835 matches found
[SECURITY] Fedora 33 Update: subversion-1.14.1-1.fc33
Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file...
CVE-2020-2324
Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
Xxe
Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2020-2324
Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2020-2324
The CVE-2020-2324 issue affects Jenkins CVS Plugin versions 2.16 and earlier. The root cause is that the plugin’s XML parser does not disable XML External Entity (XXE) processing, enabling an attacker who can control an agent process to have Jenkins parse a crafted changelog file that can exfiltr...
PT-2020-15558 · Jenkins · Jenkins Cas Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins CVS Plugin versions 2.16 and earlier Description: The issue allows attackers who can control an agent process to have Jenkins parse a crafted changelog file, using external entities for extraction of secrets from the Jenkins controlle...
Security Bulletin: IBM Cloud Pak for Security (CP4S) is potentially vulnerable to CVS injection (CVE-2020-4627)
Summary IBM Cloud Pak for Security CP4S potentially vulnerable to CVS Injection due to improper data sanitization. The issue has been addressed. Vulnerability Details CVEID: CVE-2020-4627 DESCRIPTION: IBM Cloud Pak for Security CP4S potentially vulnerable to CVS Injection. A remote attacker could...
CVE-2020-4759
IBM FileNet Content Manager 5.5.4 and 5.5.5 is potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 188736...
Input validation
IBM FileNet Content Manager 5.5.4 and 5.5.5 is potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 188736...
CVE-2020-4759
CVE-2020-4759 affects IBM FileNet Content Manager 5.5.4 and 5.5.5 via CSV Injection in the ACCE component. Root cause: improper validation of CSV file contents leading to potential remote code execution. Impact: attacker could execute arbitrary commands on vulnerable systems; CVSS base score 7.0–...
CVE-2020-4759
IBM FileNet Content Manager 5.5.4 and 5.5.5 is potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 188736...
Huawei EulerOS: Security Advisory for cvs (EulerOS-SA-2020-2338)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP2 : cvs (EulerOS-SA-2020-2338)
According to the version of the cvs package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a...
Huawei EulerOS: Security Advisory for cvs (EulerOS-SA-2020-2280)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP5 : cvs (EulerOS-SA-2020-2280)
According to the version of the cvs package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a...
CVE-2020-4689
IBM Security Guardium 11.2 is vulnerable to CVS Injection. A remote privileged attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-ForceID: 186696...
CVE-2020-4689
IBM Security Guardium 11.2 is vulnerable to CVS Injection. A remote privileged attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-ForceID: 186696...
CVE-2020-4689
CVE-2020-4689 affects IBM Security Guardium 11.2 and is a CVS Injection flaw caused by improper validation of CSV file contents. Remote privileged attackers could execute arbitrary commands on the system. CVSS v3.1 base score 6.8 (MEDIUM) with high impact on confidentiality, integrity, and availa...
Huawei EulerOS: Security Advisory for cvs (EulerOS-SA-2020-2128)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Arbitrary Code Execution
CVSis vulnerable to arbitrary code execution. When configured to use SSH for remote repositories, a remote attacker is able to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by -oProxyCommand=id;localhost:/bar...