Security
Headlines
HeadlinesLatestCVEs

Tag

#ssh

CVE-2021-46830: GoAnywhere MFT Release Notes

A path traversal vulnerability exists within GoAnywhere MFT before 6.8.3 that utilize self-registration for the GoAnywhere Web Client. This vulnerability could potentially allow an external user who self-registers with a specific username and/or profile information to gain access to files at a higher directory level than intended.

CVE
#sql#xss#csrf#vulnerability#web#ios#mac#windows#apple#google#microsoft#amazon#linux#apache#redis#js#git#java#oracle#perl#ldap#samba#pdf#aws#log4j#oauth#auth#ssh#ibm#postgres#docker#chrome#firefox#sap#ssl
Red Hat Security Advisory 2022-4931-01

Red Hat Security Advisory 2022-4931-01 - The RHV-M Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is available to download as an OVA file from the Customer Portal.

CVE-2022-36892: Jenkins Security Advisory 2022-07-27

Jenkins rhnpush-plugin Plugin 0.5.1 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace contents.

CVE-2022-36885: Jenkins Security Advisory 2022-07-27

Jenkins GitHub Plugin 1.34.4 and earlier uses a non-constant time comparison function when checking whether the provided and computed webhook signatures are equal, allowing attackers to use statistical methods to obtain a valid webhook signature.

CVE-2022-36919: Jenkins Security Advisory 2022-07-27

A missing permission check in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

CVE-2022-36915: Jenkins Security Advisory 2022-07-27

Jenkins Android Signing Plugin 2.2.5 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace contents.

CVE-2022-36900: Jenkins Security Advisory 2022-07-27

Jenkins Compuware zAdviser API Plugin 1.0.3 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties.

CVE-2022-36910: Jenkins Security Advisory 2022-07-27

Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to reindex the database and to obtain information about jobs otherwise inaccessible to them.

CVE-2022-36894: Jenkins Security Advisory 2022-07-27

An arbitrary file write vulnerability in Jenkins CLIF Performance Testing Plugin 64.vc0d66de1dfb_f and earlier allows attackers with Overall/Read permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specified content.

CVE-2022-36899: Jenkins Security Advisory 2022-07-27

Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties.