RHCOS 4 : OpenShift Container Platform 4.1 jenkins-2-plugins (RHSA-2019:1636)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:1636 advisory. - jenkins-credentials-plugin: Certificate file read vulnerability in Credentials Plugin SECURITY-1322 CVE-2019-10320 -...

Allocation of Resources Without Limits or Throttling

Overview @fedify/vocab-runtime is a Runtime library for code-generated Activity Vocabulary APIs Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the recursive handling of HTTP redirects in the remote and authenticated document loader...

CVE-2026-34148 Fedify affected by resource exhaustion caused by unbounded redirect following during remote key/document resolution

Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to 1.9.6, 1.10.5, 2.0.8, and 2.1.1, @fedify/fedify follows HTTP redirects recursively in its remote document loader and authenticated document loader without enforcing a maximum redirect count or...

EUVD-2022-5283

Malicious code in bioql PyPI...

GHSA-V558-FHW2-V46W Unsafe entry in Script Security list of approved signatures in Pipeline Remote Loader Plugin

Jenkins Pipeline Remote Loader Plugin before 1.5 provided a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection...

Unsafe entry in Script Security list of approved signatures in Pipeline Remote Loader Plugin

Jenkins Pipeline Remote Loader Plugin before 1.5 provided a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection...

com.btc.ep:btc-embeddedplatform (>=1.9.2-beta <=2.5.9), com.qasymphony.ci.jenkins:qtest (>=1.3.0 <=1.4.6) +16 more potentially affected by CVE-2022-25178 via org.jenkins-ci.plugins.workflow:workflow-cps-global-lib (>=0.1-beta-5 <=2.17)

org.jenkins-ci.plugins.workflow:workflow-cps-global-lib MAVEN version =0.1-beta-5, =1.9.2-beta, =1.3.0, =1.0, =1.0, =1.0, =0.1-beta-5, =1.12.1, =2.2, =1.0.4, =0.1, =1.0, =2.3, =1.0, =1.5 and more Source cves: CVE-2022-25178 Source advisory: OSV:GHSA-5HFV-MG5X-MV32...

CVE-2019-10328

A flaw was found in the Jenkins Workflow Remote Loader plugin. An unsafe whitelist entry was made that allowed invoking arbitrary methods and bypassing sandbox protection. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

jenkins-plugin-workflow-remote-loader: Unsafe Script Security whitelist entry in Pipeline Remote Loader Plugin (SECURITY-921)

A flaw was found in the Jenkins Workflow Remote Loader plugin. An unsafe whitelist entry was made that allowed invoking arbitrary methods and bypassing sandbox protection. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

Sandbox Restrictions Bypass

Jenkins Pipeline Remote Loader Plugin is vulnerable to sandbox restrictions bypass vulnerability. A remote authenticated attacker to bypass security restrictions, caused by an unsafe whitelist entry issue by sending a specially-crafted request...

jenkins-plugin-workflow-remote-loader: Unsafe Script Security whitelist entry in Pipeline Remote Loader Plugin (SECURITY-921)

A flaw was found in the Jenkins Workflow Remote Loader plugin. An unsafe whitelist entry was made that allowed invoking arbitrary methods and bypassing sandbox protection. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

jenkins-plugin-workflow-remote-loader: Unsafe Script Security whitelist entry in Pipeline Remote Loader Plugin (SECURITY-921)

A flaw was found in the Jenkins Workflow Remote Loader plugin. An unsafe whitelist entry was made that allowed invoking arbitrary methods and bypassing sandbox protection. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

CVE-2019-10328

Jenkins Pipeline Remote Loader Plugin 1.4 and earlier provided a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection...

Code injection

Jenkins Pipeline Remote Loader Plugin 1.4 and earlier provided a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection...

CVE-2019-10328

Jenkins Pipeline Remote Loader Plugin 1.4 and earlier provided a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection...

CVE-2019-10328

Jenkins Pipeline Remote Loader Plugin 1.4 and earlier provided a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection...

CVE-2019-10328

CVE-2019-10328 affects Jenkins Pipeline Remote Loader Plugin (before 1.5). An unsafe Script Security whitelist entry allowed attackers to invoke arbitrary methods, bypassing sandbox protection and impacting confidentiality, integrity, and availability. Public references in Red Hat advisory RHSA-2...

PT-2019-2637 · Jenkins · Jenkins Pipeline Remote Loader Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline Remote Loader Plugin versions 1.4 and earlier Description: The issue is related to the custom whitelist for script security in the Jenkins Pipeline Remote Loader Plugin, which allowed attackers to invoke arbitrary methods and...

WebKitGTK 2.1.2 (Ubuntu 14.04) - Heap based Buffer Overflow Exploit

Exploit for linux platform in category local exploits CVE-2014-1303 PoC for Linux CVE-2014-1303 WebKit Heap based BOF proof of concept for Linux. This repository demonstrates the WebKit heap based buffer overflow vulnerability CVE-2014-1303 on Linux. NOTE: Original exploit is written for Mac OS X...