CVE-2018-1000142

An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials...

CVE-2018-1000142

CVE-2018-1000142 affects the Jenkins GitHub Pull Request Builder Plugin (versions 1.39.0 and older). The root cause is exposure of credentials stored in GhprbCause.java, allowing an attacker with local file system access to obtain GitHub credentials. The impact is sensitive credential disclosure ...

CVE-2018-1000143

An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials...

Kallithea < 0.3.2 Multiple Vulnerabilities

Kallithea is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:kallithea:kallithea"; ifdescripti...

Regular Expression Denial of Service

Overview Affected versions of string are vulnerable to regular expression denial of service when specifically crafted untrusted user input is passed into the underscore or unescapeHTML methods. Recommendation There is currently no direct patch for this vulnerability. Currently, the best solution ...

openvswitch: Integer underflow in the ofputil_pull_queue_get_config_reply10 function

An unsigned integer wrap around that led to a buffer over-read was found when parsing OFPTQUEUEGETCONFIGREPLY messages in Open vSwitch OvS. An attacker could use this issue to cause a remote denial of service attack...

Atlassian Bitbucket Server Directory Traversal Vulnerability

Atlassian Bitbucket Server is a Git code hosting solution from Atlassian Australia. The solution is capable of managing and reviewing code with features such as diff view, JIRA integration and build integration. A directory traversal vulnerability exists in the pull requests resource in Atlassian...

CVE-2016-3114

Kallithea before 0.3.2 allows remote authenticated users to edit or delete open pull requests or delete comments by leveraging read access...

Design/Logic Flaw

Kallithea before 0.3.2 allows remote authenticated users to edit or delete open pull requests or delete comments by leveraging read access...

CVE-2016-3114

Kallithea before 0.3.2 allows remote authenticated users to edit or delete open pull requests or delete comments by leveraging read access...

CVE-2016-3114

Kallithea before 0.3.2 allows remote authenticated users to edit or delete open pull requests or delete comments by leveraging read access...

Atlassian Bitbucket Directory Traversal Vulnerability (BSERV-8819)

Atlassian Bitbucket is prone to a directory traversal vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2016-4320

Atlassian Bitbucket Server before 4.7.1 allows remote attackers to read the first line of an arbitrary file via a directory traversal attack on the pull requests resource...

CVE-2016-4320

Atlassian Bitbucket Server before 4.7.1 allows remote attackers to read the first line of an arbitrary file via a directory traversal attack on the pull requests resource...

Moxa MX-AOPC UA Server 1.5 XML Injection

Credits: John Page AKA HYP3RLINX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MOXA-MX-AOPC-SERVER-v1.5-XML-EXTERNAL-ENTITY.txt + ISR: ApparitionSec Vendor: ============ www.moxa.com Product: ======================= MX-AOPC UA SERVER - 1.5 Moxa's MX-AOPC...

Drupal Facebook Pull Module Cross-Site Scripting Vulnerability

Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.Facebook Pull is one of the modules. A cross-site scripting vulnerability exists in the Drupal Facebook Pull module. This vulnerability can be exploited to execute arbitrary script code...

Facebook Pull - Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2017-011

This module enables you to add integration with Facebook API. The module doesn't sufficiently sanitize incoming data from Facebook. This vulnerability is mitigated by the fact that an attacker must have be able to successfully pass malicious code through Facebook API or alter facebooks DNS and...

reversemap - Analyse SQL injection attempts in web server logs

Analyse SQL injection attempts in web server logs The program can either be run in batch mode or interactive mode. In batch mode the program will accept Apache web server logs and will deobfuscate requested URLs from the logs. In interactive mode the program will prompt for user input and will...

docker-engine docker-engine-selinux security and bugfix update

1.12.6-1.0.1 - Enable configuration of Docker daemon via sysconfig orabug 21804877 - Require UEK4 for docker 1.9 orabug 22235639 22235645 - Add docker.conf for prelink orabug 25147708 1.12.6 - the systemd unit file /usr/lib/systemd/system/docker.service contains local changes, or - a systemd...

XSS in pull request inbox

A potential XSS issue was identified in the pull request inbox, and has been fixed in Bitbucket Server 4.12.1...