835 matches found
CVE-2022-29037
Jenkins CVS Plugin 2.19 and earlier does not escape the name and description of CVS Symbolic Name parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-29037
CVE-2022-29037 affects Jenkins CVS Plugin, versions 2.19 and earlier. Root cause: the plugin does not escape the name/description of CVS Symbolic Name parameters on parameter-views, causing stored XSS. Exploitation requires Item/Configure permission; no exploitation details or patches are provide...
CVE-2021-4160
There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered unlikely and include reusing private keys. Analysis...
Security Bulletin: Vulnerability in Apache Log4j affects IBM Spectrum Archive Enterprise Edition (CVE-2021-44228)
Summary A vulnerability in Apache Log4j could allow an attacker to execute arbitrary code on the system. This vulnerability may affect the IBM Spectrum Archive Enterprise Edition EE. The below fix package includes Apache Log4j 2.15. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache...
CVE-2021-43806
Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. In affected versions Tuleap does not sanitize properly user settings when constructing the SQL query to browse and search commits in the CVS repositories. A authenticated malicious user with...
CVE-2021-43806
Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. In affected versions Tuleap does not sanitize properly user settings when constructing the SQL query to browse and search commits in the CVS repositories. A authenticated malicious user with...
Sql injection
Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. In affected versions Tuleap does not sanitize properly user settings when constructing the SQL query to browse and search commits in the CVS repositories. A authenticated malicious user with...
CVE-2021-43806 SQL injection in Tuleap
Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. In affected versions Tuleap does not sanitize properly user settings when constructing the SQL query to browse and search commits in the CVS repositories. A authenticated malicious user with...
CVE-2021-43815
Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 has a directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data source enabled and configured. The vulnerabili...
CVE-2021-41155
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not sanitize properly user inputs when constructing the SQL query to browse and search revisions in the CVS repositories. The following versions contain the fix:...
CVE-2021-41155
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not sanitize properly user inputs when constructing the SQL query to browse and search revisions in the CVS repositories. The following versions contain the fix:...
CVE-2021-41155
CVE-2021-41155 affects Tuleap: SQL injection in the CVS revisions browser due to improper input sanitization. Affected fixes are Tuleap Community Edition 11.17.99.146, Tuleap Enterprise Edition 11.17-5, and Tuleap Enterprise Edition 11.16-7. The vulnerability arises when constructing SQL queries ...
CVE-2021-41155 SQL injection in CVS revisions browser
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not sanitize properly user inputs when constructing the SQL query to browse and search revisions in the CVS repositories. The following versions contain the fix:...
Advisory ROSA-SA-2021-1819
Software: cvs 1.11.23 OS: Cobalt 7.9 CVE-ID: CVE-2020-2324 CVE-Crit: HIGH CVE-DESC: The Jenkins CVS 2.16 and earlier plug-in does not configure its XML syntactic parser to prevent attacks on XML external objects XXE. CVE-STATUS: default CVE-REV: default...
CVS Health Records for 1.1 Billion Customers Exposed
More than 1 billion records for CVS Health customers were left in the database of a third-party, unnamed vendor – exposed, unprotected, online. Researchers said the data points revealed could be strung together to create an extremely personal snapshot of someones’s medical situation. The glitch i...
SUSE: Security Advisory (SUSE-SU-2012:0311-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2017:2422-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2017:2419-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS Virtualization 3.0.6.6 : cvs (EulerOS-SA-2021-1467)
According to the version of the cvs package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository...
Huawei EulerOS: Security Advisory for cvs (EulerOS-SA-2021-1467)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...