118 matches found
UBUNTU-CVE-2022-49121
In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix tag leaks on error In pm8001chipsetdevstatereq, pm8001chipfwflashupdatereq, pm80xxchipphyctlreq and pm8001chipregdevreq add missing calls to pm8001tagfree to free the allocated tag when pm8001mpibuildcmd fails...
UBUNTU-CVE-2022-49084
In the Linux kernel, the following vulnerability has been resolved: qede: confirm skb is allocated before using qedebuildskb assumes buildskb always works and goes straight to skbreserve. However, buildskb can fail under memory pressure. This results in a kernel panic because the skb to reserve i...
rpm-ostree bug fix update
An update is available for rpm-ostree. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The rpm-ostree tool binds together the RPM packaging model with the OSTree...
openSUSE: Security Advisory for squashfs (SUSE-SU-2023:4591-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2023:4829-1 Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues: Update to version 2.42.3 bsc1217844: - Fix flickering while playing videos with DMA-BUF sink. - Fix color picker being triggered in the inspector when typing 'tan'. - Do not special case the 'sans' font family name. - Fix build failure with...
SUSE-SU-2023:4824-1 Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues: Update to version 2.42.3 bsc1217844: - Fix flickering while playing videos with DMA-BUF sink. - Fix color picker being triggered in the inspector when typing 'tan'. - Do not special case the 'sans' font family name. - Fix build failure with...
GHSA-2WWH-QGH8-W9XW Jenkins Build Failure Analyzer Plugin Cross-Site Request Forgery vulnerability
Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not require POST requests for an HTTP endpoint, resulting in cross-site request forgery CSRF vulnerabilities. This vulnerability allows attackers to delete Failure Causes. Build Failure Analyzer Plugin 2.4.2 requires POST requests for t...
GHSA-262F-77Q5-RQV6 Jenkins Build Failure Analyzer Plugin Cross-site Scripting vulnerability
Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not escape Failure Cause names in build logs. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to create or update Failure Causes. Build Failure Analyzer Plugin 2.4.2 escapes Failure Cause...
Jenkins Build Failure Analyzer Plugin Cross-Site Request Forgery vulnerability
Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not perform a permission check in a connection test HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password. Additionally, th...
Jenkins Build Failure Analyzer Plugin missing permission check
Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not perform a permission check in a connection test HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password. Additionally, th...
Jenkins Build Failure Analyzer Plugin Cross-site Scripting vulnerability
Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not escape Failure Cause names in build logs. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to create or update Failure Causes. Build Failure Analyzer Plugin 2.4.2 escapes Failure Cause...
GHSA-58RQ-69JP-XC23 Jenkins Build Failure Analyzer Plugin Cross-Site Request Forgery vulnerability
Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not perform a permission check in a connection test HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password. Additionally, th...
GHSA-55Q6-R3HM-7FF4 Jenkins Build Failure Analyzer Plugin missing permission check
Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not perform a permission check in a connection test HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password. Additionally, th...
CVE-2023-43502
A cross-site request forgery CSRF vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to delete Failure Causes...
CVE-2023-43500
A cross-site request forgery CSRF vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password...
CVE-2023-43501
A missing permission check in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password...
CVE-2023-43499
Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not escape Failure Cause names in build logs, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to create or update Failure Causes...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to delete Failure Causes...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password...
Cross site scripting
Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not escape Failure Cause names in build logs, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to create or update Failure Causes...