130 matches found
ALPINE-CVE-2025-23083
With the aid of the diagnosticschannel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage...
jenkins-plugin/script-security: sandbox bypass via crafted constructor bodies
A sandbox bypass vulnerability was found in the Jenkins Script Security Plugin involving crafted constructor bodies, enabling the circumvention of security restrictions. With crafted constructor bodies, this flaw allows authenticated attackers to define and execute sandboxed scripts, including...
jenkins-plugin/script-security: sandbox bypass via crafted constructor bodies
A sandbox bypass vulnerability was found in the Jenkins Script Security Plugin involving crafted constructor bodies, enabling the circumvention of security restrictions. With crafted constructor bodies, this flaw allows authenticated attackers to define and execute sandboxed scripts, including...
jenkins-plugin/script-security: sandbox bypass via crafted constructor bodies
A sandbox bypass vulnerability was found in the Jenkins Script Security Plugin involving crafted constructor bodies, enabling the circumvention of security restrictions. With crafted constructor bodies, this flaw allows authenticated attackers to define and execute sandboxed scripts, including...
GHSA-V63G-V339-2673 Jenkins Script Security Plugin has sandbox bypass vulnerability involving crafted constructor bodies
Jenkins Script Security Plugin provides a sandbox feature that allows low privileged users to define scripts, including Pipelines, that are generally safe to execute. Calls to code defined inside a sandboxed script are intercepted, and various allowlists are checked to determine whether the call ...
PT-2024-40715 · Git +1 · Xpdf
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-buffer-overflow read, which occurs in the GfxFont::readFontDescriptor function. This function is called by...
[SECURITY] Fedora 40 Update: apiguardian-1.1.2-12.fc40
API Guardian indicates the status of an API element and therefore its level of stability as well. It is used to annotate public types, methods, constructors, and fields within a framework or application in order to publish their API status and level of stability and to indicate how they are...
jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin
A flaw was found in the script-security Jenkins Plugin. In affected versions of the script-security plugin, property assignments performed implicitly by the Groovy language runtime when invoking map constructors were not intercepted by the sandbox. This vulnerability allows attackers with...
jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin
A flaw was found in the script-security Jenkins Plugin. In affected versions of the script-security plugin, property assignments performed implicitly by the Groovy language runtime when invoking map constructors were not intercepted by the sandbox. This vulnerability allows attackers with...
jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin
A flaw was found in the script-security Jenkins Plugin. In affected versions of the script-security plugin, property assignments performed implicitly by the Groovy language runtime when invoking map constructors were not intercepted by the sandbox. This vulnerability allows attackers with...
jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin
A flaw was found in the script-security Jenkins Plugin. In affected versions of the script-security plugin, property assignments performed implicitly by the Groovy language runtime when invoking map constructors were not intercepted by the sandbox. This vulnerability allows attackers with...
MGASA-2023-0270 Updated glibc packages fix security and other bugs
getaddrinfo: Fix use after free in getcanonname CVE-2023-4806 Stack read overflow with large TCP responses in no-aaaa mode CVE-2023-4527 elf: Introduce to dlcallfini elf: Do not run constructors for proxy objects elf: Always call destructors in reverse constructor order BZ 30785 elf: Remove unuse...
CVE-2023-32217
IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p6, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow an authenticated user to invoke a Java constructor with no arguments...
CVE-2023-32217
IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p6, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow an authenticated user to invoke a Java constructor with no arguments...
IdentityIQ 安全漏洞
IdentityIQ is a security software from IdentityIQ, Inc. which provides credit monitoring, identity insurance, and antivirus. IdentityIQ suffers from a security vulnerability that stems from allowing an authenticated user to call a Java constructor without parameters or a Java constructor with a...
jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin
A flaw was found in the script-security Jenkins Plugin. In affected versions of the script-security plugin, property assignments performed implicitly by the Groovy language runtime when invoking map constructors were not intercepted by the sandbox. This vulnerability allows attackers with...
jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin
A flaw was found in the script-security Jenkins Plugin. In affected versions of the script-security plugin, property assignments performed implicitly by the Groovy language runtime when invoking map constructors were not intercepted by the sandbox. This vulnerability allows attackers with...
SUSE CVE-2009-1720
Multiple integer overflows in OpenEXR 1.2.2 and 1.6.1 allow context-dependent attackers to cause a denial of service application crash or possibly execute arbitrary code via unspecified vectors that trigger heap-based buffer overflows, related to 1 the Imf::PreviewImage::PreviewImage function and...
SUSE CVE-2012-0393
The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object...
SUSE CVE-2013-1670
The Chrome Object Wrapper COW implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 does not prevent acquisition of chrome privileges during calls to content level constructors, which allows remote attacker...