24 matches found
RHCOS 4 : OpenShift Container Platform 4.6.57 (RHSA-2022:1620)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1620 advisory. - haproxy: Denial of service via set-cookie2 header CVE-2022-0711 - workflow-cps: OS command execution through crafted SCM contents...
RHCOS 3 : OpenShift Container Platform 3.11.685 (RHSA-2022:1420)
The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1420 advisory. - xstream: Injecting highly recursive collections or maps can cause a DoS CVE-2021-43859 - workflow-cps: OS command execution throug...
EUVD-2025-114636
Malicious code in dagda-install-global-library npm...
EUVD-2025-112548
Malicious code in indus-global-library-parcel npm...
MAL-2025-15811 Malicious code in blaze-quantumfoam-nconf-global (npm)
The package blaze-quantumfoam-nconf-global was found to contain malicious code...
CVE-2025-45800
TOTOLINK A950RG V4.1.2cu.5204B20210112 contains a command execution vulnerability in the setDeviceName interface of the /lib/cstemodules/global.so library, specifically in the processing of the deviceMac parameter...
TOTOLINK A950RG 安全漏洞
The TOTOLINK A950RG is an ultra-generation Giga wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A950RG suffers from a command execution vulnerability that stems from improper handling of the deviceMac parameter in the setDeviceName interface in the /lib/cstemodules/global.so...
CLSA-2025-1744368964 openssl: Fix of CVE-2023-2650
Fix possible DoS translating ASN.1 object identifiers Resolves: CVE-2023-2650 - Release the DRBG in global default libctx early Resolves: rhbz2211340...
CVE-2022-48066
An issue in the component global.so of Totolink A830R V4.1.2cu.5182 allows attackers to bypass authentication via a crafted cookie...
CVE-2021-38736
SEMCMS Shop V 1.1 is vulnerable to SQL Injection via AntGlobal.php...
TOTOLINK EX1200T 操作系统命令注入漏洞
TOTOLINK EX1200T is a Wi-Fi range extender from China's Gion Electronics TOTOLINK.A command injection vulnerability exists in TOTOLINK EX1200T, which stems from a remote command injection issue in the setDeviceName function of the global.so file, which could be exploited to control the device nam...
workflow-cps-global-lib: Sandbox bypass vulnerability
A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries Plugin uses the names of Pipeline libraries to create directories without canonicalization or sanitization. This flaw allows attackers with item/configure permission to execute arbitrary code in the context of the Jenkins...
workflow-cps-global-lib: Sandbox bypass vulnerability
A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries Plugin uses the same workspace directory for all checkouts of Pipeline libraries with the same name, regardless of the SCM used and the source of the library configuration. This flaw allows attackers with item/configure permission...
workflow-cps-global-lib: Sandbox bypass vulnerability
A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries Plugin uses the same workspace directory for all checkouts of Pipeline libraries with the same name, regardless of the SCM used and the source of the library configuration. This flaw allows attackers with item/configure permission...
workflow-cps-global-lib: Sandbox bypass vulnerability
A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries Plugin uses the names of Pipeline libraries to create directories without canonicalization or sanitization. This flaw allows attackers with item/configure permission to execute arbitrary code in the context of the Jenkins...
workflow-cps-global-lib: Sandbox bypass vulnerability
A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries Plugin uses the same workspace directory for all checkouts of Pipeline libraries with the same name, regardless of the SCM used and the source of the library configuration. This flaw allows attackers with item/configure permission...
workflow-cps-global-lib: Sandbox bypass vulnerability
A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries Plugin uses the names of Pipeline libraries to create directories without canonicalization or sanitization. This flaw allows attackers with item/configure permission to execute arbitrary code in the context of the Jenkins...
workflow-cps-global-lib: Sandbox bypass vulnerability
A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries plugin uses the names of Pipeline libraries to create cache directories without any sanitization. This flaw allows attackers with item/configure permission to execute arbitrary code in the context of the Jenkins controller JVM,...
workflow-cps-global-lib: Sandbox bypass vulnerability
A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries Plugin uses the same workspace directory for all checkouts of Pipeline libraries with the same name, regardless of the SCM used and the source of the library configuration. This flaw allows attackers with item/configure permission...
workflow-cps-global-lib: Sandbox bypass vulnerability
A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries Plugin uses the names of Pipeline libraries to create directories without canonicalization or sanitization. This flaw allows attackers with item/configure permission to execute arbitrary code in the context of the Jenkins...