CVE-2020-26238

Cron-utils is a Java library to parse, validate, migrate crons as well as get human readable descriptions for them. In cron-utils before version 9.1.3, a template Injection vulnerability is present. This enables attackers to inject arbitrary Java EL expressions, leading to unauthenticated Remote...

Design/Logic Flaw

Cron-utils is a Java library to parse, validate, migrate crons as well as get human readable descriptions for them. In cron-utils before version 9.1.3, a template Injection vulnerability is present. This enables attackers to inject arbitrary Java EL expressions, leading to unauthenticated Remote...

Template injection in cron-utils

Impact A Template Injection was identified in cron-utils enabling attackers to inject arbitrary Java EL expressions, leading to unauthenticated Remote Code Execution RCE vulnerability. Versions up to 9.1.2 are susceptible to this vulnerability. Please note, that only projects using the @Cron...

Rehex - Reverse Engineers' Hex Editor

A cross-platform Windows, Linux, Mac hex editor for reverse engineering, and everything else. Features Large 1TB+ file support Decoding of integer/floating point value types Disassembly of machine code Highlighting and annotation of ranges of bytes Side by side comparision of selections...

grafana: XSS annotation popup vulnerability

A flaw was found in grafana. The software is vulnerable to an annotation popup XSS...

CVE-2020-15272

In the git-tag-annotation-action open source GitHub Action before version 1.0.1, an attacker can execute arbitrary shell commands if they can control the value of the tag input or manage to alter the value of the GITHUBREF environment variable. The problem has been patched in version 1.0.1. If yo...

Design/Logic Flaw

In the git-tag-annotation-action open source GitHub Action before version 1.0.1, an attacker can execute arbitrary shell commands if they can control the value of the tag input or manage to alter the value of the GITHUBREF environment variable. The problem has been patched in version 1.0.1. If yo...

CVE-2020-15272

The CVE-2020-15272 entry concerns the git-tag-annotation-action (open source GitHub Action) prior to version 1.0.1. Affected logic allows an attacker to execute arbitrary shell commands if they control the tag input or can alter the GITHUB_REF environment variable. The issue is patched in version...

CVE-2020-15272 Shell-injection in git-tag-annotation GitHub action

In the git-tag-annotation-action open source GitHub Action before version 1.0.1, an attacker can execute arbitrary shell commands if they can control the value of the tag input or manage to alter the value of the GITHUBREF environment variable. The problem has been patched in version 1.0.1. If yo...

CVE-2020-17417

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.0.1.35811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2020-17417

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.0.1.35811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.0.1.35811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2020-17417

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.0.1.35811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Foxit Reader AcroForm Annotation Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the...

PT-2020-14623 · Gradle · Gradle Enterprise

Name of the Vulnerable Software and Affected Versions: Gradle Enterprise versions 2018.2 through 2020.2.4 Description: An issue was discovered where the CSRF prevention token is stored in a request cookie that is not annotated as HttpOnly. This allows an attacker with the ability to execute...

PT-2020-15487 · Jenkins · Jenkins Android Lint Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Android Lint Plugin versions 2.6 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs because the plugin does not escape the annotation message in tooltips. This can be exploited ...

new module: eclipse:rhel8

An update is available for icu4j, glassfish-annotation-api. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Eclipse is an integrated development environment IDE...

grafana: XSS annotation popup vulnerability

A flaw was found in grafana. The software is vulnerable to an annotation popup XSS...

grafana: XSS annotation popup vulnerability

A flaw was found in grafana. The software is vulnerable to an annotation popup XSS...

CVE-2020-12052

A flaw was found in grafana. The software is vulnerable to an annotation popup XSS...