Lucene search
K

835 matches found

CVE
CVE
added 2023/01/03 6:29 p.m.69 views

CVE-2023-22456

CVE-2023-22456 affects ViewVC, a browser interface for CVS/Subversion repositories. The vulnerability is an cross-site scripting (XSS) flaw that impacts ViewVC versions before 1.2.2 (and 1.1.29). The attack requires the attacker to have commit privileges to a Subversion repository exposed by a tr...

6.1CVSS5.8AI score0.00694EPSS
Exploits0References4Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/11/22 11:7 a.m.4 views

Malicious code in cvs-codestyle (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3da5af16e19bb4b158ddf6bab94fe69208f359c22aa8538d55e4fa3e4ea41e2e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/11/22 11:7 a.m.2 views

Malicious code in cvs-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f859cf18d15ca2e6fcb2e4d0ed1c41189cca40fe9eb55cc6e82b9eea86ad45a0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/11/22 11:7 a.m.12 views

MAL-2022-2292 Malicious code in cvs-codestyle (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3da5af16e19bb4b158ddf6bab94fe69208f359c22aa8538d55e4fa3e4ea41e2e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
FreeBSD Advisory
FreeBSD Advisory
added 2022/08/30 12:0 a.m.28 views

FreeBSD-SA-22:13.zlib

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-22:13.zlib Security Advisory The FreeBSD Project Topic: zlib heap buffer overflow Category: contrib Module: zlib Announced: 2022-08-30 Credits: Evgeny Legerov o...

9.8CVSS7.2AI score0.1593EPSS
Exploits1
Fedora
Fedora
added 2022/07/31 1:37 a.m.14 views

[SECURITY] Fedora 36 Update: reposurgeon-4.32-3.fc36

Reposurgeon enables risky operations that version-control systems don't want to let you do, such as editing past comments and metadata and removing commits. It works with any version control system that can export and import git fast-import streams, including git, hg, fossil, bzr, CVS and RCS. It...

0.5AI score
Exploits0
Fedora
Fedora
added 2022/07/20 1:40 a.m.13 views

[SECURITY] Fedora 35 Update: reposurgeon-4.31-2.fc35

Reposurgeon enables risky operations that version-control systems don't want to let you do, such as editing past comments and metadata and removing commits. It works with any version control system that can export and import git fast-import streams, including git, hg, fossil, bzr, CVS and RCS. It...

0.5AI score
Exploits0
Fedora
Fedora
added 2022/07/13 2:0 a.m.30 views

[SECURITY] Fedora 36 Update: reposurgeon-4.32-2.fc36

Reposurgeon enables risky operations that version-control systems don't want to let you do, such as editing past comments and metadata and removing commits. It works with any version control system that can export and import git fast-import streams, including git, hg, fossil, bzr, CVS and RCS. It...

9.3CVSS0.5AI score0.05335EPSS
Exploits4
Github Security Blog
Github Security Blog
added 2022/05/24 5:35 p.m.28 views

XXE vulnerability in Jenkins CVS Plugin

Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control an agent process to have Jenkins parse a crafted changelog file that uses external entities for extraction of secrets from the Jenkins controller...

7.5CVSS7.2AI score0.01342EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/05/24 5:35 p.m.18 views

GHSA-G9HG-X9C9-7XGR XXE vulnerability in Jenkins CVS Plugin

Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control an agent process to have Jenkins parse a crafted changelog file that uses external entities for extraction of secrets from the Jenkins controller...

7.5CVSS7.5AI score0.01342EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/24 5:17 p.m.17 views

CSRF vulnerability in Jenkins CVS Plugin

CVS Plugin 2.15 and earlier does not require POST requests in several HTTP endpoints, resulting in cross-site request forgery CSRF vulnerabilities. This allows attackers to create and manipulate tags, and to connect to an attacker-specified URL. CVS Plugin 2.16 now requires POST requests for the...

4.3CVSS5.1AI score0.44464EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/05/24 5:17 p.m.25 views

GHSA-63MW-HP3H-GC77 CSRF vulnerability in Jenkins CVS Plugin

CVS Plugin 2.15 and earlier does not require POST requests in several HTTP endpoints, resulting in cross-site request forgery CSRF vulnerabilities. This allows attackers to create and manipulate tags, and to connect to an attacker-specified URL. CVS Plugin 2.16 now requires POST requests for the...

4.3CVSS4.6AI score0.44464EPSS
Exploits0References5
Rockylinux
Rockylinux
added 2022/05/12 1:15 p.m.30 views

subversion:1.10 security update

An update is available for subversion, utf8proc, libserf. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Subversion SVN is a concurrent version control system...

7.5CVSS7.9AI score0.09254EPSS
Exploits0
CNVD
CNVD
added 2022/04/15 12:0 a.m.6 views

Apache Subversion Information Disclosure Vulnerability

Apache Subversion is an open source version control system from the Apache Foundation. The system is compatible with the Concurrent Versioning System CVS, and an information disclosure vulnerability exists in Apache Subversion, which stems from a server exposing a "copyfrom" path that should be...

4.3CVSS2.7AI score0.02788EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2022/04/13 12:0 a.m.28 views

Stored XSS in Jenkins CVS Plugin

Jenkins CVS Plugin 2.19 and earlier does not escape the name and description of CVS Symbolic Name parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS5.3AI score0.00662EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/04/13 12:0 a.m.24 views

GHSA-GHQ2-M3PQ-QF3P Stored XSS in Jenkins CVS Plugin

Jenkins CVS Plugin 2.19 and earlier does not escape the name and description of CVS Symbolic Name parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS5.4AI score0.00662EPSS
Exploits0References4
CNVD
CNVD
added 2022/04/13 12:0 a.m.22 views

Jenkins CVS Plugin Cross-Site Scripting Vulnerability

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.A cross-site scripting vulnerability exists in the Jenkins CVS Plugin, which stems from the application not escaping the na...

5.4CVSS0.7AI score0.00662EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/04/12 8:15 p.m.2 views

CVE-2022-29037

Jenkins CVS Plugin 2.19 and earlier does not escape the name and description of CVS Symbolic Name parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS6AI score0.00662EPSS
Exploits0References2
OSV
OSV
added 2022/04/12 8:15 p.m.4 views

CVE-2022-29037

Jenkins CVS Plugin 2.19 and earlier does not escape the name and description of CVS Symbolic Name parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS6AI score0.00662EPSS
Exploits0References1
Prion
Prion
added 2022/04/12 8:15 p.m.24 views

Cross site scripting

Jenkins CVS Plugin 2.19 and earlier does not escape the name and description of CVS Symbolic Name parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

3.5CVSS5.3AI score0.00662EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder