jenkins-script-security-plugin: sandbox protection bypass during script compilation phase by applying AST transforming annotations

Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations...

CVE-2019-1003005

A flaw was found in the Jenkins Script Security plugin through version 1.50. The fix for CVE-2019-1003000 was found to be incomplete. Script Security sandbox protection could be circumvented during the script compilation phase by applying AST transforming annotations such as @Grab to source code...

Fedora: Security Advisory for python3-typed_ast (FEDORA-2020-9b3dabc21c)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 30 Update: python3-typed_ast-1.4.0-2.fc30

A fork of the ast module with type annotations. This package is based on th e ast modules from Python 2 and 3, and has been extended with support for type comments and type annotations as supported in Python 3.6...

Important: tomcat

Issue Overview: The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88. CVE-2018-8034 The URL pattern of "" the empty string which...

CVE-2020-8857

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsi...

CVE-2020-2110

Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations...

Design/Logic Flaw

Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations...

CVE-2020-2110

Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations...

PT-2020-15317 · Jenkins · Jenkins Script Security Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Script Security Plugin versions 1.69 and earlier Description: The issue allows sandbox protection to be circumvented during the script compilation phase. This can be achieved by applying AST transforming annotations to imports or by...

Foxit Reader Annotations Point Use After Free (CVE-2018-9958)

A use-after-free vulnerability exists in Foxit Reader. This vulnerability is due to improper handling of an annotation object. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system...

Fedora Update for jackson-annotations FEDORA-2019-cf87377f5f

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora Update for jackson-annotations FEDORA-2019-99ff6aa32c

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

IceWarp WebMail Server Cross-Site Scripting Vulnerability (CNVD-2020-02978)

IceWarp WebMail Server is a Web-based mail server product from the U.S. company IceWarp. The product supports email archiving, SmartAttach attachments, automatic migration and more. A cross-site scripting vulnerability exists in object annotations in IceWarp WebMail Server version 12.2.0 and...

GitLab Information Disclosure Vulnerability (CNVD-2020-01234)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. An information disclosure vulnerability exists in GitLab...

[SECURITY] Fedora 31 Update: jackson-databind-2.10.0-1.fc31

The general-purpose data-binding functionality and tree-model for Jackson D ata Processor. It builds on core streaming parser/generator package, and uses Jackson Annotations for configuration...

[SECURITY] Fedora 31 Update: jackson-annotations-2.10.0-1.fc31

Core annotations used for value types, used by Jackson data-binding package...

[SECURITY] Fedora 30 Update: jackson-annotations-2.10.0-1.fc30

Core annotations used for value types, used by Jackson data-binding package...

Fedora Update for jackson-annotations FEDORA-2019-b171554877

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora 31 : jackson-annotations / jackson-bom / jackson-core / jackson-databind (2019-99ff6aa32c)

Update jackson-databind to version 2.9.9.3. - Update jackson-core to version 2.9.9. - Update jackson-annotations to version 2.9.9. - Update jackson-bom to version 2.9.9. Resolves CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379, and CVE-14439. Note that Tenable Network Security has...