Skip to main content

Communications Cloud Native Core Automated Test Suite

44 CVEs product

Monthly

CVE-2022-22965 Maven CRITICAL POC KEV PATCH THREAT Act Now

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java RCE Code Injection Tomcat Spring Framework +37
NVD
CVSS 3.1
9.8
EPSS
99.7%
CVE-2022-22963 Maven CRITICAL POC KEV PATCH THREAT Act Now

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java RCE Code Injection Spring Cloud Function Banking Branch +26
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
99.9%
CVE-2021-39152 Maven HIGH POC PATCH THREAT This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

Deserialization Java Xstream Fedora Debian Linux +12
NVD GitHub
CVSS 3.1
8.5
EPSS
11.5%
CVE-2021-39150 Maven HIGH POC PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

Deserialization Java Xstream Fedora Debian Linux +12
NVD GitHub
CVSS 3.1
8.5
EPSS
3.4%
CVE-2021-39140 Maven MEDIUM POC PATCH This Month

XStream is a simple library to serialize objects to XML and back again. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. Public exploit code available.

Deserialization Denial Of Service Xstream Debian Linux Fedora +12
NVD GitHub
CVSS 3.1
6.3
EPSS
5.9%
CVE-2021-39154 Maven HIGH POC PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE File Upload Xstream Fedora Debian Linux +12
NVD GitHub
CVSS 3.1
8.5
EPSS
4.7%
CVE-2021-39153 Maven HIGH POC PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE File Upload Java Xstream Fedora +11
NVD GitHub
CVSS 3.1
8.5
EPSS
4.5%
CVE-2021-39151 Maven HIGH POC PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE File Upload Xstream Fedora Debian Linux +12
NVD GitHub
CVSS 3.1
8.5
EPSS
4.7%
CVE-2021-39149 Maven HIGH POC PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE File Upload Xstream Fedora Debian Linux +12
NVD GitHub
CVSS 3.1
8.5
EPSS
4.7%
CVE-2021-39148 Maven HIGH POC PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE File Upload Xstream Fedora Debian Linux +12
NVD GitHub
CVSS 3.1
8.5
EPSS
4.7%
CVE-2021-39147 Maven HIGH POC PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE File Upload Xstream Fedora Debian Linux +12
NVD GitHub
CVSS 3.1
8.5
EPSS
4.7%
CVE-2021-39146 Maven HIGH POC PATCH THREAT This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE File Upload Xstream Fedora Debian Linux +12
NVD GitHub
CVSS 3.1
8.5
EPSS
14.3%
CVE-2021-39145 Maven HIGH PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE File Upload Xstream Debian Linux Fedora +12
NVD GitHub
CVSS 3.1
8.5
EPSS
4.1%
CVE-2021-39144 Maven HIGH POC KEV PATCH THREAT Act Now

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE Code Injection Xstream Debian Linux Fedora +12
NVD GitHub
CVSS 3.1
8.5
EPSS
98.1%
CVE-2021-39141 Maven HIGH POC PATCH THREAT This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE File Upload Xstream Debian Linux Fedora +12
NVD GitHub
CVSS 3.1
8.5
EPSS
16.1%
CVE-2021-39139 Maven HIGH PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE File Upload Java Xstream Debian Linux +13
NVD GitHub
CVSS 3.1
8.8
EPSS
4.5%
CVE-2021-22144 Maven MEDIUM PATCH This Month

In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Elastic Denial Of Service Elasticsearch Communications Cloud Native Core Automated Test Suite
NVD
CVSS 3.1
6.5
EPSS
2.2%
CVE-2021-22145 Maven MEDIUM POC PATCH THREAT This Month

A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Elastic Information Disclosure Elasticsearch Communications Cloud Native Core Automated Test Suite
NVD GitHub Exploit-DB
CVSS 3.1
6.5
EPSS
76.2%
CVE-2021-36374 Maven MEDIUM PATCH This Month

When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure Apache Ant Agile Engineering Data Management +34
NVD
CVSS 3.1
5.5
EPSS
2.6%
CVE-2021-36373 Maven MEDIUM PATCH This Month

When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Apache Information Disclosure Ant Agile Plm Banking Trade Finance +29
NVD
CVSS 3.1
5.5
EPSS
2.5%
CVE-2021-36090 Maven HIGH PATCH This Week

When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Commons Compress Banking Apis Banking Digital Experience Banking Enterprise Default Management +30
NVD
CVSS 3.1
7.5
EPSS
12.9%
CVE-2021-35516 Maven HIGH PATCH This Week

When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Commons Compress Active Iq Unified Manager Oncommand Insight Banking Digital Experience +20
NVD
CVSS 3.1
7.5
EPSS
12.4%
CVE-2021-35515 Maven HIGH PATCH This Week

When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Commons Compress Active Iq Unified Manager Oncommand Insight Banking Digital Experience +22
NVD
CVSS 3.1
7.5
EPSS
11.6%
CVE-2021-29921 CRITICAL POC PATCH Act Now

In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Authentication Bypass Communications Cloud Native Core Automated Test Suite Communications Cloud Native Core Binding Support Function Communications Cloud Native Core Network Slice Selection Function +2
NVD GitHub
CVSS 3.1
9.8
EPSS
6.8%
CVE-2021-22134 Maven MEDIUM PATCH This Month

A document disclosure flaw was found in Elasticsearch versions after 7.6.0 and before 7.11.0 when Document or Field Level Security is used. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Elastic Information Disclosure Elasticsearch Communications Cloud Native Core Automated Test Suite
NVD
CVSS 3.1
4.3
EPSS
1.1%
CVE-2021-22132 Maven MEDIUM PATCH This Month

Elasticsearch versions 7.7.0 to 7.10.1 contain an information disclosure flaw in the async search API. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Elastic Information Disclosure Elasticsearch Communications Cloud Native Core Automated Test Suite
NVD
CVSS 3.1
4.8
EPSS
1.2%
CVE-2019-10219 Maven MEDIUM POC PATCH This Month

A vulnerability was found in Hibernate-Validator. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hibernate Validator Fuse Jboss Data Grid Jboss Enterprise Application Platform +184
NVD GitHub
CVSS 3.1
6.1
EPSS
2.2%
CVE-2019-10384 Maven HIGH PATCH This Week

Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed users to obtain CSRF tokens without an associated web session ID, resulting in CSRF tokens that did not expire and could be used to bypass. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

Jenkins CSRF Communications Cloud Native Core Automated Test Suite Openshift Container Platform
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2019-10383 Maven MEDIUM PATCH This Month

A stored cross-site scripting vulnerability in Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed attackers with Overall/Administer permission to configure the update site URL to inject. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Jenkins Communications Cloud Native Core Automated Test Suite Openshift Container Platform
NVD
CVSS 3.1
4.8
EPSS
1.4%
CVE-2019-1003050 Maven MEDIUM PATCH This Month

The f:validateButton form control for the Jenkins UI did not properly escape job URLs in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, resulting in a cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Jenkins Communications Cloud Native Core Automated Test Suite Openshift Container Platform
NVD
CVSS 3.1
5.4
EPSS
1.3%
CVE-2019-1003049 Maven HIGH PATCH This Week

Users who cached their CLI authentication before Jenkins was updated to 2.150.2 and newer, or 2.160 and newer, would remain authenticated in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Jenkins Information Disclosure Openshift Container Platform Communications Cloud Native Core Automated Test Suite
NVD
CVSS 3.1
8.1
EPSS
2.1%
CVE-2018-1999007 Maven MEDIUM PATCH This Month

A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers with the ability to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Java Jenkins XSS Communications Cloud Native Core Automated Test Suite
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2018-1999005 Maven MEDIUM PATCH This Month

A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in BuildTimelineWidget.java, BuildTimelineWidget/control.jelly that allows attackers with Job/Configure. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Jenkins XSS Communications Cloud Native Core Automated Test Suite
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2018-1999004 Maven MEDIUM PATCH This Month

A Improper authorization vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in SlaveComputer.java that allows attackers with Overall/Read permission to initiate agent launches,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Java Authentication Bypass Jenkins Communications Cloud Native Core Automated Test Suite
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2018-1999003 Maven MEDIUM PATCH This Month

A Improper authorization vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in Queue.java that allows attackers with Overall/Read permission to cancel queued builds. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Java Authentication Bypass Jenkins Communications Cloud Native Core Automated Test Suite
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2018-1999002 Maven HIGH POC PATCH THREAT This Week

A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java Jenkins Information Disclosure Communications Cloud Native Core Automated Test Suite
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
86.6%
CVE-2018-1999001 Maven HIGH PATCH This Week

A unauthorized modification of configuration vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in User.java that allows attackers to provide crafted login credentials that cause. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Jenkins Authentication Bypass Communications Cloud Native Core Automated Test Suite
NVD
CVSS 3.1
8.8
EPSS
18.1%
CVE-2018-1000195 Maven MEDIUM PATCH This Month

A server-side request forgery vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in ZipExtractionInstaller.java that allows users with Overall/Read permission to have Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

Java CSRF Jenkins SSRF Communications Cloud Native Core Automated Test Suite
NVD
CVSS 3.1
4.3
EPSS
2.1%
CVE-2018-1000194 Maven HIGH PATCH This Week

A path traversal vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in FilePath.java, SoloFilePathFilter.java that allows malicious agents to read and write arbitrary files on the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Java Jenkins Path Traversal Communications Cloud Native Core Automated Test Suite
NVD
CVSS 3.1
8.1
EPSS
2.6%
CVE-2018-1000193 Maven MEDIUM PATCH This Month

A improper neutralization of control sequences vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in HudsonPrivateSecurityRealm.java that allows users to sign up using user names. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Java Jenkins Information Disclosure Communications Cloud Native Core Automated Test Suite
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2018-1000192 Maven MEDIUM PATCH This Month

A information exposure vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in AboutJenkins.java, ListPluginsCommand.java that allows users with Overall/Read access to enumerate all. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Java Jenkins Information Disclosure Communications Cloud Native Core Automated Test Suite
NVD
CVSS 3.1
4.3
EPSS
1.1%
CVE-2018-6356 Maven MEDIUM PATCH This Month

Jenkins before 2.107 and Jenkins LTS before 2.89.4 did not properly prevent specifying relative paths that escape a base directory for URLs accessing plugin resource files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Microsoft Jenkins Path Traversal Communications Cloud Native Core Automated Test Suite
NVD
CVSS 3.1
6.5
EPSS
3.9%
CVE-2018-1000068 Maven MEDIUM PATCH This Month

An improper input validation vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to access plugin resource files in the META-INF and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Jenkins Information Disclosure Communications Cloud Native Core Automated Test Suite
NVD
CVSS 3.1
5.3
EPSS
2.0%
CVE-2018-1000067 Maven MEDIUM PATCH This Month

An improper authorization vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to have Jenkins submit HTTP GET requests and get limited. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Jenkins SSRF Communications Cloud Native Core Automated Test Suite
NVD
CVSS 3.1
5.3
EPSS
1.7%
EPSS 100% CVSS 9.8
CRITICAL POC KEV PATCH THREAT Act Now

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java RCE Code Injection +39
NVD
EPSS 100% CVSS 9.8
CRITICAL POC KEV PATCH THREAT Act Now

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java RCE Code Injection +28
NVD Exploit-DB
EPSS 11% CVSS 8.5
HIGH POC PATCH THREAT This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

Deserialization Java Xstream +14
NVD GitHub
EPSS 3% CVSS 8.5
HIGH POC PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

Deserialization Java Xstream +14
NVD GitHub
EPSS 6% CVSS 6.3
MEDIUM POC PATCH This Month

XStream is a simple library to serialize objects to XML and back again. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. Public exploit code available.

Deserialization Denial Of Service Xstream +14
NVD GitHub
EPSS 5% CVSS 8.5
HIGH POC PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE File Upload Xstream +14
NVD GitHub
EPSS 4% CVSS 8.5
HIGH POC PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE File Upload Java +13
NVD GitHub
EPSS 5% CVSS 8.5
HIGH POC PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE File Upload Xstream +14
NVD GitHub
EPSS 5% CVSS 8.5
HIGH POC PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE File Upload Xstream +14
NVD GitHub
EPSS 5% CVSS 8.5
HIGH POC PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE File Upload Xstream +14
NVD GitHub
EPSS 5% CVSS 8.5
HIGH POC PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE File Upload Xstream +14
NVD GitHub
EPSS 14% CVSS 8.5
HIGH POC PATCH THREAT This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE File Upload Xstream +14
NVD GitHub
EPSS 4% CVSS 8.5
HIGH PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE File Upload Xstream +14
NVD GitHub
EPSS 98% CVSS 8.5
HIGH POC KEV PATCH THREAT Act Now

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE Code Injection Xstream +14
NVD GitHub
EPSS 16% CVSS 8.5
HIGH POC PATCH THREAT This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE File Upload Xstream +14
NVD GitHub
EPSS 5% CVSS 8.8
HIGH PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE File Upload Java +15
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Elastic Denial Of Service Elasticsearch +1
NVD
EPSS 76% CVSS 6.5
MEDIUM POC PATCH THREAT This Month

A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Elastic Information Disclosure Elasticsearch +1
NVD GitHub Exploit-DB
EPSS 3% CVSS 5.5
MEDIUM PATCH This Month

When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure Apache +36
NVD
EPSS 3% CVSS 5.5
MEDIUM PATCH This Month

When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Apache Information Disclosure Ant +31
NVD
EPSS 13% CVSS 7.5
HIGH PATCH This Week

When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Commons Compress Banking Apis +32
NVD
EPSS 12% CVSS 7.5
HIGH PATCH This Week

When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Commons Compress Active Iq Unified Manager +22
NVD
EPSS 12% CVSS 7.5
HIGH PATCH This Week

When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Commons Compress Active Iq Unified Manager +24
NVD
EPSS 7% CVSS 9.8
CRITICAL POC PATCH Act Now

In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Authentication Bypass Communications Cloud Native Core Automated Test Suite +4
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

A document disclosure flaw was found in Elasticsearch versions after 7.6.0 and before 7.11.0 when Document or Field Level Security is used. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Elastic Information Disclosure Elasticsearch +1
NVD
EPSS 1% CVSS 4.8
MEDIUM PATCH This Month

Elasticsearch versions 7.7.0 to 7.10.1 contain an information disclosure flaw in the async search API. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Elastic Information Disclosure Elasticsearch +1
NVD
EPSS 2% CVSS 6.1
MEDIUM POC PATCH This Month

A vulnerability was found in Hibernate-Validator. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hibernate Validator Fuse +186
NVD GitHub
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed users to obtain CSRF tokens without an associated web session ID, resulting in CSRF tokens that did not expire and could be used to bypass. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

Jenkins CSRF Communications Cloud Native Core Automated Test Suite +1
NVD
EPSS 1% CVSS 4.8
MEDIUM PATCH This Month

A stored cross-site scripting vulnerability in Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed attackers with Overall/Administer permission to configure the update site URL to inject. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Jenkins Communications Cloud Native Core Automated Test Suite +1
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

The f:validateButton form control for the Jenkins UI did not properly escape job URLs in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, resulting in a cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Jenkins Communications Cloud Native Core Automated Test Suite +1
NVD
EPSS 2% CVSS 8.1
HIGH PATCH This Week

Users who cached their CLI authentication before Jenkins was updated to 2.150.2 and newer, or 2.160 and newer, would remain authenticated in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Jenkins Information Disclosure Openshift Container Platform +1
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers with the ability to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Java Jenkins XSS +1
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in BuildTimelineWidget.java, BuildTimelineWidget/control.jelly that allows attackers with Job/Configure. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Jenkins XSS Communications Cloud Native Core Automated Test Suite
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

A Improper authorization vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in SlaveComputer.java that allows attackers with Overall/Read permission to initiate agent launches,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Java Authentication Bypass Jenkins +1
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

A Improper authorization vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in Queue.java that allows attackers with Overall/Read permission to cancel queued builds. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Java Authentication Bypass Jenkins +1
NVD
EPSS 87% CVSS 7.5
HIGH POC PATCH THREAT This Week

A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java Jenkins Information Disclosure +1
NVD Exploit-DB
EPSS 18% CVSS 8.8
HIGH PATCH This Week

A unauthorized modification of configuration vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in User.java that allows attackers to provide crafted login credentials that cause. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Jenkins Authentication Bypass +1
NVD
EPSS 2% CVSS 4.3
MEDIUM PATCH This Month

A server-side request forgery vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in ZipExtractionInstaller.java that allows users with Overall/Read permission to have Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

Java CSRF Jenkins +2
NVD
EPSS 3% CVSS 8.1
HIGH PATCH This Week

A path traversal vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in FilePath.java, SoloFilePathFilter.java that allows malicious agents to read and write arbitrary files on the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Java Jenkins Path Traversal +1
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

A improper neutralization of control sequences vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in HudsonPrivateSecurityRealm.java that allows users to sign up using user names. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Java Jenkins Information Disclosure +1
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

A information exposure vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in AboutJenkins.java, ListPluginsCommand.java that allows users with Overall/Read access to enumerate all. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Java Jenkins Information Disclosure +1
NVD
EPSS 4% CVSS 6.5
MEDIUM PATCH This Month

Jenkins before 2.107 and Jenkins LTS before 2.89.4 did not properly prevent specifying relative paths that escape a base directory for URLs accessing plugin resource files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Microsoft Jenkins Path Traversal +1
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

An improper input validation vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to access plugin resource files in the META-INF and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Jenkins Information Disclosure Communications Cloud Native Core Automated Test Suite
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

An improper authorization vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to have Jenkins submit HTTP GET requests and get limited. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Jenkins SSRF Communications Cloud Native Core Automated Test Suite
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy