Lucene search
K

6775 matches found

Github Security Blog
Github Security Blog
added 2024/10/04 8:31 p.m.59 views

cookie accepts cookie name, path, and domain with out of bounds characters

Impact The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. For example, serialize"userName=alert'XSS3'; Max-Age=2592000; a", value would result in "userName=alert'XSS3'; Max-Age=2592000; a=test", setting userName cookie to and ignoring value. ...

6.9CVSS7AI score0.00749EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/10/04 7:9 a.m.22 views

BIT-JENKINS-2024-47803

Jenkins LTS 2.462.2 and earlier does not redact multi-line secret values in error messages generated for form submissions involving the secretTextarea form field...

4.3CVSS5.6AI score0.0084EPSS
Exploits0References2
Citrix
Citrix
added 2024/10/04 12:0 a.m.7 views

App Layering - Changes to Scheduled Tasks do not show up on the layered image

Making changes to an existing scheduled task will not be reflected on the published image. Adding a version to the layer shows the old values and not the changes...

7AI score
Exploits0
CNNVD
CNNVD
added 2024/10/04 12:0 a.m.7 views

cookie 安全漏洞

cookie is an HTTP server cookie parsing and serialization library open-sourced by jshttp. A security vulnerability exists in versions prior to cookie 0.7.0, which stems from a vulnerability that allows an attacker to set other fields of a cookie by manipulating the cookie name, resulting in...

6.9CVSS7.5AI score0.00749EPSS
Exploits0References4
OSV
OSV
added 2024/10/03 7:15 p.m.4 views

CVE-2024-41592

DrayTek Vigor3910 devices through 4.3.2.6 have a stack-based overflow when processing query string parameters because GetCGI mishandles extraneous ampersand characters and long key-value pairs...

8CVSS5.9AI score0.01407EPSS
Exploits1References2
OSV
OSV
added 2024/10/03 6:22 p.m.5 views

CLSA-2024-1727979765 python3.9: Fix of 2 CVEs

CVE-2024-6232: remove backtracking when parsing tarfile headers - CVE-2024-7592: fix quadratic complexity in parsing "-quoted cookie values with backslashes...

7.5CVSS6.7AI score0.02303EPSS
Exploits3References1
OSV
OSV
added 2024/10/03 2:10 p.m.8 views

USN-7053-1 imagemagick vulnerabilities

It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or potentially leak sensitive information. These...

9.8CVSS7AI score0.04352EPSS
Exploits23References26
Ubuntu
Ubuntu
added 2024/10/03 2:10 p.m.21 views

USN-7053-1: ImageMagick vulnerabilities

It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or potentially leak sensitive information. These...

9.8CVSS7AI score0.04352EPSS
Exploits23
SUSE Linux
SUSE Linux
added 2024/10/03 12:3 p.m.1 views

Security update for opensc

This update for opensc fixes the following issues: CVE-2024-45620: Incorrect handling of the length of buffers or files in pkcs15init. bsc1230076 CVE-2024-45619: Incorrect handling length of buffers or files in libopensc. bsc1230075 CVE-2024-45618: Uninitialized values after incorrect or missing...

3.9CVSS7.9AI score0.00355EPSS
Exploits0References30
OSV
OSV
added 2024/10/02 6:31 p.m.27 views

GHSA-62JV-J4W7-5HH8 Jenkins Credentials plugin reveals encrypted values of credentials to users with Extended Read permission

Jenkins Credentials Plugin 1380.va435002fa924 and earlier, except 1371.1373.v4ebfab7161e9, does not redact encrypted values of credentials using the SecretBytes type e.g., Certificate credentials, or Secret file credentials from Plain Credentials Plugin when accessing item config.xml via REST API...

5.3CVSS7.5AI score0.00583EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/10/02 6:31 p.m.30 views

Jenkins Credentials plugin reveals encrypted values of credentials to users with Extended Read permission

Jenkins Credentials Plugin 1380.va435002fa924 and earlier, except 1371.1373.v4ebfab7161e9, does not redact encrypted values of credentials using the SecretBytes type e.g., Certificate credentials, or Secret file credentials from Plain Credentials Plugin when accessing item config.xml via REST API...

7.5CVSS6.9AI score0.00583EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2024/10/02 5:0 p.m.16 views

CVE-2024-47803

A flaw was found in Jenkins. Certain versions do not redact multi-line secret values in error messages generated for form submissions involving the secretTextarea form field. Mitigation Mitigation for this issue is ei ther not available or the currently available options do not meet the Red Hat...

5.3CVSS6.2AI score0.0084EPSS
Exploits0References4
OSV
OSV
added 2024/10/02 4:15 p.m.14 views

CVE-2024-47805

Jenkins Credentials Plugin 1380.va435002fa924 and earlier, except 1371.1373.v4ebfab7161e9, does not redact encrypted values of credentials using the SecretBytes type when accessing item config.xml via REST API or CLI...

7.5CVSS7.6AI score
Exploits0References1
NVD
NVD
added 2024/10/02 4:15 p.m.41 views

CVE-2024-47805

Jenkins Credentials Plugin 1380.va435002fa924 and earlier, except 1371.1373.v4ebfab7161e9, does not redact encrypted values of credentials using the SecretBytes type when accessing item config.xml via REST API or CLI...

7.5CVSS0.00583EPSS
Exploits0References1
NVD
NVD
added 2024/10/02 4:15 p.m.18 views

CVE-2024-47803

Jenkins 2.478 and earlier, LTS 2.462.2 and earlier does not redact multi-line secret values in error messages generated for form submissions involving the secretTextarea form field...

4.3CVSS0.0084EPSS
Exploits0References1
OSV
OSV
added 2024/10/02 4:15 p.m.19 views

CVE-2024-47803

Jenkins 2.478 and earlier, LTS 2.462.2 and earlier does not redact multi-line secret values in error messages generated for form submissions involving the secretTextarea form field...

4.3CVSS4.6AI score
Exploits0References1
Cvelist
Cvelist
added 2024/10/02 3:35 p.m.40 views

CVE-2024-47805

Jenkins Credentials Plugin 1380.va435002fa924 and earlier, except 1371.1373.v4ebfab7161e9, does not redact encrypted values of credentials using the SecretBytes type when accessing item config.xml via REST API or CLI...

0.00583EPSS
Exploits0References1
CVE
CVE
added 2024/10/02 3:35 p.m.130 views

CVE-2024-47805

CVE-2024-47805 affects Jenkins Credentials Plugin and does not redact encrypted values of credentials using the SecretBytes type in item config.xml accessed via REST API or CLI. Vulnerable versions include 1380.va_435002fa_924 and earlier, with some exceptions (e.g., 1371.1373.v4eb_fa_b_7161e9). ...

7.5CVSS7AI score0.00583EPSS
Exploits0References1Affected Software1
AlpineLinux
AlpineLinux
added 2024/10/02 3:35 p.m.3 views

CVE-2024-47805

Jenkins Credentials Plugin 1380.va435002fa924 and earlier, except 1371.1373.v4ebfab7161e9, does not redact encrypted values of credentials using the SecretBytes type when accessing item config.xml via REST API or CLI...

7.5CVSS7.3AI score0.00583EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/10/02 12:0 a.m.6 views

Jenkins 安全漏洞

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. A security vulnerability exists in Jenkins 2.478 and earlier and LTS 2.462.2 and earlier, which stems from not editing...

4.3CVSS6.7AI score0.0084EPSS
Exploits0References4
Rows per page
Query Builder