Lucene search
+L

49 matches found

SUSE Linux
SUSE Linux
added 2024/11/01 3:19 p.m.8 views

Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: Update to version 2.46.0 bsc1231039. CVE-2024-40866 CVE-2024-44187 Already fixed in version 2.44.3: CVE-2024-4558 CVE-2024-27838 CVE-2024-27851 Already fixed in version 2.44.2: CVE-2024-27834 CVE-2024-27808 CVE-2024-27820 CVE-2024-27833...

8.8CVSS7.3AI score0.10593EPSS
Exploits7References28
Positive Technologies
Positive Technologies
added 2024/09/04 12:0 a.m.9 views

PT-2024-31405

Name of the Vulnerable Software and Affected Versions Fides versions 2.19.0 through 2.43.x Description The Email Templating feature in Fides uses Jinja2 without proper input sanitization or rendering environment restrictions, allowing for Server-Side Template Injection that grants Remote Code...

9.1CVSS6.5AI score0.01342EPSS
Exploits1References15
Positive Technologies
Positive Technologies
added 2022/06/22 12:0 a.m.8 views

PT-2022-22064 · Jenkins +1 · Jenkins +2

Name of the Vulnerable Software and Affected Versions: Jenkins Repository Connector Plugin versions 2.2.0 and earlier Description: The issue is a stored cross-site scripting XSS vulnerability that occurs because the Jenkins Repository Connector Plugin does not escape the name and description of...

8CVSS5.7AI score0.00759EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2022/06/22 12:0 a.m.6 views

PT-2022-22053 · Jenkins · Jenkins +1

Name of the Vulnerable Software and Affected Versions: Jenkins Date Parameter Plugin versions 0.0.4 and earlier Description: The issue is a stored cross-site scripting XSS vulnerability that occurs because the Jenkins Date Parameter Plugin does not escape the name and description of Date paramete...

8CVSS5.7AI score0.00606EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2022/06/22 12:0 a.m.8 views

PT-2022-22066 · Jenkins · Jenkins Sauce Ondemand Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Sauce OnDemand Plugin versions 1.204 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability, which can be exploited by attackers with Item/Configure permission. This occurs because the plugin doe...

8CVSS5.7AI score0.00606EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/05/17 12:0 a.m.9 views

PT-2022-20424 · Jenkins · Jenkins +1

Name of the Vulnerable Software and Affected Versions: Jenkins vboxwrapper Plugin versions 1.3 and earlier Description: The Jenkins vboxwrapper Plugin does not escape the name and description of VBox node parameters on views displaying parameters, resulting in a stored cross-site scripting XSS...

8CVSS5.5AI score0.0073EPSS
Exploits0References6
OSV
OSV
added 2022/05/13 1:36 a.m.8 views

GHSA-6967-9VVV-4CMM Exposure of Sensitive Information to an Unauthorized Actor in Jenkins

Jenkins before versions 2.44 and 2.32.2 is vulnerable to an information exposure in the internal API that allows access to item names that should not be visible SECURITY-380. This only affects anonymous users other users legitimately have access that were able to get a list of items via an...

4.3CVSS5.9AI score0.01911EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2022/05/13 1:36 a.m.31 views

Cross-Site Request Forgery in Jenkins

jenkins before versions 2.44, 2.32.2 is vulnerable to a user creation CSRF using GET by admins. While this user record was only retained until restart in most cases, administrators' web browsers could be manipulated to create a large number of user records SECURITY-406...

5.8CVSS5.9AI score0.0169EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2022/04/12 12:0 a.m.12 views

PT-2022-19386 · Jenkins +1 · Jenkins +2

Name of the Vulnerable Software and Affected Versions: Jenkins Subversion Plugin versions 2.15.3 and earlier Description: The issue is a stored cross-site scripting XSS vulnerability that occurs because the Jenkins Subversion Plugin does not escape the name and description of List Subversion tags...

5.4CVSS5.5AI score0.02435EPSS
Exploits0References14
NVD
NVD
added 2021/12/15 8:15 p.m.23 views

CVE-2021-35490

Thruk before 2.44 allows XSS for a quick command...

5.4CVSS0.00483EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/12/15 7:49 p.m.26 views

CVE-2021-35490

Thruk before 2.44 allows XSS for a quick command...

5.5AI score0.00483EPSS
Exploits0References2
OSV
OSV
added 2020/10/28 11:35 a.m.3 views

USN-4608-1 ca-certificates update

The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.44 version of the Mozilla certificate authority bundle...

5.8AI score
Exploits0References2
Packet Storm
Packet Storm
added 2020/01/22 12:0 a.m.515 views

KeePass 2.44 Denial Of Service

Exploit Title : KeePass 2.44 - Denial of Service PoC Product : KeePass Password Safe Version : Help About KeePass Help any local help area Drag&Drop HTML File Save the contents to html. Payload-1: DoS & Run Cmd //=0;i-- tryo+=x.c" + "harAti;catchereturn o;f"\"function fx,yvar i,o=\"\\\""+...

0.2AI score
Exploits0
NVD
NVD
added 2018/05/15 9:29 p.m.19 views

CVE-2017-2604

In Jenkins before versions 2.44, 2.32.2 low privilege users were able to act on administrative monitors due to them not being consistently protected by permission checks SECURITY-371...

4.3CVSS4.5AI score0.0135EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2018/05/15 9:29 p.m.18 views

CVE-2017-2610

jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in search suggestions due to improperly escaping users with less-than and greater-than characters in their names SECURITY-388...

5.4CVSS6.4AI score0.01513EPSS
Exploits0References2
OSV
OSV
added 2018/05/15 9:29 p.m.18 views

CVE-2017-2604

In Jenkins before versions 2.44, 2.32.2 low privilege users were able to act on administrative monitors due to them not being consistently protected by permission checks SECURITY-371...

4.3CVSS5AI score0.0135EPSS
Exploits0References4
OSV
OSV
added 2018/05/15 9:29 p.m.22 views

CVE-2017-2602

jenkins before versions 2.44, 2.32.2 is vulnerable to an improper blacklisting of the Pipeline metadata files in the agent-to-master security subsystem. This could allow metadata files to be written to by malicious agents SECURITY-358...

4.3CVSS5AI score0.01611EPSS
Exploits0References4
Cvelist
Cvelist
added 2018/05/15 8:0 p.m.36 views

CVE-2017-2608

Jenkins before versions 2.44, 2.32.2 is vulnerable to a remote code execution vulnerability involving the deserialization of various types in javax.imageio in XStream-based APIs SECURITY-383...

8.8CVSS6.5AI score0.06308EPSS
Exploits1References4
Prion
Prion
added 2018/05/10 1:29 p.m.26 views

Cross site scripting

Jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in parameter names and descriptions SECURITY-353. Users with the permission to configure jobs were able to inject JavaScript into parameter names and descriptions...

3.5CVSS5.2AI score0.02146EPSS
Exploits0References9Affected Software1
Positive Technologies
Positive Technologies
added 2018/05/10 12:0 a.m.5 views

PT-2018-7128 · Cloudbees +1 · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions prior to 2.44 Jenkins versions prior to 2.32.2 Description: The issue concerns a persisted cross-site scripting vulnerability in parameter names and descriptions. Users with the permission to configure jobs were able to injec...

6.1CVSS5.8AI score0.02146EPSS
Exploits0References14
Rows per page
Query Builder