835 matches found
CVE-2023-22456
CVE-2023-22456 affects ViewVC, a browser interface for CVS/Subversion repositories. The vulnerability is an cross-site scripting (XSS) flaw that impacts ViewVC versions before 1.2.2 (and 1.1.29). The attack requires the attacker to have commit privileges to a Subversion repository exposed by a tr...
Malicious code in cvs-codestyle (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3da5af16e19bb4b158ddf6bab94fe69208f359c22aa8538d55e4fa3e4ea41e2e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in cvs-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f859cf18d15ca2e6fcb2e4d0ed1c41189cca40fe9eb55cc6e82b9eea86ad45a0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-2292 Malicious code in cvs-codestyle (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3da5af16e19bb4b158ddf6bab94fe69208f359c22aa8538d55e4fa3e4ea41e2e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
FreeBSD-SA-22:13.zlib
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-22:13.zlib Security Advisory The FreeBSD Project Topic: zlib heap buffer overflow Category: contrib Module: zlib Announced: 2022-08-30 Credits: Evgeny Legerov o...
[SECURITY] Fedora 36 Update: reposurgeon-4.32-3.fc36
Reposurgeon enables risky operations that version-control systems don't want to let you do, such as editing past comments and metadata and removing commits. It works with any version control system that can export and import git fast-import streams, including git, hg, fossil, bzr, CVS and RCS. It...
[SECURITY] Fedora 35 Update: reposurgeon-4.31-2.fc35
Reposurgeon enables risky operations that version-control systems don't want to let you do, such as editing past comments and metadata and removing commits. It works with any version control system that can export and import git fast-import streams, including git, hg, fossil, bzr, CVS and RCS. It...
[SECURITY] Fedora 36 Update: reposurgeon-4.32-2.fc36
Reposurgeon enables risky operations that version-control systems don't want to let you do, such as editing past comments and metadata and removing commits. It works with any version control system that can export and import git fast-import streams, including git, hg, fossil, bzr, CVS and RCS. It...
XXE vulnerability in Jenkins CVS Plugin
Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control an agent process to have Jenkins parse a crafted changelog file that uses external entities for extraction of secrets from the Jenkins controller...
GHSA-G9HG-X9C9-7XGR XXE vulnerability in Jenkins CVS Plugin
Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control an agent process to have Jenkins parse a crafted changelog file that uses external entities for extraction of secrets from the Jenkins controller...
CSRF vulnerability in Jenkins CVS Plugin
CVS Plugin 2.15 and earlier does not require POST requests in several HTTP endpoints, resulting in cross-site request forgery CSRF vulnerabilities. This allows attackers to create and manipulate tags, and to connect to an attacker-specified URL. CVS Plugin 2.16 now requires POST requests for the...
GHSA-63MW-HP3H-GC77 CSRF vulnerability in Jenkins CVS Plugin
CVS Plugin 2.15 and earlier does not require POST requests in several HTTP endpoints, resulting in cross-site request forgery CSRF vulnerabilities. This allows attackers to create and manipulate tags, and to connect to an attacker-specified URL. CVS Plugin 2.16 now requires POST requests for the...
subversion:1.10 security update
An update is available for subversion, utf8proc, libserf. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Subversion SVN is a concurrent version control system...
Apache Subversion Information Disclosure Vulnerability
Apache Subversion is an open source version control system from the Apache Foundation. The system is compatible with the Concurrent Versioning System CVS, and an information disclosure vulnerability exists in Apache Subversion, which stems from a server exposing a "copyfrom" path that should be...
Stored XSS in Jenkins CVS Plugin
Jenkins CVS Plugin 2.19 and earlier does not escape the name and description of CVS Symbolic Name parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
GHSA-GHQ2-M3PQ-QF3P Stored XSS in Jenkins CVS Plugin
Jenkins CVS Plugin 2.19 and earlier does not escape the name and description of CVS Symbolic Name parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
Jenkins CVS Plugin Cross-Site Scripting Vulnerability
Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.A cross-site scripting vulnerability exists in the Jenkins CVS Plugin, which stems from the application not escaping the na...
CVE-2022-29037
Jenkins CVS Plugin 2.19 and earlier does not escape the name and description of CVS Symbolic Name parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-29037
Jenkins CVS Plugin 2.19 and earlier does not escape the name and description of CVS Symbolic Name parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
Cross site scripting
Jenkins CVS Plugin 2.19 and earlier does not escape the name and description of CVS Symbolic Name parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...