com.groupon.jenkins-ci.plugins:DotCi-Plugins-Starter-Pack (>=1.7.2 <=1.8.2), com.groupon.jenkins.plugins:DotCi-Plugins-Starter-Pack (>=1.0.0 <=1.7.1) +30 more potentially affected by CVE-2019-10307 via org.jvnet.hudson.plugins:analysis-core (>=1.0 <=1.94)

org.jvnet.hudson.plugins:analysis-core MAVEN version =1.0, =1.7.2, =1.0.0, =0.9, =2.5.0, =2.5.0, =2.5.0, =2.5.0, =0.7, =1.20, =1.0.1, =0.3, =7.97, =1.0, =1.0, =1.20 and more Source cves: CVE-2019-10307 Source advisory: OSV:GHSA-3V9F-4VFF-RX42...

aero.albers.osmbse:mdzip-process-sources-maven-plugin (=0.0.1), aero.albers.osmbse:mdzip-validate-maven-plugin (=0.0.1) +4584 more potentially affected by CVE-2022-29599 via org.apache.maven.shared:maven-shared-utils (>=0.1 <=3.2.1)

org.apache.maven.shared:maven-shared-utils MAVEN version =0.1, =1.0.0, =2.0.2.RELEASE, =2.0.0.RELEASE, =1.0.0, =1.0.0, =4.1.0, =4.0.0, =3.5.6, =3.5.6, =1.0, =3.3 - au.net.causal.maven.plugins:browserbox-maven-plugin =1.0 and more Source cves: CVE-2022-29599 Source advisory: OSV:GHSA-RHGR-952R-6P8...

Jenkins plugins Multiple Vulnerabilities (2022-04-12)

According to its their self-reported version number, the version of Jenkins plugins running on the remote web server are Jenkins CVS Plugin prior to 2.19.1, Credentials Plugin prior to 1112., Extended Choice Parameter Plugin 346. or earlier, Gerrit Trigger Plugin prior to 2.35.3, Git Parameter...

CVE-2018-20430

GNU Libextractor through 1.8 has an out-of-bounds read vulnerability in the function historyextract in plugins/ole2extractor.c, related to EXTRACTORcommonconverttoutf8 in common/convert.c...

CVE-2022-29432

Multiple Authenticated administrator or higher user role Persistent Cross-Site Scripting XSS vulnerabilities in TMS-Plugins wpDataTables plugin = 2.1.27 on WordPress via &data-link-text, &data-link-url, &data, &data-shortcode, &data-star-num vulnerable parameters...

Cross site scripting

Multiple Authenticated administrator or higher user role Persistent Cross-Site Scripting XSS vulnerabilities in TMS-Plugins wpDataTables plugin = 2.1.27 on WordPress via &data-link-text, &data-link-url, &data, &data-shortcode, &data-star-num vulnerable parameters...

CVE-2022-29432 WordPress wpDataTables plugin <= 2.1.27 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities

Multiple Authenticated administrator or higher user role Persistent Cross-Site Scripting XSS vulnerabilities in TMS-Plugins wpDataTables plugin = 2.1.27 on WordPress via &data-link-text, &data-link-url, &data, &data-shortcode, &data-star-num vulnerable parameters...

CVE-2022-29432

CVE-2022-29432 covers multiple authenticated persistent XSS vulnerabilities in the WordPress plugin wpDataTables (versions

CVE-2022-29434

The CVE-2022-29434 entry concerns the WordPress Spiffy Calendar plugin (versions

[SECURITY] Fedora 35 Update: pidgin-2.14.6-3.fc35

Pidgin allows you to talk to anyone using a variety of messaging protocols including AIM, MSN, Yahoo!, Jabber, Bonjour, Gadu-Gadu, ICQ, IRC, Novell Groupwise, QQ, Lotus Sametime, Simple and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just add an...

[SECURITY] Fedora 34 Update: pidgin-2.14.1-4.fc34

Pidgin allows you to talk to anyone using a variety of messaging protocols including AIM, MSN, Yahoo!, Jabber, Bonjour, Gadu-Gadu, ICQ, IRC, Novell Groupwise, QQ, Lotus Sametime, Simple and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just add an...

Path traversal in Jenkins Git Mercurial and Repo Plugins

Jenkins SCMs support a number of different URL schemes, including local file system paths e.g. using file: URLs. Historically in Jenkins, only agents checked out from SCM, and if multiple projects share the same agent, there is no expected isolation between builds besides using different workspac...

br.com.ingenieux.jenkins.plugins:codecommit-url-helper (=0.0.1), com.amcbridge:build-configurator (>=1.0.5.0 <=1.0.6.1) +92 more potentially affected by CVE-2022-30947 via org.jenkins-ci.plugins:git (>=1.2.0 <=4.0.0-rc)

org.jenkins-ci.plugins:git MAVEN version =1.2.0, =1.0.5.0, =1.1.0, =1.9.2-beta, =1.9, =4.0.9, =1.1.0, =1.0.0, =1.0.1, =1.1.3, =1.7.2, =1.1.0, =1.0.0, =1.0.22, =1.0.57 and more Source cves: CVE-2022-30947 Source advisory: OSV:GHSA-84CM-VJWM-M979...

GHSA-84CM-VJWM-M979 Path traversal in Jenkins Git Mercurial and Repo Plugins

Jenkins SCMs support a number of different URL schemes, including local file system paths e.g. using file: URLs. Historically in Jenkins, only agents checked out from SCM, and if multiple projects share the same agent, there is no expected isolation between builds besides using different workspac...

at.molindo:git-commit-id-plugin (=2.1.10-alpha-1), at.nonblocking:nonsnapshot-maven-plugin (=3.0.1) +512 more potentially affected by CVE-2014-9390 via org.eclipse.jgit:org.eclipse.jgit (>=1.2.0.201112221803-r <=3.5.2.201411120430-r)

org.eclipse.jgit:org.eclipse.jgit MAVEN version =1.2.0.201112221803-r, =2.0.0, =2.0.4, =0.1.1, =0.1.1, =0.0.1, =0.2.8, =1.0.2, =2.0.0, =0.9.0, =1.1.0, =0.0.2, =0.0.7 and more Source cves: CVE-2014-9390 Source advisory: OSV:GHSA-6VVC-C2M3-CJF3...

CVE-2022-29436 WordPress Code Snippets Extended plugin <= 1.4.7 - Cross-Site Request Forgery (CSRF) vulnerability leading to Persistent Cross-Site Scripting (XSS)

Persistent Cross-Site Scripting XSS vulnerability in Alexander Stokmann's Code Snippets Extended plugin = 1.4.7 on WordPress via Cross-Site Request Forgery vulnerable parameters &title, &snippetcode...

new packages: dnf-plugins-core

An update is available for dnf-plugins-core. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

new packages: gstreamer1-plugins-good

An update is available for gstreamer1-plugins-good. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the...

new packages: gstreamer1-plugins-bad-free

An update is available for gstreamer1-plugins-bad-free. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see...

new packages: grilo-plugins

An update is available for grilo-plugins. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...