64 matches found
CVE-2018-1000198
A XML external entity processing vulnerability exists in Jenkins Black Duck Hub Plugin 3.1.0 and older in PostBuildScanDescriptor.java that allows attackers with Overall/Read permission to make Jenkins process XML eternal entities in an XML document...
CVE-2018-1000190
A exposure of sensitive information vulnerability exists in Jenkins Black Duck Hub Plugin 4.0.0 and older in PostBuildScanDescriptor.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method...
CVE-2025-0504
Black Duck SCA versions prior to 2025.10.0 had user role permissions configured in an overly broad manner. Users with the scoped Project Manager user role with the Global User Read access permission enabled access to certain Project Administrator functionalities which should have be inaccessible...
EUVD-2025-198515
Black Duck SCA versions prior to 2025.10.0 had user role permissions configured in an overly broad manner. Users with the scoped Project Manager user role with the Global User Read access permission enabled access to certain Project Administrator functionalities which should have be inaccessible...
CVE-2025-0504
Black Duck SCA versions prior to 2025.10.0 had user role permissions configured in an overly broad manner. Users with the scoped Project Manager user role with the Global User Read access permission enabled access to certain Project Administrator functionalities which should have be inaccessible...
CVE-2025-0504 Black Duck SCA Project Privilege Escalation
Black Duck SCA versions prior to 2025.10.0 had user role permissions configured in an overly broad manner. Users with the scoped Project Manager user role with the Global User Read access permission enabled access to certain Project Administrator functionalities which should have be inaccessible...
CVE-2025-0504 Black Duck SCA Project Privilege Escalation
Black Duck SCA versions prior to 2025.10.0 had user role permissions configured in an overly broad manner. Users with the scoped Project Manager user role with the Global User Read access permission enabled access to certain Project Administrator functionalities which should have be inaccessible...
CVE-2025-0504
CVE-2025-0504 affects Black Duck SCA versions prior to 2025.10.0. The root cause is an overly broad configuration of user role permissions: a scoped Project Manager with Global User Read access could access Project Administrator functionalities that should be inaccessible. Consequence: potential ...
Black Duck SCA 安全漏洞
Black Duck SCA is a software composition analysis tool from Black Duck USA. A security vulnerability exists in Black Duck SCA versions prior to 2025.10.0 that stems from an overly broad configuration of user role permissions, which could lead to unauthorized project configuration changes or acces...
PT-2025-47803
Black Duck SCA versions prior to 2025.10.0 had user role permissions configured in an overly broad manner. Users with the scoped Project Manager user role with the Global User Read access permission enabled access to certain Project Administrator functionalities which should have be inaccessible...
EUVD-2022-2866
Malicious code in bioql PyPI...
EUVD-2022-1920
Malicious code in bioql PyPI...
EUVD-2022-3630
Malicious code in bioql PyPI...
EUVD-2022-3225
Malicious code in bioql PyPI...
EUVD-2022-52233
Malicious code in bioql PyPI...
CVE-2022-30278
A vulnerability in Black Duck Hub’s embedded MadCap Flare documentation files could allow an unauthenticated remote attacker to conduct a cross-site scripting attack. The vulnerability is due to improper validation of user-supplied input to MadCap Flare's framework embedded within Black Duck Hub'...
CVE-2018-1000191
A exposure of sensitive information vulnerability exists in Jenkins Black Duck Detect Plugin 1.4.0 and older in DetectPostBuildStepDescriptor.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through anoth...
CVE-2018-1000197
An improper authorization vulnerability exists in Jenkins Black Duck Hub Plugin 3.0.3 and older in PostBuildScanDescriptor.java that allows users with Overall/Read permission to read and write the Black Duck Hub plugin configuration...
Black Duck Coverity 跨站脚本漏洞
Black Duck Coverity is a comprehensive static code analysis and software security tool from Black Duck, Inc. It is used to find and fix vulnerabilities, defects and security risks in software. A cross-site scripting vulnerability exists in versions prior to Black Duck Coverity 2024.9.0, which...
SUSE CVE-2025-0504
Black Duck SCA versions prior to 2025.10.0 had user role permissions configured in an overly broad manner. Users with the scoped Project Manager user role with the Global User Read access permission enabled access to certain Project Administrator functionalities which should have be inaccessible...