi/acpiextlog.c: In function ‘extlogexit’:...

7.1AI score
Exploits0References8
Prion
Prion
•added 2024/03/06 7:15 a.m.•14 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: spmi: mediatek: Fix UAF on device remove The pmif driver data that contains the clocks is allocated along with spmicontroller. On device remove, spmicontroller will be freed first, and then devres , including the clocks, will be...

7AI score0.00562EPSS
Exploits0References4
Prion
Prion
•added 2024/03/06 7:15 a.m.•21 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to tag gcing flag on page during block migration It needs to add missing gcing flag on page during block migration, in order to garantee migrated data be persisted during checkpoint, otherwise out-of-order persistency...

7.3AI score0.00251EPSS
Exploits0References5
Prion
Prion
•added 2024/03/06 7:15 a.m.•23 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix lock dependency warning ====================================================== WARNING: possible circular locking dependency detected 6.5.0-kfd-fkuehlin 276 Not tainted...

6.7AI score
Exploits0References5
Prion
Prion
•added 2024/03/06 7:15 a.m.•18 views

Null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: ipmr: fix kernel panic when forwarding mcast packets The stacktrace was: 86.305548 BUG: kernel NULL pointer dereference, address: 0000000000000092 86.306815 PF: supervisor read access in kernel mode 86.307717 PF: errorcode0x0000 ...

6.2AI score0.00227EPSS
Exploits0References4
Prion
Prion
•added 2024/03/06 7:15 a.m.•18 views

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: media: rkisp1: Fix IRQ disable race issue In rkisp1ispstop and rkisp1csidisable the driver masks the interrupts and then apparently assumes that the interrupt handler won't be running, and proceeds in the stop procedure. This is...

7.1AI score0.00173EPSS
Exploits0References4
Prion
Prion
•added 2024/03/06 7:15 a.m.•18 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix possible NULL dereference in amdgpurasqueryerrorstatushelper Return invalid error code -EINVAL for invalid block id. Fixes the below: drivers/gpu/drm/amd/amdgpu/amdgpuras.c:1183 amdgpurasqueryerrorstatushelper...

7.3AI score0.00282EPSS
Exploits0References2
Prion
Prion
•added 2024/03/06 7:15 a.m.•24 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: ocfs2: Avoid touching renamed directory if parent does not change The VFS will not be locking moved directory if its parent does not change. Change ocfs2 rename code to avoid touching renamed directory if its parent does not chan...

7.3AI score0.00161EPSS
Exploits0References2
Prion
Prion
•added 2024/03/06 7:15 a.m.•27 views

Null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: pdscore: Prevent race issues involving the adminq There are multiple paths that can result in using the pdsc's adminq. 1 pdscadminqisr and the resulting work from queuework, i.e. pdscworkthread-pdscprocessadminq 2 pdscadminqpost...

6.6AI score0.00213EPSS
Exploits0References3
Prion
Prion
•added 2024/03/06 7:15 a.m.•19 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: llc: call sockorphan at release time syzbot reported an interesting trace 1 caused by a stale sk-skwq pointer in a closed llc socket. In commit ff7b11aa481f "net: socket: set sock-sk to NULL after calling protoops::release" Eric...

6.4AI score0.00249EPSS
Exploits0References8
Prion
Prion
•added 2024/03/06 7:15 a.m.•11 views

Open redirect

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

6.8AI score
Exploits0
Prion
Prion
•added 2024/03/06 7:15 a.m.•16 views

Null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: wifi: wfx: fix possible NULL pointer dereference in wfxsetmfpap Since 'ieee80211beaconget' can return NULL, 'wfxsetmfpap' should check the return value before examining skb data. So convert the latter to return an appropriate err...

7.3AI score0.00225EPSS
Exploits0References4
Prion
Prion
•added 2024/03/06 7:15 a.m.•20 views

Stack overflow

In the Linux kernel, the following vulnerability has been resolved: powerpc/lib: Validate size for vector operations Some of the fp/vmx code in sstep.c assume a certain maximum size for the instructions being emulated. The size of those operations however is determined separately in analyseinstr...

7.1AI score0.00234EPSS
Exploits0References8
Prion
Prion
•added 2024/03/06 7:15 a.m.•19 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: reiserfs: Avoid touching renamed directory if parent does not change The VFS will not be locking moved directory if its parent does not change. Change reiserfs rename code to avoid touching renamed directory if its parent does no...

7.3AI score0.0024EPSS
Exploits0References3
Total number of security vulnerabilities213680