346 matches found
CVE-2022-43434
Jenkins NeuVector Vulnerability Scanner Plugin 1.20 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...
CVE-2022-43432
Jenkins XFramium Builder Plugin 1.0.22 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...
CVE-2022-43432
Jenkins XFramium Builder Plugin 1.0.22 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...
CVE-2022-43433
Jenkins ScreenRecorder Plugin 0.7 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...
Design/Logic Flaw
Jenkins ScreenRecorder Plugin 0.7 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...
Design/Logic Flaw
Jenkins NeuVector Vulnerability Scanner Plugin 1.20 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...
CVE-2022-43435
Jenkins 360 FireLine Plugin 1.7.2 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...
PT-2022-26918 · Jenkins · Jenkins Neuvector Vulnerability Scanner Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins NeuVector Vulnerability Scanner Plugin versions 1.20 and earlier Description: The issue allows cross-site scripting XSS attacks by users with the ability to control files in workspaces, archived artifacts, etc. This is because the...
PT-2022-26037 · Relatedcode · Relatedcode'S Messenger
Name of the Vulnerable Software and Affected Versions: Relatedcode's Messenger version 7bcd20b Description: The issue allows an authenticated external attacker to access existing chats in the workspaces of any user of the application. This is possible because the application does not validate...
CVE-2022-1805
When connecting to Amazon Workspaces, the SHA256 presented by AWS connection provisioner is not fully verified by Zero Clients. The issue could be exploited by an adversary that places a MITM Man in the Middle between a zero client and AWS session provisioner in the network. This issue is only...
Code injection
When connecting to Amazon Workspaces, the SHA256 presented by AWS connection provisioner is not fully verified by Zero Clients. The issue could be exploited by an adversary that places a MITM Man in the Middle between a zero client and AWS session provisioner in the network. This issue is only...
CVE-2022-1805
CVE-2022-1805 describes a MITM risk in Teradici PCoIP Zero Clients when connecting to Amazon Workspaces: the SHA256 presented by the AWS Connection Configurator is not fully verified by the Zero Client, allowing potential interception between the Zero Client and the AWS session provisioner. The i...
CVE-2022-1805
When connecting to Amazon Workspaces, the SHA256 presented by AWS connection provisioner is not fully verified by Zero Clients. The issue could be exploited by an adversary that places a MITM Man in the Middle between a zero client and AWS session provisioner in the network. This issue is only...
Teradici PCoIP Zero Clients 信任管理问题漏洞
Teradici PCoIP Zero Clients is an ultra-secure endpoint from Teradici Canada. It uses a highly integrated, specialized processor to transmit pixels, not data, to the user's desktop. A trust management issue vulnerability exists in Teradici PCoIP Zero Clients Firmware version 22.01.5, 22.04.1 and...
PT-2022-14126 · Teradici · Pcoip Zero Client
Name of the Vulnerable Software and Affected Versions: PCoIP Zero Client affected versions not specified Description: The issue arises when connecting to Amazon Workspaces, as the SHA256 presented by the AWS connection provisioner is not fully verified by Zero Clients. This could be exploited by ...
Malicious code in workspaces_api (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7f6a19cbcf5e87f030986907a617618f131ae53ae924cff5278b008371bb49c9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in arm-workspaces (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f839c7c5f392665a6fb4514cbac04fe8c2bb1e2d6634d091fc7cccfdae80d498 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-1120 Malicious code in arm-workspaces (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f839c7c5f392665a6fb4514cbac04fe8c2bb1e2d6634d091fc7cccfdae80d498 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-1296 Malicious code in azure-arm-workspaces-samples-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 306ff4b6fffa361d81e979b5ef2a337379a04e79ef23b632170418748925c574 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in azure-arm-workspaces-samples-ts (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 25fdf3e3810b11986993e1ee312d73c2be2e122399ae83f6c577f58853782c50 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...