Jenkins Blue Ocean cross-site request forgery vulnerability

Jenkins and Jenkins Plugin are both open source products from Jenkins.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.Jenkins Blue Ocean 1.25.3 and earlier...

Cisco IOS XE Software Web Services DoS (cisco-sa-http-dos-svOdkdBS)

According to its self-reported version, Cisco IOS-XE Software is affected by a denial of service vulnerability due to improper resource management in the HTTP server code. An authenticated, remote attacker can exploit this by sending a large number of HTTP requests to an affected device to cause...

Cisco IOS Software Web Services DoS (cisco-sa-http-dos-svOdkdBS)

According to its self-reported version, Cisco IOS is affected by a denial of service vulnerability due to improper resource management in the HTTP server code. An authenticated, remote attacker can exploit this by sending a large number of HTTP requests to an affected device to cause the device t...

Mageia: Security Advisory (MGASA-2022-0180)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

subversion: Subversion's mod_dav_svn is vulnerable to memory corruption

A use-after-free vulnerability was found in Subversion in the moddavsvn Apache HTTP server HTTPd module. While looking up path-based authorization authz rules, multiple calls to the postconfig hook can invalidate cached pointers to object-pools, which Subversion subsequently uses. This issue...

Cross Site Request Forgery in Jenkins Blue Ocean Plugin

A cross-site request forgery CSRF vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server. Blue Ocean Plugin 1.25.4 requires POST requests and the appropriate permissions for the affected HTTP endpoints...

Oracle Linux 8 : httpd:2.4 (ELSA-2022-1915)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-1915 advisory. - Resolves: 2035030 - CVE-2021-44224 httpd:2.4/httpd: possible NULL dereference or SSRF in forward proxy configurations Tenable has extracted the...

Security Bulletin: Vulnerabilities in IBM HTTP Server affect IBM Netezza Performance Portal

Summary IBM HTTP Server is used by IBM Netezza Performance Portal. IBM Netezza Performance Portal has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2022-22719 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service. By using a specially crafted request body to read ...

CVE-2022-30953

A cross-site request forgery CSRF vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server...

CVE-2022-30953

A cross-site request forgery CSRF vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server...

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server...

CVE-2022-30953

A cross-site request forgery CSRF vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server...

GHSA-GG36-9346-9QX9 phpMyAdmin Remote Code Execution

phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTT...

phpMyAdmin Remote Code Execution

phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTT...

PT-2022-20409 · Jenkins · Jenkins Blue Ocean Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Blue Ocean Plugin versions 1.25.3 and earlier Description: The issue allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server due to a lack of permission checks in several HTTP endpoints...

Jenkins Blue Ocean Plugin 跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both open source products from Jenkins.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.Jenkins Blue Ocean 1.25.3 and earlier...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty shipped with IBM Standards Processing Engine and IBM Transformation Extender Advanced (CVE-2015-3183)

Summary IBM WebSphere Application Server Liberty is shipped with IBM Standards Processing Engine and IBM Transformation Extender Advanced. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. Vulnerability Details...

Updated golang-github-prometheus-client packages fix security vulnerability

HTTP server is susceptible to a Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods...

GHSA-68QQ-3PHH-53J7 mod_cluster Denial of Service vulnerability

modcluster, as used in Red Hat JBoss Web Server 2.1, allows remote attackers to cause a denial of service Apache http server crash via an MCMP message containing a series of = equals characters after a legitimate element...

F5 Networks BIG-IP : Apache HTTP Server vulnerability (K67090077)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.9 / 16.1.4 / 17.1.1. It is, therefore, affected by a vulnerability as referenced in the K67090077 advisory. Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discardin...