Citrix Bugs Allow Unauthenticated Code Injection, Data Theft

Multiple vulnerabilities in the Citrix Application Delivery Controller ADC and Gateway would allow code injection, information disclosure and denial of service, the networking vendor announced Tuesday. Four of the bugs are exploitable by an unauthenticated, remote attacker. The Citrix products...

SSB-DB Information Disclosure Vulnerability

SSB-DB is a security information storage plug-in. An information disclosure vulnerability exists in SSB-DB version 20.0.0, which stems from the 'get' method that can decrypt any message and can be exploited by an attacker to access private data...

CloudBees Jenkins Self-Organizing Swarm Plug-in Modules Plugin Cross-Site Request Forgery Vulnerability

CloudBees Jenkins Hudson Labs is a set of Java-based continuous integration tools from CloudBees, Inc. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks.Self-Organizing Swarm Plug-in Modules Plugin is a plug-in that supports the...

CloudBees Jenkins Self-Organizing Swarm Plug-in Modules Plugin Authorization Issue Vulnerability

CloudBees Jenkins Hudson Labs is a set of Java-based continuous integration tools from CloudBees, Inc. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks.Self-Organizing Swarm Plug-in Modules Plugin is a plug-in that supports the...

CVE-2020-2192

A cross-site request forgery vulnerability in Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier allows attackers to add or remove agent labels...

CVE-2020-2191

Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier does not check permissions on API endpoints that allow adding and removing agent labels...

CVE-2020-2192

A cross-site request forgery vulnerability in Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier allows attackers to add or remove agent labels...

Cross site request forgery (csrf)

A cross-site request forgery vulnerability in Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier allows attackers to add or remove agent labels...

CVE-2020-2192

The CVE-2020-2192 entry covers a CSRF vulnerability in Jenkins Swarm Plugin (Self-Organizing Swarm Plug-in Modules) up to version 3.20. The issue arises because the plugin exposes API endpoints that add or remove agent labels and, in 3.20 and earlier, do not perform regular permission checks or r...

CVE-2020-2192

A cross-site request forgery vulnerability in Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier allows attackers to add or remove agent labels...

CVE-2020-2191

Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier does not check permissions on API endpoints that allow adding and removing agent labels...

CVE-2020-2191

CVE-2020-2191 concerns Jenkins Self-Organizing Swarm Plug-in Modules Plugin (3.20 and earlier). The root issue is missing permission checks on API endpoints that add or remove agent labels, allowing users with limited rights to perform label modifications. The vulnerability’s documented impact is...

Foxit PhantomPDF U3DBrowser U3D file parsing out-of-bounds read vulnerability (CNVD-2020-24457)

Foxit PhantomPDF is China's Foxit Foxit a PDF document reader.Foxit 3D Plugin is China's Foxit Foxit a use in the PDF document reader in the 3D plug-in. A security vulnerability exists in Foxit PhantomPDF when processing U3D objects in PDF files. The vulnerability stems from the program failing t...

Out-of-bounds read vulnerability in ve*** data parsing in Foxit PDF Reader U3D plugin

Foxit PDF Reader is an e-book reader. Foxit PDF Reader U3D plug-in ve data parsing there is an out-of-bounds read vulnerability, an attacker can be constructed through the construction of a special PDF file to take advantage of the vulnerability in the current application context to execute code...

The vulnerability of the Server:Audit Plug-in component of the MySQL database management system allows a perpetrator to gain access to read data or modify data.

The vulnerability of the Server:Audit Plug-in component of the MySQL database management system is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain read access to data or modify data using specially crafted network...

Same-Origin Policy Bypass

firefox is vulnerable to Same-Origin policy bypass. A flaw was found in the way Firefox handled frame objects with certain names. An attacker could use this flaw to cause a plug-in to grant its content access to another site or the local file system, violating the same-origin policy...

Arbitrary Code Execution

spice-xpi is vulnerable to arbitrary code execution. The vulnerability exists as an uninitialized pointer use flaw was found in the SPICE Firefox plug-in. If a user were tricked into visiting a malicious web page with Firefox while the SPICE plug-in was enabled, it could cause Firefox to crash or...

Man-in-the-middle

The Simple Protocol for Independent Computing Environments SPICE is vulnerable to Man-in-the-middle. A race condition was found in the way the SPICE Mozilla Firefox plug-in and the SPICE client communicated. A local attacker could use this flaw to trick the plug-in and the SPICE client into...

Access Control Bypass

dovecot is vulnerable to access control bypass. A flaw was found in Dovecot's ACL plug-in. The ACL plug-in treated negative access rights as positive rights, which could allow an attacker to bypass intended access restrictions...

Privilege Escalation

dovecot is vulnerable to privilege escalation. A flaw was found in the Dovecot ACL plug-in. User with only insert permissions for a mailbox could use the "COPY" and "APPEND" commands to set additional message flags...