1120 matches found
CVE-2025-68698
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses PKCS1Encoding which is vulnerable to Bleichenbacher padding oracle attacks. Modern systems should use OAEP Optimal Asymmetric Encryption Padding. This vulnerability is fixed in 2.2...
CVE-2025-68702
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses padLeft32, '0' when it should use padLeft64, '0' because SHA-256 produces 32 bytes which equates to 64 hex characters. This vulnerability is fixed in 2.2...
CVE-2025-68703
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the salt is derived from sha256Sumpassphrase. Two encryption operations with the same password will have the same derived key. This vulnerability is fixed in 2.2...
CVE-2025-68704
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses java.util.Random which is not cryptographically secure for timing attack mitigation. This vulnerability is fixed in 2.2...
CVE-2025-68925
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the code doesn't validate that the JWT header specifies "alg":"RS256". This vulnerability is fixed in 2.2...
CVE-2025-68925
Summary (CVE-2025-68925): Jervis (net.gleske:jervis) is vulnerable prior to version 2.2 due to a JWT header check omission that fails to enforce the algorithm field (alg) to RS256. The issue allows potential JWT forgery or signature bypass depending on context, as described in multiple sources (e...
CVE-2025-68701 Jervis has Deterministic AES IV Derivation from Passphrase
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses deterministic AES IV derivation from a passphrase. This vulnerability is fixed in 2.2...
CVE-2025-68698 Jervis has an RSA PKCS#1 v1.5 Padding Vulnerability
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses PKCS1Encoding which is vulnerable to Bleichenbacher padding oracle attacks. Modern systems should use OAEP Optimal Asymmetric Encryption Padding. This vulnerability is fixed in 2.2...
PT-2026-2493
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses PKCS1Encoding which is vulnerable to Bleichenbacher padding oracle attacks. Modern systems should use OAEP Optimal Asymmetric Encryption Padding. This vulnerability is fixed in 2.2...
PT-2026-2497
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses java.util.Random which is not cryptographically secure for timing attack mitigation. This vulnerability is fixed in 2.2...
PT-2026-2494
CVE-2025-68701 Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses deterministic AES IV derivation from a passphrase. Thi… https://t.co/yRJFluABgT...
CVE-2020-24578
An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU2.31V1.1.47ae55. It has a misconfigured FTP service that allows a malicious network user to access system folders and download sensitive files such as the password hash file...
EUVD-2026-0944
Multiple D-Link DSL gateway devices contain a command injection vulnerability in the dnscfg.cgi endpoint due to improper sanitization of user-supplied DNS configuration parameters. An unauthenticated remote attacker can inject and execute arbitrary shell commands, resulting in remote code...
CVE-2026-0625
CVE-2026-0625 affects multiple D-Link DSL gateway devices (e.g., DSL-2740R, DSL-2640B, DSL-2780B, DSL-526B). The dnscfg.cgi endpoint permits an unauthenticated remote command injection due to improper sanitization, enabling arbitrary shell commands execution and DNS configuration modification wit...
PT-2026-1338
Name of the Vulnerable Software and Affected Versions D-Link DSL-2640B versions ≤ 1.07 D-Link DSL-2740R versions 1.17 D-Link DSL-2780B versions ≤ 1.01.14 D-Link DSL-526B versions ≤ 2.01 D-Link DSL gateway devices affected versions not specified Description A critical remote code execution RCE...
CVE-2023-53974
Affected software: D-Link DSL-124 ME, firmware 1.00. A configuration file disclosure vulnerability allows unauthenticated attackers to download a full backup containing network credentials and configurations via a crafted POST to the router’s configuration endpoint. Root cause: endpoint misconfig...
D-Link DSL-124 访问控制错误漏洞
The D-Link DSL-124 is an optical cat routing all-in-one from China AUO D-Link. An access control error vulnerability exists in the D-Link DSL-124 ME1.00 version, which stems from a configuration file disclosure issue that could allow an unauthenticated attacker to obtain router settings via a POS...
This Week in Spring - December 9th, 2025
Hi, Spring fans! Welcome to another installment of This Week in Spring! I am in lovely New Jersey, the Garden State , as I write this and I spent most of the last week in New Orleans. It's been a busy week in the Spring community and beyond and so you know what that means? There's a ton of stuff ...
CVE-2025-59367
An authentication bypass vulnerability has been identified in certain DSL series routers, may allow remote attackers to gain unauthorized access into the affected system. Refer to the 'Security Update for DSL Series Router' section on the ASUS Security Advisory for more information...
CVE-2025-59367
An authentication bypass vulnerability has been identified in certain DSL series routers, may allow remote attackers to gain unauthorized access into the affected system. Refer to the 'Security Update for DSL Series Router' section on the ASUS Security Advisory for more information...