EUVD-2022-6359

Malicious code in bioql PyPI...

CVE-2015-8031

Hudson aka org.jvnet.hudson.main:hudson-core before 3.3.2 allows XXE attacks...

[SECURITY] Fedora 38 Update: c-ares-1.28.1-1.fc38

c-ares is a C library that performs DNS requests and name resolves asynchronously. c-ares is a fork of the library named 'ares', written by Greg Hudson at MIT...

Cross Site Request Forgery (CSRF)

com.sonyericsson.hudson.plugins.rebuild: rebuilder is vulnerable to Cross Site Request Forgery CSRF. The vulnerability exists because it does not require POST requests for an HTTP endpoint which allows an attacker to rebuild a previous build...

thamesandhudsonusa.com Cross Site Scripting vulnerability OBB-3234952

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2023-27900

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in hudson.util.MultipartFormDataParser, allowing attackers to trigger a denial of service...

[SECURITY] Fedora 37 Update: c-ares-1.19.0-1.fc37

c-ares is a C library that performs DNS requests and name resolves asynchronously. c-ares is a fork of the library named 'ares', written by Greg Hudson at MIT...

SUSE CVE-2014-2059

Directory traversal vulnerability in the CLI job creation hudson/cli/CreateJobCommand.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to overwrite arbitrary files via the job name...

SUSE CVE-2014-2064

The loadUserByUsername function in hudson/security/HudsonPrivateSecurityRealm.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to determine whether a user exists via vectors related to failed login attempts...

USN-5828-1: Kerberos vulnerabilities

It was discovered that Kerberos incorrectly handled certain S4U2Self requests. An attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. CVE-2018-20217 Greg Hudson discovered that Kerberos PAC implementation...

hudsonshoes.com Cross Site Scripting vulnerability OBB-3158163

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2015-8031

Hudson aka org.jvnet.hudson.main:hudson-core before 3.3.2 allows XXE attacks...

Design/Logic Flaw

Hudson aka org.jvnet.hudson.main:hudson-core before 3.3.2 allows XXE attacks...

CVE-2015-8031

CVE-2015-8031 affects Hudson (org.jvnet.hudson.main:hudson-core) before 3.3.2, where a flaw in the XML API processing enables XXE/External Entity Injection, potentially exposing sensitive information from the Hudson master filesystem. Multiple sources (NVD, Red Hat, GHSA, CVE pages) corroborate t...

CVE-2015-8031

Hudson aka org.jvnet.hudson.main:hudson-core before 3.3.2 allows XXE attacks...

Hudson 代码问题漏洞

Hudson is a news website. A security vulnerability exists in versions of Hudson prior to 3.3.2, which stems from flawed XML API processing that allows access to potentially sensitive information on the Hudson main server file system...

GHSA-J3H2-8MF8-J5R2 Hudson XML API susceptible to External Entity Injection Vunerability prior to v3.3.2

In versions prior to 3.3.2, Hudson exhibits a flaw in its XML API processing that can allow access to potentially sensitive information on the filesystem of the Hudson master server...

au.com.centrumsystems:build-pipeline-plugin (=1.0), ch.ethz.origo:origo-issue-notifier (=1.0) +410 more potentially affected by CVE-2015-8031 via org.jvnet.hudson.main:hudson-core (>=1.100 <=2.2.1)

org.jvnet.hudson.main:hudson-core MAVEN version =1.100, =0.1, =0.1, =4.0.0, =1.0, =4.1.0, =0.1, =0.1, =1.0, =1.1, =1.2 and more Source cves: CVE-2015-8031 Source advisory: OSV:GHSA-J3H2-8MF8-J5R2...

Hudson XML API susceptible to External Entity Injection Vunerability prior to v3.3.2

In versions prior to 3.3.2, Hudson exhibits a flaw in its XML API processing that can allow access to potentially sensitive information on the filesystem of the Hudson master server...

WordPress Download Monitor plugin <= 4.5.9 - Authenticated Arbitrary File Download vulnerability

Authenticated Arbitrary File Download vulnerability discovered by Thiago Martins, Jorge Buzeti, Leandro Inacio, Lucas de Souza, Matheus Oliveira, Filipe Baptistella, Leonardo Paiva, Jose Thomaz, Joao Maciel, Vinicius Pereira, Geovanni Campos, Hudson Nowak, Guilherme Acerbi in WordPress Download...