7 matches found
CGA-CFG4-2GC2-9PGM
Bulletin has no description...
iccDEV 输入验证错误漏洞
iccDEV is an open source color configuration code base from the International Color Consortium. An input validation error vulnerability exists in versions of iccDEV prior to 2.3.1.2 that stems from the presence of an undefined behavior runtime error...
CVE-2019-10345
Jenkins Configuration as Code Plugin 1.20 and earlier did not treat the proxy password as a secret to be masked when logging or encrypted for export...
Duende IdentityServer has insufficient validation of DPoP cnf claim in Local APIs
Impact IdentityServer's local API authentication handler performs insufficient validation of the cnf claim in DPoP access tokens. This allows an attacker to use leaked DPoP access tokens at local api endpoints even without possessing the private key for signing proof tokens. Note that this only...
Missing Authorization in Jenkins Configuration as Code Plugin
Missing permission checks in Jenkins Configuration as Code Plugin 1.24 and earlier in various HTTP endpoints allowed users with Overall/Read access to access the generated schema and documentation for this plugin containing detailed information about installed plugins...
vBulletin Remote Command Execution Vulnerability (CNVD-2019-42750)
vBulletin is the United States InternetBrands and vBulletinSolutions, Inc. of a PHP and MySQL-based open source Web forum program . A remote command execution vulnerability exists in vBulletin versions 5.x through 5.5.4, which can be exploited by an attacker to execute commands with the help of t...
CVE-2019-10343
Jenkins Configuration as Code Plugin 1.24 and earlier did not properly apply masking to values expected to be hidden when logging the configuration being applied...