‼ CVE-2022-30947 ‼
📖 Read
via "National Vulnerability Database".
Jenkins Git Plugin 4.11.1 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30950 ‼
📖 Read
via "National Vulnerability Database".
Jenkins WMI Windows Agents Plugin 1.8 and earlier includes the Windows Remote Command library which has a buffer overflow vulnerability that may allow users able to connect to a named pipe to execute commands on the Windows agent machine.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30968 ‼
📖 Read
via "National Vulnerability Database".
Jenkins vboxwrapper Plugin 1.3 and earlier does not escape the name and description of VBox node parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29332 ‼
📖 Read
via "National Vulnerability Database".
D-LINK DIR-825 AC1200 R2 is vulnerable to Directory Traversal. An attacker could use the "../../../../" setting of the FTP server folder to set the router's root folder for FTP access. This allows you to access the entire router file system via the FTP server.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30972 ‼
📖 Read
via "National Vulnerability Database".
A cross-site request forgery (CSRF) vulnerability in Jenkins Storable Configs Plugin 1.0 and earlier allows attackers to have Jenkins parse a local XML file (e.g., archived artifacts) that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30960 ‼
📖 Read
via "National Vulnerability Database".
Jenkins Application Detector Plugin 1.0.8 and earlier does not escape the name of Chois Application Version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30966 ‼
📖 Read
via "National Vulnerability Database".
Jenkins Random String Parameter Plugin 1.0 and earlier does not escape the name and description of Random String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.📖 Read
via "National Vulnerability Database".
🛠 Lynis Auditing Tool 3.0.8 🛠
📖 Read
via "Packet Storm Security".
Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.📖 Read
via "Packet Storm Security".
Packetstormsecurity
Lynis Auditing Tool 3.0.8 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
‼ CVE-2020-4994 ‼
📖 Read
via "National Vulnerability Database".
IBM DataPower Gateway 10.0.1.0 through 10.0.1.4 and 2018.4.1.0 through 2018.4.1.17 could allow a remote user to cause a temporary denial of service by sending invalid HTTP requests. IBM X-Force ID: 192906.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30073 ‼
📖 Read
via "National Vulnerability Database".
WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via /admin/users/save.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22475 ‼
📖 Read
via "National Vulnerability Database".
IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.5 and Open Liberty are vulnerable to identity spoofing by an authenticated user. IBM X-Force ID: 225603.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30072 ‼
📖 Read
via "National Vulnerability Database".
WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via \admin\pages\sections_save.php namesection2 parameters.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38872 ‼
📖 Read
via "National Vulnerability Database".
IBM DataPower Gateway 10.0.2.0, 10.0.3.0, 10.0.1.0 through 10.0.1.4, and 2018.4.1.0 through 2018.4.1.17 could allow a remote user to cause a denial of service by consuming resources with multiple requests. IBM X-Force ID: 208348.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30067 ‼
📖 Read
via "National Vulnerability Database".
GIMP 2.10.30 and 2.99.10 are vulnerable to Buffer Overflow. Through a crafted XCF file, the program will allocate for a huge amount of memory, resulting in insufficient memory or program crash.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29726 ‼
📖 Read
via "National Vulnerability Database".
IBM Sterling Secure Proxy 6.0.3 and IBM Secure External Authentication Server 6.0.3 does not properly ensure that a certificate is actually associated with the host due to improper validation of certificates. IBM X-Force ID: 201104.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24108 ‼
📖 Read
via "National Vulnerability Database".
The Skyoftech So Listing Tabs module 2.2.0 for OpenCart allows a remote attacker to inject a serialized PHP object via the setting parameter, potentially resulting in the ability to write to files on the server, cause DoS, and achieve remote code execution because of deserialization of untrusted data.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-24856 ‼
📖 Read
via "National Vulnerability Database".
FlyteConsole is the web user interface for the Flyte platform. FlyteConsole prior to version 0.52.0 is vulnerable to server-side request forgery (SSRF) when FlyteConsole is open to the general internet. An attacker can exploit any user of a vulnerable instance to access the internal metadata server or other unauthenticated URLs. Passing of headers to an unauthorized actor may occur. The patch for this issue deletes the entire `cors_proxy`, as this is not required for console anymore. A patch is available in FlyteConsole version 0.52.0. Disable FlyteConsole availability on the internet as a workaround.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30007 ‼
📖 Read
via "National Vulnerability Database".
GXCMS V1.5 has a file upload vulnerability in the background. The vulnerability is the template management page. You can edit any template content and then rename to PHP suffix file, after calling PHP file can control the server.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4957 ‼
📖 Read
via "National Vulnerability Database".
IBM Security Identity Governance and Intelligence 5.2.6 could disclose sensitive information in URL parameters that could aid in future attacks against the system. IBM X-Force ID: 192208.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1116 ‼
📖 Read
via "National Vulnerability Database".
Integer Overflow or Wraparound vulnerability in io_uring of Linux Kernel allows local attacker to cause memory corruption and escalate privileges to root. This issue affects: Linux Kernel versions prior to 5.4.189; version 5.4.24 and later versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29581 ‼
📖 Read
via "National Vulnerability Database".
Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions.📖 Read
via "National Vulnerability Database".