Lucene search
K

118 matches found

OSV
OSV
added 2025/02/26 7:0 a.m.12 views

UBUNTU-CVE-2022-49121

In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix tag leaks on error In pm8001chipsetdevstatereq, pm8001chipfwflashupdatereq, pm80xxchipphyctlreq and pm8001chipregdevreq add missing calls to pm8001tagfree to free the allocated tag when pm8001mpibuildcmd fails...

5.5CVSS6.2AI score0.00252EPSS
Exploits0References8
OSV
OSV
added 2025/02/26 7:0 a.m.10 views

UBUNTU-CVE-2022-49084

In the Linux kernel, the following vulnerability has been resolved: qede: confirm skb is allocated before using qedebuildskb assumes buildskb always works and goes straight to skbreserve. However, buildskb can fail under memory pressure. This results in a kernel panic because the skb to reserve i...

5.5CVSS6.2AI score0.00239EPSS
Exploits0References10
Rockylinux
Rockylinux
added 2024/10/25 5:17 p.m.9 views

rpm-ostree bug fix update

An update is available for rpm-ostree. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The rpm-ostree tool binds together the RPM packaging model with the OSTree...

7.4AI score
Exploits0
OpenVAS
OpenVAS
added 2024/03/04 12:0 a.m.26 views

openSUSE: Security Advisory for squashfs (SUSE-SU-2023:4591-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS7.4AI score0.0691EPSS
Exploits2References2
OSV
OSV
added 2023/12/14 10:5 a.m.6 views

SUSE-SU-2023:4829-1 Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: Update to version 2.42.3 bsc1217844: - Fix flickering while playing videos with DMA-BUF sink. - Fix color picker being triggered in the inspector when typing 'tan'. - Do not special case the 'sans' font family name. - Fix build failure with...

8.8CVSS7.7AI score0.17823EPSS
Exploits0References4
OSV
OSV
added 2023/12/14 10:2 a.m.10 views

SUSE-SU-2023:4824-1 Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: Update to version 2.42.3 bsc1217844: - Fix flickering while playing videos with DMA-BUF sink. - Fix color picker being triggered in the inspector when typing 'tan'. - Do not special case the 'sans' font family name. - Fix build failure with...

8.8CVSS7.7AI score0.17823EPSS
Exploits0References4
OSV
OSV
added 2023/09/20 6:30 p.m.22 views

GHSA-2WWH-QGH8-W9XW Jenkins Build Failure Analyzer Plugin Cross-Site Request Forgery vulnerability

Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not require POST requests for an HTTP endpoint, resulting in cross-site request forgery CSRF vulnerabilities. This vulnerability allows attackers to delete Failure Causes. Build Failure Analyzer Plugin 2.4.2 requires POST requests for t...

4.3CVSS4.8AI score0.00339EPSS
Exploits0References4
OSV
OSV
added 2023/09/20 6:30 p.m.30 views

GHSA-262F-77Q5-RQV6 Jenkins Build Failure Analyzer Plugin Cross-site Scripting vulnerability

Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not escape Failure Cause names in build logs. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to create or update Failure Causes. Build Failure Analyzer Plugin 2.4.2 escapes Failure Cause...

8CVSS5.4AI score0.00521EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/09/20 6:30 p.m.39 views

Jenkins Build Failure Analyzer Plugin Cross-Site Request Forgery vulnerability

Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not perform a permission check in a connection test HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password. Additionally, th...

8.8CVSS6.6AI score0.00406EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/09/20 6:30 p.m.32 views

Jenkins Build Failure Analyzer Plugin missing permission check

Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not perform a permission check in a connection test HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password. Additionally, th...

6.5CVSS6.6AI score0.00504EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/09/20 6:30 p.m.25 views

Jenkins Build Failure Analyzer Plugin Cross-site Scripting vulnerability

Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not escape Failure Cause names in build logs. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to create or update Failure Causes. Build Failure Analyzer Plugin 2.4.2 escapes Failure Cause...

5.4CVSS5.6AI score0.00521EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/09/20 6:30 p.m.35 views

GHSA-58RQ-69JP-XC23 Jenkins Build Failure Analyzer Plugin Cross-Site Request Forgery vulnerability

Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not perform a permission check in a connection test HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password. Additionally, th...

4.3CVSS8.7AI score0.00406EPSS
Exploits0References3
OSV
OSV
added 2023/09/20 6:30 p.m.30 views

GHSA-55Q6-R3HM-7FF4 Jenkins Build Failure Analyzer Plugin missing permission check

Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not perform a permission check in a connection test HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password. Additionally, th...

4.3CVSS6.6AI score0.00504EPSS
Exploits0References4
OSV
OSV
added 2023/09/20 5:15 p.m.27 views

CVE-2023-43502

A cross-site request forgery CSRF vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to delete Failure Causes...

4.3CVSS7AI score0.00339EPSS
Exploits0References2
NVD
NVD
added 2023/09/20 5:15 p.m.28 views

CVE-2023-43500

A cross-site request forgery CSRF vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password...

8.8CVSS8.8AI score0.00406EPSS
Exploits0References2
NVD
NVD
added 2023/09/20 5:15 p.m.38 views

CVE-2023-43501

A missing permission check in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password...

6.5CVSS6.9AI score0.00504EPSS
Exploits0References2
NVD
NVD
added 2023/09/20 5:15 p.m.21 views

CVE-2023-43499

Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not escape Failure Cause names in build logs, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to create or update Failure Causes...

5.4CVSS5.8AI score0.00521EPSS
Exploits0References2
Prion
Prion
added 2023/09/20 5:15 p.m.24 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to delete Failure Causes...

4.3CVSS4.6AI score0.00339EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/09/20 5:15 p.m.25 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password...

6.8CVSS8.7AI score0.00406EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/09/20 5:15 p.m.26 views

Cross site scripting

Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not escape Failure Cause names in build logs, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to create or update Failure Causes...

4.9CVSS5.2AI score0.00521EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder