3370 matches found
CVE-2023-46656
Jenkins Multibranch Scan Webhook Trigger Plugin 1.0.9 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...
CVE-2023-46660
Jenkins Zanata Plugin 0.6 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token hashes are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...
CVE-2023-46658
Jenkins MSTeams Webhook Trigger Plugin 0.1.1 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...
Information disclosure
Jenkins Gogs Plugin 1.0.15 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...
Code injection
Jenkins Multibranch Scan Webhook Trigger Plugin 1.0.9 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...
CVE-2023-46658
Jenkins MSTeams Webhook Trigger Plugin 0.1.1 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...
CVE-2023-46657
Jenkins Gogs Plugin 1.0.15 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...
CVE-2023-46657
Jenkins Gogs Plugin 1.0.15 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...
CVE-2023-46656
Jenkins Multibranch Scan Webhook Trigger Plugin 1.0.9 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...
Backdoor Implanted on Hacked Cisco Devices Modified to Evade Detection
The backdoor implanted on Cisco devices by exploiting a pair of zero-day flaws in IOS XE software has been modified by the threat actor so as to escape visibility via previous fingerprinting methods. "Investigated network traffic to a compromised device has shown that the threat actor has upgrade...
How to Install Microsoft Exchange Updates with Reliability
By Owais Sultan Installing Microsoft Exchange Updates can be a challenging task, as it may lead to various issues in the… This is a post from HackRead.com Read the original post: How to Install Microsoft Exchange Updates with Reliability...
IBM DB2 Denial of Service Vulnerability (CNVD-2023-100313)
IBM DB2 is a relational database management system from International Business Machines IBM. The main execution environments for this system are UNIX, Linux, IBMi, z/OS, and Windows server versions. A denial of service vulnerability exists in IBM DB2 versions 10.5, 11.1, and 11.5, which can be...
The vulnerability of the coreservice_action_script function in the D-View 8 network device management platform allows a hacker to execute arbitrary code.
The vulnerability of the coreserviceactionscript function in the D-View 8 network device management platform is related to the use of dangerous methods or functions. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
JSpector - A Simple Burp Suite Extension To Crawl JavaScript (JS) Files In Passive Mode And Display The Results Directly On The Issues
JSpector is a Burp Suite extension that passively crawls JavaScript files and automatically creates issues with URLs, endpoints and dangerous methods found on the JS files. Prerequisites Before installing JSpector, you need to have Jython installed on Burp Suite. Installation 1. Download the late...
FBI and CISA Release Update on AvosLocker Advisory
Today, the Federal Bureau of Investigation FBI and the Cybersecurity and Infrastructure Security Agency CISA released a joint Cybersecurity Advisory CSA, StopRansomware: AvosLocker Ransomware Update to disseminate known indicators of compromise IOCs, tactics, techniques, and procedures TTPs, and...
The vulnerability in the web server software for Inductive Automation Ignition allows a perpetrator to execute arbitrary code.
The vulnerability of Inductive Automation Ignition’s web server software-related to the use of dangerous methods or functions. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code on the target system or cause service failures...
gnark-crypto's exponentiation in the pairing target group GT using GLV can give incorrect results
Impact When the exponent is bigger than r, the group order of the pairing target group GT, the exponentiation à la GLV ExpGLV can sometimes give incorrect results compared to normal exponentiation Exp. The issue impacts all users using ExpGLV for exponentiations in GT. This does not impact Exp an...
GHSA-498W-5J49-VQJG gnark unsoundness in variable comparison / non-unique binary decomposition
Impact For some in-circuit values, it is possible to construct two valid decomposition to bits. In addition to the canonical decomposition of a, for small values there exists a second decomposition for a+r where r is the modulus the values are being reduced by. The second decomposition was possib...
gnark unsoundness in variable comparison / non-unique binary decomposition
Impact For some in-circuit values, it is possible to construct two valid decomposition to bits. In addition to the canonical decomposition of a, for small values there exists a second decomposition for a+r where r is the modulus the values are being reduced by. The second decomposition was possib...
PT-2023-29214 · Gnark · Gnark
Name of the Vulnerable Software and Affected Versions: gnark versions prior to 0.9.0 Description: The issue concerns the construction of two valid decompositions to bits for some in-circuit values, due to overflowing the field where the values are defined. This allows a malicious prover to...