63 matches found
Design/Logic Flaw
An issue in Cppcheck 2.12 dev allows a local attacker to execute arbitrary code via the removeContradiction parameter in token.cpp:1934...
CVE-2023-39070
CVE-2023-39070 affects cppcheck (2.12 dev) with a local arbitrary-code execution via removeContradiction in token.cpp:1934, caused by a heap use-after-free. Several advisories confirm a fixed heap use-after-free and reference upgraded packages (e.g., openSUSE SUSE openSUSE-SU-2023:0413-1, patch t...
Cppcheck Resource Management Error Vulnerability
Cppcheck is a Sourceforge open source static code analysis tool for the C and C ++ programming languages. A security vulnerability exists in Cppcheck version 2.12, which stems from a vulnerability that allows an attacker to execute arbitrary code via the removeContradiction parameter in...
CVE-2023-39070
An issue in Cppcheck 2.12 dev allows a local attacker to execute arbitrary code via the removeContradiction parameter in token.cpp:1934...
CVE-2023-39070
An issue in Cppcheck 2.12 dev allows a local attacker to execute arbitrary code via the removeContradiction parameter in token.cpp:1934...
CVE-2023-39070
An issue in Cppcheck 2.12 dev allows a local attacker to execute arbitrary code via the removeContradiction parameter in token.cpp:1934...
kernel: tools/power turbostat: Fix file pointer leak
In the Linux kernel, the following vulnerability has been resolved: tools/power turbostat: Fix file pointer leak Currently if a fscanf fails then an early return leaks an open file pointer. Fix this by fclosing the file before the return. Detected using static analysis with cppcheck:...
kernel: tools/power turbostat: Fix file pointer leak
In the Linux kernel, the following vulnerability has been resolved: tools/power turbostat: Fix file pointer leak Currently if a fscanf fails then an early return leaks an open file pointer. Fix this by fclosing the file before the return. Detected using static analysis with cppcheck:...
Jenkins Cppcheck Plugin vulnerable to stored cross-site scripting (XSS)
Jenkins Cppcheck Plugin 1.26 and earlier does not escape file names from Cppcheck report files before showing them on the Jenkins UI. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control report file contents...
GHSA-J927-269R-96XW Jenkins Cppcheck Plugin vulnerable to stored cross-site scripting (XSS)
Jenkins Cppcheck Plugin 1.26 and earlier does not escape file names from Cppcheck report files before showing them on the Jenkins UI. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control report file contents...
CVE-2023-28678
Jenkins Cppcheck Plugin 1.26 and earlier does not escape file names from Cppcheck report files before showing them on the Jenkins UI, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control report file contents...
CVE-2023-28678
Jenkins Cppcheck Plugin 1.26 and earlier does not escape file names from Cppcheck report files before showing them on the Jenkins UI, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control report file contents...
Cross site scripting
Jenkins Cppcheck Plugin 1.26 and earlier does not escape file names from Cppcheck report files before showing them on the Jenkins UI, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control report file contents...
PT-2023-2075 · Cppcheck · Cppcheck
Name of the Vulnerable Software and Affected Versions: Cppcheck affected versions not specified Description: The issue is related to the findGarbageCode function in the Cppcheck static analyzer, which is vulnerable to a memory access out of bounds when concatenating strings using std::operator+...
CVE-2023-28678
Jenkins Cppcheck Plugin 1.26 and earlier does not escape file names from Cppcheck report files before showing them on the Jenkins UI, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control report file contents...
CVE-2023-28678
Jenkins Cppcheck Plugin 1.26 and earlier does not escape file names from Cppcheck report files before showing them on the Jenkins UI, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control report file contents...
CVE-2023-28678
The CVE-2023-28678 entry concerns Jenkins Cppcheck Plugin, versions 1.26 and earlier. The root cause is that the plugin does not escape file names in Cppcheck report files before displaying them in the Jenkins UI, enabling a stored XSS vulnerability when an attacker controls report contents. Repo...
PT-2023-21897 · Jenkins · Jenkins Cppcheck Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Cppcheck Plugin versions 1.26 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability. This occurs because the plugin does not escape file names from Cppcheck report files before showing them on t...
Jenkins Plugins Cppcheck 跨站脚本漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
ALBA-2021:4523 cppcheck bug fix and enhancement update
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...