[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

253928

 
 

909

 
 

198006

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 197121 Download | Alert*

The host is installed with Zoom Client 5.10.6 before 5.12.0 and is prone to a security misconfiguration vulnerability. A flaw is present in the application, which fails to properly handle issues in a local debugging port. Successful exploitation allows attackers to use the debugging port to connect to and control the Zoom Apps running in the Zoom client.

The host is installed with vm2 before 3.9.11 and is prone to a sandbox escape vulnerability. A flaw is present in the application, which fails to properly handle issue in sandbox protections. Successful exploitation could allow attackers cause remote code execution.

The host is installed with Jenkins LTS through 2.319.1 or Jenkins rolling through 2.329 and is prone to a cross-site request forgery(csrf) vulnerability. A flaw is present in the application, which fails to handle POST requests for the HTTP endpoint. Successful exploitation could allow attackers to trigger build of job without parameters when no security realm.

The host is installed with Jenkins LTS through 2.303.2 or Jenkins rolling release through 2.318 and is prone to an access control vulnerability. A flaw is present in the application, which fails to handle an agent-to-controller access control issue. Successful exploitation could allow attackers to read and write the contents of any build directory stored in Jenkins with very few restrictions throu ...

Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not limit agent read/write access to the libs/ directory inside build directories when using the FilePath APIs, allowing attackers in control of agent processes to replace the code of a trusted library with a modified variant. This results in unsandboxed code execution in the Jenkins controller process.

The host is installed with Jenkins LTS through 2.303.2 or Jenkins rolling release through 2.318 and is prone to a missing authorization vulnerability. A flaw is present in the application, which fails to handle an issue in FilePath#listFiles operations. Successful exploitation could allow attackers to list files outside directories that agents are allowed to access when following symbolic links.

The host is installed with Jenkins LTS through 2.303.2 or Jenkins rolling release through 2.318 and is prone to a missing authorization vulnerability. A flaw is present in the application, which fails to handle a permissions issue. Successful exploitation could allow attackers to make FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace to not ...

The host is installed with Jenkins LTS through 2.303.2 or Jenkins rolling release through 2.318 and is prone to an incorrect authorization vulnerability. A flaw is present in the application, which fails to handle an issue in FilePath#renameTo and FilePath#moveAllChildrenTo operations. Successful exploitation could allow attackers to only check 'read' agent-to-controller access permission on the s ...

The host is installed with Jenkins LTS through 2.303.2 or Jenkins rolling release through 2.318 and is prone to an incorrect authorization vulnerability. A flaw is present in the application, which fails to handle an issue in FilePath#renameTo and FilePath#moveAllChildrenTo operations. Successful exploitation could allow attackers to only check 'read' agent-to-controller access permission on the s ...

The host is installed with Jenkins LTS through 2.303.2 or Jenkins rolling release through 2.318 and is prone to an incorrect authorization vulnerability. A flaw is present in the application, which fails to handle an agent-to-controller access control issue. Successful exploitation could allow attackers to create symbolic links without the symlink permission.


Pages:      Start    8464    8465    8466    8467    8468    8469    8470    8471    8472    8473    8474    8475    8476    8477    ..   19712

© SecPod Technologies