Lucene search
K

243 matches found

NVD
NVD
added 2023/07/26 2:15 p.m.23 views

CVE-2023-39156

A cross-site request forgery CSRF vulnerability in Jenkins Bazaar Plugin 1.22 and earlier allows attackers to delete previously created Bazaar SCM tags...

5.3CVSS5.9AI score0.00255EPSS
Exploits0References2
OSV
OSV
added 2023/07/26 2:15 p.m.7 views

CVE-2023-39156

A cross-site request forgery CSRF vulnerability in Jenkins Bazaar Plugin 1.22 and earlier allows attackers to delete previously created Bazaar SCM tags...

5.3CVSS5.7AI score0.00255EPSS
Exploits0References2
Prion
Prion
added 2023/07/26 2:15 p.m.28 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Bazaar Plugin 1.22 and earlier allows attackers to delete previously created Bazaar SCM tags...

5CVSS5.2AI score0.00255EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/07/26 1:54 p.m.8 views

CVE-2023-39156

A cross-site request forgery CSRF vulnerability in Jenkins Bazaar Plugin 1.22 and earlier allows attackers to delete previously created Bazaar SCM tags...

6.7AI score0.00255EPSS
Exploits0References2
CVE
CVE
added 2023/07/26 1:54 p.m.243 views

CVE-2023-39156

CVE-2023-39156 is a CSRF vulnerability in Jenkins Bazaar Plugin 1.22 and earlier. The issue arises because the plugin does not require POST requests on a specific HTTP endpoint, allowing an attacker to delete previously created Bazaar SCM tags. Impact is limited to the ability to delete tags; no ...

5.3CVSS5.2AI score0.00255EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/07/26 1:54 p.m.27 views

CVE-2023-39156

A cross-site request forgery CSRF vulnerability in Jenkins Bazaar Plugin 1.22 and earlier allows attackers to delete previously created Bazaar SCM tags...

5.8AI score0.00255EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/07/26 12:0 a.m.5 views

Jenkins Bazaar Plugin 跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

5.3CVSS5.7AI score0.00255EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/07/26 12:0 a.m.4 views

PT-2023-26813 · Jenkins · Jenkins Bazaar Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Bazaar Plugin versions 1.22 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to delete previously created Bazaar SCM tags. This issue arises because the plugin does not require POST requests fo...

5.3CVSS5AI score0.00255EPSS
Exploits0References5
Openbugbounty
Openbugbounty
added 2023/07/25 11:8 a.m.17 views

bridalbazaar.com Cross Site Scripting vulnerability OBB-3549212

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/07/14 12:0 a.m.306 views

Bazaar Social Listing Shopping Web PHP Template 2.3.2 Cross Site Scripting

==================================================================================================================================== | Title : Bazaar Social Listing Shopping Web PHP Template v2.3.2 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser :...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/07/13 12:0 a.m.319 views

Bazaar Social Listing Shopping Web PHP Template 2.3.2 Privilege Escalation

==================================================================================================================================== | Title : Bazaar | Social Listing Shopping Web PHP Template v2.3.2 Privilege Escalation Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.P...

7.1AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 4:44 a.m.3 views

SUSE CVE-2017-9352

In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bazaar dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by ensuring that backwards parsing cannot occur...

5.9CVSS6.8AI score0.02907EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 4:39 a.m.3 views

SUSE CVE-2017-14176

Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117...

4.8CVSS8.4AI score0.05978EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:25 a.m.4 views

SUSE CVE-2018-14368

In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the Bazaar protocol dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by properly handling items that are too long...

5.3CVSS7.6AI score0.03773EPSS
Exploits1References11
Wired Threat Level
Wired Threat Level
added 2022/10/25 10:0 a.m.20 views

The Hunt for the Kingpin Behind AlphaBay, Part 1: The Shadow

AlphaBay was the largest online drug bazaar in history, run by a technological mastermind who seemed untouchable—until his tech was turned against him...

0.8AI score
Exploits0
OpenVAS
OpenVAS
added 2022/08/26 12:0 a.m.29 views

Ubuntu: Security Advisory (USN-3411-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS8.7AI score0.05978EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/05/13 1:43 a.m.17 views

Bazaar allows remote attackers to execute arbitrary commands via a bzr+ssh URL with initial dash character in hostname

Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117...

9.3CVSS7.1AI score0.05978EPSS
Exploits0References10Affected Software1
OSV
OSV
added 2022/05/13 1:43 a.m.7 views

GHSA-JJXG-HPM7-G95F Bazaar allows remote attackers to execute arbitrary commands via a bzr+ssh URL with initial dash character in hostname

Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117...

8.8CVSS7.1AI score0.05978EPSS
Exploits0References9
CNVD
CNVD
added 2022/03/23 12:0 a.m.23 views

Digital Bazaar Forge Data Forgery Issue Vulnerability

Digital Bazaar Forge is a native implementation of Tls in Javascript and an open source tool for writing encryption-based and network-intensive Web applications from Digital Bazaar, Inc. digitalbazaar Forge versions prior to 1.3.0 are vulnerable to a data forgery issue that originates from RSA PK...

7.5CVSS2.6AI score0.01015EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/23 12:0 a.m.20 views

Digital Bazaar Forge Data Forgery Issue Vulnerability (CNVD-2022-22656)

Digital Bazaar Forge is a native implementation of Tls in Javascript and an open source tool for writing encryption-based and network-intensive Web applications from Digital Bazaar, Inc. A data forgery issue vulnerability exists in versions prior to Digital Bazaar Forge 1.3.0, which originated in...

5.3CVSS1.7AI score0.00875EPSS
Exploits0References1
Rows per page
Query Builder