CVE-2022-32074

CVE-2022-32074 affects the osTicket-plugins Storage-FS component (audit/class.audit.php). It is a stored XSS vulnerability where a crafted SVG file can cause arbitrary web scripts/HTML execution. The issue is linked to a commit in the repository (a7842d494889fd5533d13deb3c6a7789768795ae) as part ...

SUSE SLES15 Security Update : resource-agents (SUSE-SU-2022:2336-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:2336-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. C Tenable, Inc...

SUSE SLES15 Security Update : resource-agents (SUSE-SU-2022:2337-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:2337-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. C Tenable, Inc...

SUSE SLES15 Security Update : resource-agents (SUSE-SU-2022:2326-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:2326-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. C Tenable, Inc...

SUSE SLES15 Security Update : resource-agents (SUSE-SU-2022:2325-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:2325-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. C Tenable, Inc...

Parallels Access Agent Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Desktop...

Jwtear - Modular Command-Line Tool To Parse, Create And Manipulate JWT Tokens For Hackers

A modular command-line tool to parse, create and manipulate JSON Web TokenJWT tokens for security testing purposes. Features Complete modularity. All commands are plugins. Easy to add new plugins. Support JWS and JWE tokens. Easy interface for plugins. follow the template example Flexible token...

Jenkins user enumeration vulnerability

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins suffers from a user enumeration vulnerability that stems from an observable time difference between a valid user a...

The vulnerability of PDF browser plugins for Google Chrome and Microsoft Edge allows attackers to disclose protected information.

The vulnerability of PDF browser plugins for Google Chrome and Microsoft Edge is related to improperly implemented security checks for standard elements. Exploiting this vulnerability allows a malicious actor to disclose protected information through a specially created web page...

com.splunk.splunkins:splunk-devops-extend (>=1.0 <=1.7.0), com.testinium.jenkins:testinium (=1.0) +27 more potentially affected by CVE-2022-34177 via org.jenkins-ci.plugins:pipeline-input-step (>=2.0 <=2.8)

org.jenkins-ci.plugins:pipeline-input-step MAVEN version =2.0, =1.0, =0.0.15, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.1-preview-4, =2.2.0, =1.8-beta-1, =1.8-beta-1, =2.0, =2.5 and more Source cves: CVE-2022-34177 Source advisory: OSV:GHSA-29Q6-P2CG-4V23...

com.thalesgroup.jenkins-ci.plugins:cpptest (>=0.10 <=0.14), org.jenkins-ci.plugins:gallio (>=1.6 <=1.8) +4 more potentially affected by CVE-2022-34181 via org.jenkins-ci.plugins:xunit (>=1.23 <=1.91)

org.jenkins-ci.plugins:xunit MAVEN version =1.23, =0.10, =1.6, =0.13, =1.0, =1.1 Source cves: CVE-2022-34181 Source advisory: OSV:GHSA-298J-9Q4W-6RM4...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1602 more potentially affected by CVE-2022-34174 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.33)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2022-34174 Source advisory: OSV:GHSA-9GRJ-J43M-MJQR...

GHSA-JHFV-8936-G652 Cross-site Scripting in Jenkins Hidden Parameter Plugin

Jenkins Hidden Parameter Plugin 0.0.4 and earlier does not escape the name and description of Hidden Parameter parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. Exploitation of this...

Unauthorized view fragment access in Jenkins

Jenkins uses the Stapler web framework to render its UI views. These views are frequently composed of several view fragments, enabling plugins to extend existing views with more content. Before SECURITY-534 was fixed in Jenkins 2.186 and LTS 2.176.2, attackers could in some cases directly access ...

Jenkins 2.335 < 2.356 Information Disclosure Vulnerability (SECURITY-2777) - Linux

Jenkins is prone to an information disclosure vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...

AZL-45294 CVE-2022-29526 affecting package containernetworking-plugins for versions less than 1.6.1-4

Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible...

AZL-43477 CVE-2022-29526 affecting package containernetworking-plugins 1.1.1-17

Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible...

Malicious Package

Overview cxf-plugins is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

LaikeTui 代码问题漏洞

LaikeTui Laike e-commerce is a stable and small open source mall system for individual developers. LaikeTui 3.5.0 version of a security vulnerability , the vulnerability stems from any file upload can exist in the background plug-ins , attackers can use the vulnerability to execute arbitrary code...

Malicious code in wm-plugins-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d71d93b59b13c9e104289423006a7840efc7c6e11c15743f9c74c7669e712cc1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...