McDonald’s Ice Cream Machine Hackers Say They Found the ‘Smoking Gun’ That Killed Their Startup

Kytch, the company that tried to fix McDonald’s broken ice cream machines, has unearthed a 3-year-old email it says proves claims of an alleged plot to undermine their business...

Jenkins plugins Multiple Vulnerabilities (2022-12-07)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins Plot Plugin 2.1.11 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. CVE-2022-46682 - Jenki...

SUSE CVE-2018-19490

An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue allows an attacker to conduct a heap-based buffer overflow with an arbitrary amount of data in dfgenerateasciiarrayentry. To exploit this vulnerability, an attacker must pass an overlong string as the right bound of the range...

OpenTSDB 2.4.0 unauthenticated command injection

This module exploits an unauthenticated command injection vulnerability in the yrange parameter in OpenTSDB through 2.4.0 CVE-2020-35476 in order to achieve unauthenticated remote code execution as the root user. The module first attempts to obtain the OpenTSDB version via the api. If the version...

GHSA-WGPP-G6V9-7HXP Jenkins Plot Plugin XML External Entity Reference vulnerability

Jenkins Plot Plugin 2.1.11 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control XML input files for the 'Plot build data' build step to have Jenkins parse a crafted file that uses external entities for extraction of secret...

Jenkins Plot Plugin XML External Entity Reference vulnerability

Jenkins Plot Plugin 2.1.11 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control XML input files for the 'Plot build data' build step to have Jenkins parse a crafted file that uses external entities for extraction of secret...

org.jenkins-ci.plugins:php (=1.0), org.jenkins-ci.plugins:silk-performer-plugin (>=2.0.0-beta <=2.0.1-beta) potentially affected by CVE-2022-46682 via org.jenkins-ci.plugins:plot (>=1.5 <=2.1.0)

org.jenkins-ci.plugins:plot MAVEN version =1.5, =2.0.0-beta, =2.0.1-beta Source cves: CVE-2022-46682 Source advisory: OSV:GHSA-WGPP-G6V9-7HXP...

CVE-2022-46682

Jenkins Plot Plugin 2.1.11 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2022-46682

Jenkins Plot Plugin 2.1.11 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

Xxe

Jenkins Plot Plugin 2.1.11 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2022-46682

Jenkins Plot Plugin 2.1.11 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

PT-2022-27946 · Jenkins · Jenkins Plot Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Plot Plugin versions 2.1.11 and earlier Description: The issue allows attackers who can control XML input files for the 'Plot build data' build step to have Jenkins parse a crafted file that uses external entities for extraction of...

CVE-2022-46682

CVE-2022-46682 affects Jenkins Plot Plugin 2.1.11 and earlier. The root cause is that the plugin’s XML parser did not disable external entity resolution, enabling XXE attacks. Impact is high (CVE metrics show critical severity with potential confidentiality, integrity, and availability impacts). ...

Jenkins Plot Plugin 代码问题漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Plugin is a software application. A code issue vulnerability...

CVE-2022-46682

Jenkins Plot Plugin 2.1.11 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

The January 6 Insurrection Hearings Are Just Heating Up

The US House committee has already uncovered a more organized and sinister plot than many imagined. But history suggests the worst may be yet to come...

org.jenkins-ci.plugins:php (=1.0), org.jenkins-ci.plugins:silk-performer-plugin (>=2.0.0-beta <=2.0.1-beta) potentially affected by CVE-2022-34783 via org.jenkins-ci.plugins:plot (>=1.5 <=2.1.0)

org.jenkins-ci.plugins:plot MAVEN version =1.5, =2.0.0-beta, =2.0.1-beta Source cves: CVE-2022-34783 Source advisory: OSV:GHSA-HPF7-MMQW-G6VQ...

GHSA-HPF7-MMQW-G6VQ Cross-site Scripting in Jenkins Plot Plugin

Jenkins Plot Plugin 2.1.10 and earlier does not escape plot descriptions, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

Cross-site Scripting in Jenkins Plot Plugin

Jenkins Plot Plugin 2.1.10 and earlier does not escape plot descriptions, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

CVE-2022-34783

Jenkins Plot Plugin 2.1.10 and earlier does not escape plot descriptions, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...