11633 matches found
GHSA-2588-CX6W-6VM6 Missing permission checks in Jenkins XebiaLabs XL Release Plugin allow capturing credentials
Missing permission checks in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
Important: Red Hat Security Advisory: php:8.0 security update
An update for the php:8.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Important: Red Hat Security Advisory: php:7.4 security update
An update for the php:7.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Important: Red Hat Security Advisory: php:7.4 security update
An update for the php:7.4 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
php:8.0 security update
An update is available for php-pear, php-pecl-rrd, php, php-pecl-apcu, libzip, php-pecl-xdebug3, php-pecl-zip. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list PH...
RLSA-2022:5468 Important: php:8.0 security update
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: password of excessive length triggers buffer overflow leading to RCE CVE-2022-31626 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...
CVE-2022-34781
Missing permission checks in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2022-34781
Missing permission checks in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2022-34781
Missing permission checks in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2022-34781
Missing permission checks in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2022-34781
Missing permission checks in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2022-34781
Missing permission checks in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2022-34780
A cross-site request forgery CSRF vulnerability in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
Security Bulletin: Multiple security vulnerabilities have been identified in IBM HTTP Server shipped with IBM Rational ClearCase (CVE-2022-28614, CVE-2022-28615, CVE-2022-29404, CVE-2022-26377, CVE-2022-31813, CVE-2022-30556)
Summary IBM HTTP Server IHS is shipped as a component of IBM Rational ClearCase. Information about a security vulnerability affecting IHS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...
PT-2022-22332 · Xebialabs +1 · Jenkins Xebialabs Xl Release Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins XebiaLabs XL Release Plugin versions 22.0.0 and earlier Description: The issue is related to missing permission checks in the Jenkins XebiaLabs XL Release Plugin, allowing attackers with Overall/Read permission to connect to an...
Tenable SecurityCenter 5.19.x / 5.20.x / 5.21.0 Multiple Vulnerabilities (TNS-2022-14)
According to its self-reported version, the Tenable SecurityCenter application installed on the remote host is running 5.19.x, 5.20.x, or 5.21.0 and is therefore affected by multiple vulnerabilities: - The aprwrite function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an...
ALSA-2022:5468 ALSA-2022:5468: php:8.0 security update (Important)
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: password of excessive length triggers buffer overflow leading to RCE CVE-2022-31626 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...
CLSA-2022-1656447241 Fixed CVEs in httpd: CVE-2022-31813, CVE-2022-28615, CVE-2022-26377
CVE-2022-26377: modproxyajp: fix HTTP request smuggling - CVE-2022-28615: fix possible out-of-bounds read in apstrcmpmatch - CVE-2022-31813: modproxy: preserve original request headers so an upstream knows what the original request hostname was, and so send X-Forwarded- headers correctly...
Cross-Site Request Forgery in Jenkins EasyQA Plugin
A cross-site request forgery CSRF vulnerability in Jenkins EasyQA Plugin 1.0 and earlier allows attackers to connect to an attacker-specified HTTP server...