CVE-2020-2219

Jenkins Link Column Plugin 1.0 and earlier does not filter URLs of links created by users with View/Configure permission, resulting in a stored cross-site scripting vulnerability...

CVE-2020-2219

CVE-2020-2219 concerns the Jenkins Link Column Plugin (versions 1.0 and earlier). The issue is a stored cross-site scripting (XSS) vulnerability where links created by users with View/Configure permission are not filtered, allowing the javascript: scheme to be executed. The affected component is ...

PT-2020-15435 · Jenkins · Jenkins Link Column Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Link Column Plugin versions 1.0 and earlier Description: The issue concerns a stored cross-site scripting vulnerability. It allows users with View/Configure permission to create links that can execute JavaScript code due to the lack o...

grafana: XSS via column.title or cellLinkTooltip

A flaw was found in grafana. A XSS is possible in table-panel via column.title or cellLinkTooltip...

CVE-2020-12245

A flaw was found in grafana. A XSS is possible in table-panel via column.title or cellLinkTooltip...

jenkins: improperly processes HTML content of list leads to XSS

Jenkins 2.227 and earlier, LTS 2.204.5 and earlier improperly processes HTML content of list view column headers, resulting in a stored XSS vulnerability exploitable by users able to control column headers...

PHP-Fusion 9.03.60 PHP Object Injection / SQL Injection

Exploit Title: PHP-Fusion v9.03.60, PHP Object Injection to SQL injection pre-auth Date: 2020-05-26 Exploit Author: coiffeur Vendor Homepage: https://www.php-fusion.co.uk/home.php Software Link: https://www.php-fusion.co.uk/phpfusion9downloads.php Version: v9.03.60 import sys import requests impo...

UBUNTU-CVE-2018-18624

Grafana 5.3.1 has XSS via a column style on the "Dashboard Table Panel" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099...

CVE-2019-15083

Default installations of Zoho ManageEngine ServiceDesk Plus 10.0 before 10500 are vulnerable to XSS injected by a workstation local administrator. Using the installed program names of the computer as a vector, the local administrator can execute code on the Manage Engine ServiceDesk administrator...

Android Security Bulletin—May 2020Stay organized with collectionsSave and categorize content based on your preferences.

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2020-05-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version. Android partners are...

UBUNTU-CVE-2020-12245

Grafana before 6.7.3 allows table-panel XSS via column.title or cellLinkTooltip...

The vulnerability of the sqlite3ExprCodeTarget function in the SQLite database management system, related to the assignment of the null pointer, allows a attacker to cause a service failure.

The vulnerability of the sqlite3ExprCodeTarget function in the SQLite database management system is related to a column processing error in y.pTab. Exploiting this vulnerability can allow an attacker to cause service interruptions remotely...

ImageMagick: heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling columns

A heap-based buffer overflow was discovered in ImageMagick in the way it applies a value with arithmetic, relational, or logical operators to an image due to mishandling columns. Applications compiled against ImageMagick libraries that accept untrustworthy images and use the evaluate-sequence...

postgresql: Selectivity estimators bypass row security policies

PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain values taken from the column. PostgreSQL does not evaluate row security policies before consulting those statistics during query planning; an attacker can exploit thi...

Cross site scripting

Jenkins 2.227 and earlier, LTS 2.204.5 and earlier improperly processes HTML content of list view column headers, resulting in a stored XSS vulnerability exploitable by users able to control column headers...

CVE-2020-2163

CVE-2020-2163 affects Jenkins 2.227 and earlier, and Jenkins LTS 2.204.5 and earlier. The issue is a stored XSS in the HTML content of list view column headers, caused by improper processing. It can be exploited by a user who can control column headers, enabling script execution in a victim’s bro...

CVE-2020-9327

A NULL pointer dereference was found in SQLite in the way it executes select statements with column optimizations. An attacker who is able to execute SQL statements can use this flaw to crash the application...

CVE-2020-9327

In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations...

CVE-2020-9327

In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations...

CVE-2020-9327

In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations...