1048 matches found
CVE-2020-2191
Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier does not check permissions on API endpoints that allow adding and removing agent labels...
CVE-2020-2192
A cross-site request forgery vulnerability in Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier allows attackers to add or remove agent labels...
PT-2020-15406 · Jenkins · Jenkins Self-Organizing Swarm Plug-In Modules Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Self-Organizing Swarm Plug-in Modules Plugin versions 3.20 and earlier Description: A cross-site request forgery issue allows attackers to add or remove agent labels. The Swarm Plugin adds API endpoints to manage agent labels, but in...
PT-2020-15405 · Jenkins · Jenkins Self-Organizing Swarm Plug-In Modules Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Self-Organizing Swarm Plug-in Modules Plugin versions 3.20 and earlier Description: The issue concerns the lack of permission checks on API endpoints that allow adding and removing agent labels. This allows users with Agent/Create...
Shopify: Ability to generate shipping labels in another store orders
Details A shop owner creating a session on its own store on https://mailbox.shopifycloud.com/ service can craft request to print labels on another store he doesn't have access to. Steps to reproduce 1. Go to an unfulfilled order and click on Create a shipping label 2. Copy the CURL request that i...
DRUPAL-CONTRIB-2020-015
This module enables you to build forms and surveys in Drupal. The module doesn't sufficiently sanitize Webform labels nor visibility conditions under the scenario of placing a block. When a webform block is placed and visible on a website any JavaScript code contained within the webform's label w...
evolution security and bug fix update
evolution 3.28.5-12 - Add patch for RH bug 1778799 New Mail account wizard ignores email address change 3.28.5-11 - Update patch for RH bug 1764563 CVE-2018-15587: Reposition signature bar 3.28.5-10 - Add patch for RH bug 1764563 CVE-2018-15587: Reposition signature bar - Add patch for RH bug...
P5 FNIP-8x16A/FNIP-4xSH CSRF / Cross Site Scripting
!-- C...
Denial Of Service (DoS)
mcstrans is vulnerable to Denial Of Service DoS. An algorithmic complexity weakness was found in the way the mcstrans daemon handled ranges of compartments in sensitivity labels. A local user could trigger this flaw causing mctransd to temporarily stop responding to other requests; a partial deni...
EulerOS Virtualization for ARM 64 3.0.6.0 : libidn2 (EulerOS-SA-2020-1338)
According to the version of the libidn2 package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels ...
CVE-2020-2161
Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not properly escape node labels that are shown in the form validation for label expressions on job configuration pages, resulting in a stored XSS vulnerability exploitable by users able to define node labels...
Cross site scripting
Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not properly escape node labels that are shown in the form validation for label expressions on job configuration pages, resulting in a stored XSS vulnerability exploitable by users able to define node labels...
CVE-2020-2161
Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not properly escape node labels that are shown in the form validation for label expressions on job configuration pages, resulting in a stored XSS vulnerability exploitable by users able to define node labels...
CVE-2020-2161
Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not properly escape node labels that are shown in the form validation for label expressions on job configuration pages, resulting in a stored XSS vulnerability exploitable by users able to define node labels...
CVE-2020-2161
CVE-2020-2161 affects Jenkins 2.227 and earlier, and LTS 2.204.5 and earlier. It is a stored XSS cause by improper escaping of node labels shown in the form validation for label expressions on job configuration pages. The underlying issue is the failure to properly sanitize user-supplied node lab...
Envizon v3.0 - Network Visualization And Vulnerability Management/Reporting
This tool is designed, developed and supported by evait security. In order to give something back to the security community, we publish our internally used and developed, state of the art network visualization and vulnerability reporting tool, 'envizon'. We hope your feedback will help to improve...
PT-2020-5054 · Cloudbees +1 · Jenkins
Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.227 and earlier Jenkins LTS versions 2.204.5 and earlier Description: The issue arises from the improper escaping of node labels shown in the form validation for label expressions on job configuration pages, resulting in a...
CVE-2020-6072
An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the rrdecode function's return value is not checked, leading to a double free that could be exploited to execute arbitrary code. A...
DEBIAN-CVE-2020-6072
An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the rrdecode function's return value is not checked, leading to a double free that could be exploited to execute arbitrary code. A...
UBUNTU-CVE-2020-6071
An exploitable denial-of-service vulnerability exists in the resource record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the compression pointer is followed without checking for recursion, leading to a denial of service. An attacker can...