6775 matches found
cookie accepts cookie name, path, and domain with out of bounds characters
Impact The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. For example, serialize"userName=alert'XSS3'; Max-Age=2592000; a", value would result in "userName=alert'XSS3'; Max-Age=2592000; a=test", setting userName cookie to and ignoring value. ...
BIT-JENKINS-2024-47803
Jenkins LTS 2.462.2 and earlier does not redact multi-line secret values in error messages generated for form submissions involving the secretTextarea form field...
App Layering - Changes to Scheduled Tasks do not show up on the layered image
Making changes to an existing scheduled task will not be reflected on the published image. Adding a version to the layer shows the old values and not the changes...
cookie 安全漏洞
cookie is an HTTP server cookie parsing and serialization library open-sourced by jshttp. A security vulnerability exists in versions prior to cookie 0.7.0, which stems from a vulnerability that allows an attacker to set other fields of a cookie by manipulating the cookie name, resulting in...
CVE-2024-41592
DrayTek Vigor3910 devices through 4.3.2.6 have a stack-based overflow when processing query string parameters because GetCGI mishandles extraneous ampersand characters and long key-value pairs...
CLSA-2024-1727979765 python3.9: Fix of 2 CVEs
CVE-2024-6232: remove backtracking when parsing tarfile headers - CVE-2024-7592: fix quadratic complexity in parsing "-quoted cookie values with backslashes...
USN-7053-1 imagemagick vulnerabilities
It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or potentially leak sensitive information. These...
USN-7053-1: ImageMagick vulnerabilities
It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or potentially leak sensitive information. These...
Security update for opensc
This update for opensc fixes the following issues: CVE-2024-45620: Incorrect handling of the length of buffers or files in pkcs15init. bsc1230076 CVE-2024-45619: Incorrect handling length of buffers or files in libopensc. bsc1230075 CVE-2024-45618: Uninitialized values after incorrect or missing...
GHSA-62JV-J4W7-5HH8 Jenkins Credentials plugin reveals encrypted values of credentials to users with Extended Read permission
Jenkins Credentials Plugin 1380.va435002fa924 and earlier, except 1371.1373.v4ebfab7161e9, does not redact encrypted values of credentials using the SecretBytes type e.g., Certificate credentials, or Secret file credentials from Plain Credentials Plugin when accessing item config.xml via REST API...
Jenkins Credentials plugin reveals encrypted values of credentials to users with Extended Read permission
Jenkins Credentials Plugin 1380.va435002fa924 and earlier, except 1371.1373.v4ebfab7161e9, does not redact encrypted values of credentials using the SecretBytes type e.g., Certificate credentials, or Secret file credentials from Plain Credentials Plugin when accessing item config.xml via REST API...
CVE-2024-47803
A flaw was found in Jenkins. Certain versions do not redact multi-line secret values in error messages generated for form submissions involving the secretTextarea form field. Mitigation Mitigation for this issue is ei ther not available or the currently available options do not meet the Red Hat...
CVE-2024-47805
Jenkins Credentials Plugin 1380.va435002fa924 and earlier, except 1371.1373.v4ebfab7161e9, does not redact encrypted values of credentials using the SecretBytes type when accessing item config.xml via REST API or CLI...
CVE-2024-47805
Jenkins Credentials Plugin 1380.va435002fa924 and earlier, except 1371.1373.v4ebfab7161e9, does not redact encrypted values of credentials using the SecretBytes type when accessing item config.xml via REST API or CLI...
CVE-2024-47803
Jenkins 2.478 and earlier, LTS 2.462.2 and earlier does not redact multi-line secret values in error messages generated for form submissions involving the secretTextarea form field...
CVE-2024-47803
Jenkins 2.478 and earlier, LTS 2.462.2 and earlier does not redact multi-line secret values in error messages generated for form submissions involving the secretTextarea form field...
CVE-2024-47805
Jenkins Credentials Plugin 1380.va435002fa924 and earlier, except 1371.1373.v4ebfab7161e9, does not redact encrypted values of credentials using the SecretBytes type when accessing item config.xml via REST API or CLI...
CVE-2024-47805
CVE-2024-47805 affects Jenkins Credentials Plugin and does not redact encrypted values of credentials using the SecretBytes type in item config.xml accessed via REST API or CLI. Vulnerable versions include 1380.va_435002fa_924 and earlier, with some exceptions (e.g., 1371.1373.v4eb_fa_b_7161e9). ...
CVE-2024-47805
Jenkins Credentials Plugin 1380.va435002fa924 and earlier, except 1371.1373.v4ebfab7161e9, does not redact encrypted values of credentials using the SecretBytes type when accessing item config.xml via REST API or CLI...
Jenkins 安全漏洞
Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. A security vulnerability exists in Jenkins 2.478 and earlier and LTS 2.462.2 and earlier, which stems from not editing...