Design/Logic Flaw

A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in DataBoundConfigurator.java, Attribute.java, BaseConfigurator.java, ExtensionConfigurator.java that allows attackers with access to Jenkins log files to obtain the passwords...

CVE-2018-1000610

A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in DataBoundConfigurator.java, Attribute.java, BaseConfigurator.java, ExtensionConfigurator.java that allows attackers with access to Jenkins log files to obtain the passwords...

Cross site scripting

qutebrowser version introduced in v0.11.0 1179ee7a937fb31414d77d9970bac21095358449 contains a Cross Site Scripting XSS vulnerability in history command, qute://history page that can result in Via injected JavaScript code, a website can steal the user's browsing history. This attack appear to be...

libfsntfs information disclosure vulnerability (CNVD-2018-16497)

libfsntfs is a library for accessing the New Technology File System NTFS. An information disclosure vulnerability exists in the libfsntfsattributereadfrommft function in the libfsntfsattribute.c file in libfsntfs 2018-04-20 and earlier. An attacker can exploit this vulnerability to obtain...

Code injection

An issue was discovered in Zuul 3.x before 3.1.0. If nodes become offline during the build, the nolog attribute of a task is ignored. If the unreachable error occurred in a task used with a loop variable e.g., withitems, the contents of the loop items would be printed in the console. This could...

CVE-2018-12557

An issue was discovered in Zuul 3.x before 3.1.0. If nodes become offline during the build, the nolog attribute of a task is ignored. If the unreachable error occurred in a task used with a loop variable e.g., withitems, the contents of the loop items would be printed in the console. This could...

Security Bulletin: IBM Tivoli Federated Identity Manager is affected by a missing secure attribute in the encrypted session (SSL) cookie (CVE-2017-1319)

Summary IBM Tivoli Federated Identity Manager is affected by a vulnerability due to a missing secure attribute in encrypted session SSL cookie. Vulnerability Details CVEID: CVE-2017-1319 DESCRIPTION: IBM Tivoli Federated Identity Manager is affected by a vulnerability due to a missing secure...

Security Bulletin: IBM QRadar Incident Forensics is vulnerable to a man in the middle attack. (CVE-2015-1993)

Summary Several cookies in QRadar Incident Forensics are missing the secure attribute. This allows attackers with Man in The Middle position access to steal the cookie value by tricking the victim to navigate to the site on an unencrypted connection. Vulnerability Details CVE-ID: CVE-2015-1993...

Security Bulletin: IBM QRadar Incident Forensics is vulnerable to session highjacking. (CVE-2015-1994)

Summary IBM QRadar incident forensics authorization cookie is missing the httponly attribute. Vulnerability Details CVE-ID: CVE-2015-1994 Description: IBM Qradar Incident Forensics could allow a remote attacker to obtain sensitive information, caused by the failure to set the httponly attribute f...

SUSE-SU-2018:1694-1 Security update for nautilus

This update for nautilus fixes the following security issue: - CVE-2017-14604: Fixed a file type spoofing attack by adding a metadata::trusted attribute to a file once the user acknowledges the file as trusted, and also remove the 'trusted' content in the desktop file bsc1060031...

Microsoft Windows 10 - Child Process Restriction Mitigation Bypass Exploit

Exploit for linux platform in category local exploits Windows: Child Process Restriction Mitigation Bypass Platform: Windows 10 1709 not tested other versions Class: Security Feature Bypass Summary: It’s possible to bypass the child process restriction mitigation policy by impersonating the...

Microsoft Windows 10 - Child Process Restriction Mitigation Bypass

Windows: Child Process Restriction Mitigation Bypass Platform: Windows 10 1709 not tested other versions Class: Security Feature Bypass Summary: It’s possible to bypass the child process restriction mitigation policy by impersonating the anonymous token leading to a security feature bypass...

md4c denial of service vulnerability

md4c is a C-based Markdown a markup language parser . A security vulnerability exists in the 'mdbuildattribute' function of the md4c.c file in versions of md4c prior to 0.2.6. A remote attacker can exploit this vulnerability to cause a denial of service segmentation error and application crash wi...

DEBIAN-CVE-2018-5162

Plaintext of decrypted emails can leak through the src attribute of remote images, or links. This vulnerability affects Thunderbird ESR 52.8 and Thunderbird 52.8...

CVE-2017-7788

When an "iframe" has a "sandbox" attribute and its content is specified using "srcdoc", that content does not inherit the containing page's Content Security Policy CSP as it should unless the sandbox attribute included "allow-same-origin". This vulnerability affects Firefox 55...

Design/Logic Flaw

A Blob URL can violate origin attribute segregation, allowing it to be accessed from a private browsing tab and for data to be passed between the private browsing tab and a normal tab. This could allow for the leaking of private information specific to the private browsing context. This issue is...

CVE-2018-5108

A Blob URL can violate origin attribute segregation, allowing it to be accessed from a private browsing tab and for data to be passed between the private browsing tab and a normal tab. This could allow for the leaking of private information specific to the private browsing context. This issue is...

CVE-2018-5108

CVE-2018-5108 is a Firefox Blob URL information-leak vulnerability. A Blob URL can violate origin attribute segregation, permitting data exchange between a private browsing context and a normal tab, enabling leakage of private information from the private context. Public documentation notes the a...

CVE-2017-7788

When an "iframe" has a "sandbox" attribute and its content is specified using "srcdoc", that content does not inherit the containing page's Content Security Policy CSP as it should unless the sandbox attribute included "allow-same-origin". This vulnerability affects Firefox 55...

CVE-2018-5108

A Blob URL can violate origin attribute segregation, allowing it to be accessed from a private browsing tab and for data to be passed between the private browsing tab and a normal tab. This could allow for the leaking of private information specific to the private browsing context. This issue is...