Jenkins SCM HttpClient Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

Jenkins SCM HttpClient Plugin 跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A cross-site request...

PT-2022-25764 · Jenkins · Jenkins Scm Httpclient Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins SCM HttpClient Plugin versions 1.5 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs, capturing credentia...

Gitea 1.16.6 - Remote Code Execution Exploit

Exploit Title: Gitea Git Fetch Remote Code Execution Exploit Author: samguy Vendor Homepage: https://gitea.io Software Link: https://dl.gitea.io/gitea/1.16.6 Version: 'Gitea Git Fetch Remote Code Execution', 'Description' = %q This module exploits Git fetch command in Gitea repository migration...

Security Bulletin: A vulnerability found in Apache HttpClient which is shipped with IBM® Intelligent Operations Center (CVE-2020-13956)

Summary A vulnerability found in Apache HttpClient which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2020-13956...

Security Bulletin:IBM TRIRIGA Application Platform discloses CVE-2020-13956

Summary IBM TRIRIGA Application Platform discloses CVE-2020-13956 Vulnerability Details CVEID:CVE-2020-13956 DESCRIPTION: Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling of malformed authority component in request URIs. By passing...

Security Bulletin: IBM TRIRIGA Application Platform discloses CVE-2020-13956

Summary IBM TRIRIGA Application Platform discloses CVE-2020-13956 Vulnerability Details CVEID:CVE-2020-13956 DESCRIPTION: Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling of malformed authority component in request URIs. By passing...

Security Bulletin:IBM TRIRIGA Application Platform discloses CVE-2020-13956

Summary IBM TRIRIGA Application Platform discloses CVE-2020-13956 Vulnerability Details CVEID:CVE-2020-13956 DESCRIPTION: Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling of malformed authority component in request URIs. By passing...

Cisco ASA Clientless SSL VPN (WebVPN) Brute-force Login Utility

This module scans for Cisco ASA Clientless SSL VPN WebVPN web login portals and performs login brute-force to identify valid credentials. Module Options msf use auxiliary/scanner/http/ciscoasaclientlessvpn msf auxiliaryciscoasaclientlessvpn show actions ...actions... msf...

Security update for nim (important)

openSUSE Security Update: Security update for nim Announcement ID: openSUSE-SU-2022:10101-1 Rating: important References: 1175332 1175333 1175334 1181705 1185083 1185084 1185085 1185948 1192712 Cross-References: CVE-2020-15690 CVE-2020-15692 CVE-2020-15693 CVE-2020-15694 CVE-2021-21372...

USN-5239-1: HttpClient vulnerability

It was discovered that HttpClient mishandled certain input. An attacker could use this vulnerability to cause a crash or possibly execute arbitrary code...

USN-5239-1 httpcomponents-client vulnerability

It was discovered that HttpClient mishandled certain input. An attacker could use this vulnerability to cause a crash or possibly execute arbitrary code...

CVE-2022-26437

In httpclient, there is a possible out of bounds write due to uninitialized data. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WSAP00103831; Issue ID: WSAP00103831...

CVE-2022-26437

In httpclient, there is a possible out of bounds write due to uninitialized data. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WSAP00103831; Issue ID: WSAP00103831...

CVE-2022-26437

In httpclient, there is a possible out of bounds write due to uninitialized data. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WSAP00103831; Issue ID: WSAP00103831...

Out-of-bounds

In httpclient, there is a possible out of bounds write due to uninitialized data. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WSAP00103831; Issue ID: WSAP00103831...

CVE-2022-26437

In httpclient, there is a possible out of bounds write due to uninitialized data. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WSAP00103831; Issue ID: WSAP00103831...

CVE-2022-26437

CVE-2022-26437 affects the httpclient component, with an out-of-bounds write caused by uninitialized data. The described impact is a remote escalation of privilege without extra execution privileges, and exploitation does not require user interaction. Patch reference: WSAP00103831 (Issue ID WSAP0...

PT-2022-17846 · Unknown · Httpclient

Name of the Vulnerable Software and Affected Versions: httpclient affected versions not specified Description: The issue is related to an out of bounds write due to uninitialized data in httpclient. This could lead to remote escalation of privilege with no additional execution privileges needed...

PT-2022-4408 · Apache · Apache Calcite Avatica Jdbc Driver

Name of the Vulnerable Software and Affected Versions: Apache Calcite Avatica JDBC driver versions prior to 1.22.0 Description: The issue is related to the creation of HTTP client instances based on class names provided via the httpclient impl connection property. The driver does not verify if th...