329 matches found
GHSA-P479-RWHP-RWJX Stored XSS vulnerability in Jenkins Scriptler Plugin
Jenkins Scriptler Plugin 3.2 and earlier does not escape parameter names shown in job configuration forms. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Scriptler/Configure permission. Jenkins Scriptler Plugin 3.3 escapes parameter names shown in jo...
GHSA-GP4J-W3VJ-7299 Information Exposure in RunC
RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or...
Information Exposure in RunC
RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or...
Ascensio System ONLYOFFICE Document Server 安全漏洞
Ascensio System ONLYOFFICE Document Server is an online office collaboration suite from Ascensio System, Latvia. The product supports viewing and editing of text, spreadsheets and presentations. A security vulnerability exists in versions 6.1.x through 6.3.0.71 of the Translate plug-in for...
CVE-2021-32829
ZStack is open source IaaSinfrastructure as a service software aiming to automate datacenters, managing resources of compute, storage, and networking all by APIs. Affected versions of ZStack REST API are vulnerable to post-authentication Remote Code Execution RCE via bypass of the Groovy shell...
SUSE: Security Advisory (SUSE-SU-2016:1785-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Foris Security Vulnerabilities
Turris Foris is a netconf and nuci based device routing application from the Czech organization Turris that can be managed via a web interface. A security vulnerability exists in Foris before 101.1.1 due to the lack of certain HTML escapes in the login template...
new module: perl:5.30
An update is available for perl-Pod-Perldoc, perl-DBI, perl-Pod-Escapes, perl-Devel-PPPort, perl-Pod-Usage, perl-Sub-Exporter, perl-perlfaq, perl-Object-HashBase, perl-CPAN-Meta-YAML, perl-Digest, perl-podlators, perl-bignum, perl-Text-ParseWords, perl-Text-Template, perl-DBD-MySQL, perl-Text-Glo...
CVE-2020-15709
Versions of add-apt-repository before 0.98.9.2, 0.96.24.32.14, 0.96.20.10, and 0.92.37.8ubuntu0.1esm1, printed a PPA personal package archive description to the terminal as-is, which allowed PPA owners to provide ANSI terminal escapes to modify terminal contents in unexpected ways...
DEBIAN-CVE-2020-15709
Versions of add-apt-repository before 0.98.9.2, 0.96.24.32.14, 0.96.20.10, and 0.92.37.8ubuntu0.1esm1, printed a PPA personal package archive description to the terminal as-is, which allowed PPA owners to provide ANSI terminal escapes to modify terminal contents in unexpected ways...
Code injection
Versions of add-apt-repository before 0.98.9.2, 0.96.24.32.14, 0.96.20.10, and 0.92.37.8ubuntu0.1esm1, printed a PPA personal package archive description to the terminal as-is, which allowed PPA owners to provide ANSI terminal escapes to modify terminal contents in unexpected ways...
CVE-2020-15709
CVE-2020-15709 affects add-apt-repository prior to versions 0.98.9.2, 0.96.24.32.14, 0.96.20.10, and 0.92.37.8ubuntu0.1~esm1. The issue arises because the PPA description is printed to the terminal as-is, allowing PPA owners to inject ANSI terminal escapes that can modify terminal contents in uni...
CVE-2020-15709
Versions of add-apt-repository before 0.98.9.2, 0.96.24.32.14, 0.96.20.10, and 0.92.37.8ubuntu0.1esm1, printed a PPA personal package archive description to the terminal as-is, which allowed PPA owners to provide ANSI terminal escapes to modify terminal contents in unexpected ways...
UBUNTU-CVE-2020-5267
In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the j or escapejavascript methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2...
CVE-2010-4660
Unspecified vulnerability in statusnet through 2010 due to the way addslashes are used in SQL string escapes...
CVE-2010-4660
CVE-2010-4660 relates to the open‑source micro‑blogging app StatusNet . It describes an SQL injection vulnerability caused by the way addslashes is used in SQL string escapes, affecting StatusNet up through 2010 and prior versions. The connected records confirm a PHP-based issue with database inp...
November 2019 Patch Tuesday – 74 vulns, 13 Critical, Actively Attacked IE vuln, Hyper-V escapes, Adobe
This month’s Microsoft Patch Tuesday addresses 74 vulnerabilities with 13 of them labeled as Critical. Of the 13 Critical vulns, 5 are for browsers and scripting engines. Out of the 8 remaining Critical vulns, 4 are potential hypervisor escapes in Hyper-V, as well as vulnerabilities in Microsoft...
Google Uncovers How Just Visiting Some Sites Were Secretly Hacking iPhones For Years
Beware Apple users! Your iPhone can be hacked just by visiting an innocent-looking website, confirms a terrifying report Google researchers released earlier today. The story goes back to a widespread iPhone hacking campaign that cybersecurity researchers from Google's Project Zero discovered...
RDK CcspWifiAgent Module Command Execution Vulnerability
RDK is a modular, portable, customizable open source IoT software solution from the RDK Management community. ccspWifiAgent is one of the modules that supports WiFi functionality. A security vulnerability exists in the cosawifiapis.c file of the CcspWifiAgent module in RDK version RDKB-20181217-1...
USN-4011-2 jinja2 vulnerabilities
USN-4011-1 fixed several vulnerabilities in Jinja2. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Olivier Dony discovered that Jinja incorrectly handled str.format. An attacker could possibly use this issue to escape the sandbo...