Jenkins plugins Multiple Vulnerabilities (2022-09-21)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins 2.367 through 2.369 both inclusive does not escape tooltips of the l:helpIcon UI component used for some help icons on the Jenkins...

DEBIAN-CVE-2022-31008

RabbitMQ is a multi-protocol messaging and streaming broker. In affected versions the shovel and federation plugins perform URI obfuscation in their worker link state. The encryption key used to encrypt the URI was seeded with a predictable secret. This means that in case of certain exceptions...

CVE-2022-31008 Predictable credential obfuscation seed value used in rabbitmq-server

RabbitMQ is a multi-protocol messaging and streaming broker. In affected versions the shovel and federation plugins perform URI obfuscation in their worker link state. The encryption key used to encrypt the URI was seeded with a predictable secret. This means that in case of certain exceptions...

CVE-2022-31008 Predictable credential obfuscation seed value used in rabbitmq-server

RabbitMQ is a multi-protocol messaging and streaming broker. In affected versions the shovel and federation plugins perform URI obfuscation in their worker link state. The encryption key used to encrypt the URI was seeded with a predictable secret. This means that in case of certain exceptions...

CVE-2022-31008

RabbitMQ is a multi-protocol messaging and streaming broker. In affected versions the shovel and federation plugins perform URI obfuscation in their worker link state. The encryption key used to encrypt the URI was seeded with a predictable secret. This means that in case of certain exceptions...

Ubuntu 16.04 ESM : JACK vulnerability (USN-5656-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5656-1 advisory. Joseph Yasi discovered that JACK incorrectly handled the closing of a socket in certain conditions. An attacker could potentially use this issue to cause a crash...

Snyk CLI affected by Command Injection vulnerability

Snyk CLI before 1.996.0 allows arbitrary command execution, affecting Snyk IDE plugins and the snyk npm package. Exploitation could follow from the common practice of viewing untrusted files in the Visual Studio Code editor, for example. The original demonstration was with shell metacharacters in...

CVE-2022-40764

Snyk CLI before 1.996.0 allows arbitrary command execution, affecting Snyk IDE plugins and the snyk npm package. Exploitation could follow from the common practice of viewing untrusted files in the Visual Studio Code editor, for example. The original demonstration was with shell metacharacters in...

CVE-2022-40764

Snyk CLI before 1.996.0 allows arbitrary command execution, affecting Snyk IDE plugins and the snyk npm package. Exploitation could follow from the common practice of viewing untrusted files in the Visual Studio Code editor, for example. The original demonstration was with shell metacharacters in...

Command injection

Snyk CLI before 1.996.0 allows arbitrary command execution, affecting Snyk IDE plugins and the snyk npm package. Exploitation could follow from the common practice of viewing untrusted files in the Visual Studio Code editor, for example. The original demonstration was with shell metacharacters in...

CVE-2022-40764

CVE-2022-40764 affects Snyk CLI and related IDE plugins; before 1.996.0, it allowed arbitrary command execution, potentially via viewing untrusted files in VS Code. The original demonstration involved shell metacharacters in the vendor.json ignore field, affecting snyk-go-plugin before 1.19.1 and...

CVE-2022-40764

Snyk CLI before 1.996.0 allows arbitrary command execution, affecting Snyk IDE plugins and the snyk npm package. Exploitation could follow from the common practice of viewing untrusted files in the Visual Studio Code editor, for example. The original demonstration was with shell metacharacters in...

DeftTorero: tactics, techniques and procedures of intrusions revealed

Earlier this year, we started hunting for possible new DeftTorero aka Lebanese Cedar, Volatile Cedar artifacts. This threat actor is believed to originate from the Middle East and was publicly disclosed to the cybersecurity community as early as 2015. Notably, no other intelligence was shared unt...

Code Injection

Overview snyk is a advanced tool that scans and monitors projects for security vulnerabilities. Affected versions of this package are vulnerable to Code Injection. when analyzing a project. An attacker who can convince a user to scan a malicious project can include commands in a build file such a...

LDAP Active Directory - Identity Data Enumeration

Binary data ldapenum.nbin...

CVE-2022-37328 WordPress History Timeline plugin <= 1.0.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated author+ Stored Cross-Site Scripting XSS vulnerability in Themes Awesome History Timeline plugin = 1.0.5 at WordPress...

com.blazemeter:jmeter-plugins-directory-listing (>=0.2 <=0.3), com.blazemeter:jmeter-plugins-random-csv-data-set (>=0.6 <=0.8) +134 more potentially affected by CVE-2022-40705 via soap:soap (>=2.3 <=2.3.1)

soap:soap MAVEN version =2.3, =0.2, =0.6, =0.3, =1.0.0, =0.0.0, =0.0.0, =1.3.1-2.6, =1.4, =1.0.0-2.13, =1.1.0, =1.0.0, =1.1.3 and more Source cves: CVE-2022-40705 Source advisory: OSV:GHSA-JQ8C-J47C-VVWM...

com.groupon.jenkins-ci.plugins:DotCi-Fig-template (=1.1.0), com.groupon.jenkins-ci.plugins:DotCi-InstallPackages (>=1.1.3 <=1.3.1) +3 more potentially affected by CVE-2022-41238 via com.groupon.jenkins-ci.plugins:DotCi (>=1.0.0 <=2.32.1)

com.groupon.jenkins-ci.plugins:DotCi MAVEN version =1.0.0, =1.1.3, =1.7.2, =1.0.0, =1.0.0, =1.1.2 Source cves: CVE-2022-41238 Source advisory: OSV:GHSA-9MC6-VGMQ-X6XF...

com.groupon.jenkins-ci.plugins:DotCi-Fig-template (=1.1.0), com.groupon.jenkins-ci.plugins:DotCi-InstallPackages (>=1.1.3 <=1.3.1) +3 more potentially affected by CVE-2022-41239 via com.groupon.jenkins-ci.plugins:DotCi (>=1.0.0 <=2.32.1)

com.groupon.jenkins-ci.plugins:DotCi MAVEN version =1.0.0, =1.1.3, =1.7.2, =1.0.0, =1.0.0, =1.1.2 Source cves: CVE-2022-41239 Source advisory: OSV:GHSA-Q9G4-9FX4-V533...

com.groupon.jenkins-ci.plugins:DotCi-Fig-template (=1.1.0), com.groupon.jenkins-ci.plugins:DotCi-InstallPackages (>=1.1.3 <=1.3.1) +3 more potentially affected by CVE-2022-41237 via com.groupon.jenkins-ci.plugins:DotCi (>=1.0.0 <=2.32.1)

com.groupon.jenkins-ci.plugins:DotCi MAVEN version =1.0.0, =1.1.3, =1.7.2, =1.0.0, =1.0.0, =1.1.2 Source cves: CVE-2022-41237 Source advisory: OSV:GHSA-X3JJ-RGW9-7R5G...