Jenkins CLI Deserialization of Untrusted Data vulnerability

The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-.jar file and the "Groovy variant in ysoserial"...

Jenkins has XML External Entity (XXE) Vulnerability in Job Configuration via CLI

XML external entity XXE vulnerability in the create-job CLI command in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to read arbitrary files via a crafted job configuration that is then used in an "XML-aware tool," as demonstrated by get-job and update-job...

GHSA-3J9C-CP7M-8W8G Jenkins has XML External Entity (XXE) Vulnerability in Job Configuration via CLI

XML external entity XXE vulnerability in the create-job CLI command in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to read arbitrary files via a crafted job configuration that is then used in an "XML-aware tool," as demonstrated by get-job and update-job...

Withdrawn Advisory: OpenShift OAuth Server XSS Vulnerability

Withdrawn Advisory This advisory has been withdrawn because the vulnerability does not affect a package in one of the GitHub Advisory Database's supported ecosystems. This link is maintained to preserve external references. Original Description A flaw was found in the /oauth/token/request custom...

GHSA-26WC-3WQP-G3RP Deserialization of Untrusted Data in Jenkins

Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution. An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java SignedObject object to the Jenkins CLI, that would be deserialized...

Deserialization of Untrusted Data in Jenkins

Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution. An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java SignedObject object to the Jenkins CLI, that would be deserialized...

Cisco Firepower Threat Defense Software Command Injection (cisco-sa-ftd-cmdinject-FmzsLN8)

A vulnerability in the CLI of Cisco FTD Software could allow an authenticated, local attacker with administrative privileges to execute arbitrary commands with root privileges on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of...

hammer_cli_foreman Improper Certificate Validation vulnerability

Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not explicitly set the verifyssl flag for apipie-bindings that disable it by default. As a result the server certificates are not checked and connections are prone to man-in-the-middle attacks...

Amazon Linux 2 : docker (ALASNITRO-ENCLAVES-2022-017)

The version of docker installed on the remote host is prior to 20.10.7-3. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2022-017 advisory. A file permissions vulnerability was found in Moby Docker Engine. Copying files by using docker cp into a...

osbuild-composer bug fix and enhancement update

The osbuild-composer package is a service for building customized OS artifacts, such as virtual machine VM images and OSTree commits. Apart from building images for local usage, it can also upload images directly to cloud. The package is compatible with composer-cli and cockpit-composer clients...

ALBA-2022:2059 nvme-cli bug fix and enhancement update

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

nvme-cli bug fix and enhancement update

An update is available for nvme-cli. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 8.6...

nvme-cli bug fix and enhancement update

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

maven:3.6 security and enhancement update

An update is available for apache-commons-io, atinject, jsr-305, maven-shared-utils, plexus-cipher, aopalliance, plexus-classworlds, guava, apache-commons-cli, plexus-containers, plexus-sec-dispatcher, httpcomponents-client, maven-resolver, apache-commons-lang3, plexus-interpolation, sisu,...

Low: Red Hat Security Advisory: Release of OpenShift Serverless Client kn 1.22.0

Release of OpenShift Serverless Client kn 1.22.0 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

NewStart CGSL CORE 5.04 / MAIN 5.04 : docker-ce Vulnerability (NS-SA-2022-0020)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has docker-ce packages installed that are affected by a vulnerability: - runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization...

Fortinet FortiOS Access Control Error Vulnerability (CNVD-2022-50945)

Fortinet FortiOS is a dedicated security operating system for the FortiGate network security platform from Fortinet, Inc. Fortinet FortiOS versions 6.4.8 and earlier and 7.0.3 and earlier are vulnerable to an access control error that could be exploited by an authenticated attacker with a...

Fedora: Security Advisory for golang-github-spf13-cobra (FEDORA-2022-08ae2dd481)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: golang-github-spf13-cobra-1.4.0-2.fc36

Cobra is a library providing a simple interface to create powerful modern CLI interfaces similar to git & go tools. Cobra is also an application that will generate your application scaffolding to rapidly develop a Cobra-based application. Cobra provides: - Easy subcommand-based CLIs: app server,...

[SECURITY] Fedora 36 Update: golang-github-appc-docker2aci-0.17.2-8.fc36

Docker2aci is a small library and CLI binary that converts Docker images to A CI. It takes as input either a file generated by "docker save" or a Docker regist ry URL. It gets all the layers of a Docker image and squashes them into an ACI image. Optionally, it can generate one ACI for each layer,...