EUVD-2022-1404

Malicious code in bioql PyPI...

VulnCheck KEV: CVE-2022-43769

Hitachi Vantara Pentaho BA Server contains a special element injection vulnerability that allows an attacker to inject Spring templates into properties files, allowing for arbitrary command execution...

[SECURITY] Fedora 40 Update: apache-commons-configuration-2.10.1-1.fc40

The Commons Configuration software library provides a generic configuration interface which enables a Java application to read configuration data from a variety of sources. Commons Configuration provides typed access to single, and multi-valued configuration parameters as demonstrated by the...

Cross-site Scripting (XSS)

showdoc/showdoc is vulnerable to cross-site scripting. An attacker can inject and execute malicious javascript through the .properties files...

showdoc .properties file upload vulnerability (CNVD-2022-20508)

showdoc is an open source tool for IT teams to share documents online. showdoc versions prior to v2.10.4 are vulnerable to file uploads, which stem from the lack of effective detection of .properties file extensions in the application's file upload feature. An attacker could use this vulnerabilit...

CVE-2022-27203

Jenkins Extended Choice Parameter Plugin 346.vd87693c5a86c and earlier allows attackers with Item/Configure permission to read values from arbitrary JSON and Java properties files on the Jenkins controller...

CVE-2022-27203

Jenkins Extended Choice Parameter Plugin 346.vd87693c5a86c and earlier allows attackers with Item/Configure permission to read values from arbitrary JSON and Java properties files on the Jenkins controller...

PT-2022-18290 · Jenkins · Jenkins Extended Choice Parameter Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Extended Choice Parameter Plugin versions 346.vd87693c5a 86c and earlier Description: The issue allows attackers with Item/Configure permission to read values from arbitrary JSON and Java properties files on the Jenkins controller...

Whispers - Identify Hardcoded Secrets In Static Structured Text

"My little birds are everywhere, even in the North, they whisper to me the strangest stories." - Lord Varys Whispers is a static code analysis tool designed for parsing various common data formats in search of hardcoded credentials and dangerous functions. Whispers can run in the CLI or you can...

Pentaho Business Analytics Information Disclosure Vulnerability - Active Check

Pentaho Business Analytics is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Debian DSA-1621-1 : icedove - several vulnerabilities

Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-0304 It was discovered that a buffer overflow in MIME decoding can lead t...

DSA-1621-1 icedove - several vulnerabilities

Bulletin has no description...

Debian: Security Advisory (DSA-1607-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...