OpenConext-EngineBlock 5.7.3 Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 XSS vulnerabilities were found in multiple pages that allows an attacker to inject arbitrary web scripts. The Twig PHP extension configuration was not sanitizing user input before display it to the user. Issues fixed in version 5.7.4 and 5.8.0. Git...

CloudBees Jenkins GitHub Pull Request Builder Plugin Information Disclosure Vulnerability

CloudBees Jenkins is a set of Java-based continuous integration tools , it is mainly used to monitor the continuous software version release/testing projects and some timed tasks.GitHub Pull Request Builder Plugin is used in one of the automatic update of the GitHub code plugin . An information...

CVE-2018-1000186

A exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin 1.41.0 and older in GhprbGitHubAuth.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another...

CVE-2018-1000186

A exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin 1.41.0 and older in GhprbGitHubAuth.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another...

CVE-2018-1000186

A exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin 1.41.0 and older in GhprbGitHubAuth.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another...

CVE-2018-1000186

Affected software: Jenkins GitHub Pull Request Builder Plugin (GhprbGitHubAuth.java) up to version 1.41.0. The vulnerability allows attackers with Overall/Read access to connect to an attacker‑specified URL using attacker‑provided credentials IDs, enabling capture of credentials stored in Jenkins...

MODX Revolution CMS <= 2.6.3 Stored XSS Vulnerability

MODX CMS is prone to a stored cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Design/Logic Flaw

An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials...

CVE-2018-1000142

An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials...

CVE-2018-1000143

An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials...

CVE-2018-1000142

An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials...

CVE-2018-1000143

An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials...

CVE-2018-1000142

CVE-2018-1000142 affects the Jenkins GitHub Pull Request Builder Plugin (versions 1.39.0 and older). The root cause is exposure of credentials stored in GhprbCause.java, allowing an attacker with local file system access to obtain GitHub credentials. The impact is sensitive credential disclosure ...

CVE-2018-1000143

An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials...

Regular Expression Denial of Service

Overview Affected versions of string are vulnerable to regular expression denial of service when specifically crafted untrusted user input is passed into the underscore or unescapeHTML methods. Recommendation There is currently no direct patch for this vulnerability. Currently, the best solution ...

XSS in pull request inbox

A potential XSS issue was identified in the pull request inbox, and has been fixed in Bitbucket Server 4.12.1...

XSS in pull request inbox

A potential XSS issue was identified in the pull request inbox, and has been fixed in Bitbucket Server 4.12.1...

openSUSE Security Update : python-Jinja2 (openSUSE-2016-1159)

This update for python-Jinja2 fixes the following issues : Update to version 2.8 : - Added target parameter to urlize function. - Added support for followsymlinks to the file system loader. - The truncate filter now counts the length. - Added equalto filter that helps with select filters. - Chang...

Internet Bug Bounty: Integer overflow in wordwrap

https://github.com/php/php-src/pull/1738issuecomment-174260748...

Authentication Bypass

Overview Versions of hapi-auth-jwt2 prior to version 5.1.2 are affected by a complete authentication bypass vulnerability when in the try authentication mode. Recommendation Update to version 5.1.2 or later. References - Issue 111 - PR 112 - GitHub Advisory...