933 matches found
plugin: CSRF vulnerability in Script Security Plugin
A cross-site request forgery CSRF vulnerability in Jenkins Script Security Plugin 1158.v7c1b73a69a08 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-specified webserver...
plugin: Lack of authentication mechanism in Git Plugin webhook
The webhook endpoint in Jenkins Git Plugin 4.11.3 and earlier provide unauthenticated attackers information about the existence of jobs configured to use an attacker-specified Git repository...
PT-2023-35899 · Libraw · Libraw
Name of the Vulnerable Software and Affected Versions: LibRaw affected versions not specified Description: The issue is related to an index-out-of-bounds crash. Technical details about the crash include the involvement of specific functions: apply tiff, parse jpeg, and identify. Recommendations: ...
PT-2023-1329 · Netatalk +4 · Netatalk +4
Name of the Vulnerable Software and Affected Versions: Netatalk affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this issue. The specific flaw exists within th...
PT-2023-13633 · Unknown · Wlan Driver
Name of the Vulnerable Software and Affected Versions: Wlan driver affected versions not specified Description: The issue is related to a possible missing parameters check in the wlan driver, which could lead to a local denial of service in wlan services. Recommendations: At the moment, there is ...
PT-2023-15246 · Unknown · Wlan Driver
Name of the Vulnerable Software and Affected Versions: WLAN driver affected versions not specified Description: The issue is related to a possible missing permission check in the WLAN driver, which could lead to local information disclosure. Recommendations: At the moment, there is no information...
EulerOS Virtualization 3.0.2.2 : vim (EulerOS-SA-2023-1303)
According to the versions of the vim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - vim is vulnerable to Heap-based Buffer Overflow CVE-2021-3778, CVE-2021-3872, CVE-2021-3927, CVE-2021-3984, CVE-2021-4019,...
GHSA-PX2F-CQRF-F2QG CSRF vulnerability in Jenkins TestQuality Updater Plugin
A cross-site request forgery CSRF vulnerability in Jenkins TestQuality Updater Plugin 1.3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password...
Missing permission check in Jenkins BearyChat Plugin
A missing permission check in Jenkins BearyChat Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...
Default credentials
A missing check in Jenkins TestQuality Updater Plugin 1.3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password...
CVE-2023-24435
A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2023-24458
A cross-site request forgery CSRF vulnerability in Jenkins BearyChat Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified URL...
CVE-2023-24432
A cross-site request forgery CSRF vulnerability in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2023-24452
A cross-site request forgery CSRF vulnerability in Jenkins TestQuality Updater Plugin 1.3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password...
PT-2023-35746 · Git +1 · Harfbuzz
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap buffer overflow read issue is identified, associated with a crash. The crash involves the OT::Layout::GPOS impl::PairSet and OT::Layout::GPOS...
jenkins-plugin: Cross-site Request Forgery (CSRF) in org.jenkins-ci.plugins:git
A flaw was found in the Git Jenkins plugin. The affected versions of the Git Jenkins Plugin allow attackers to trigger the builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit...
plugin: CSRF vulnerability in Blue Ocean Plugin
A cross-site request forgery CSRF vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server...
PT-2023-1085 · Microsoft · Cryptographic Services +1
Name of the Vulnerable Software and Affected Versions: Microsoft Cryptographic Services affected versions not specified Description: The issue is related to an elevation of privilege vulnerability in Microsoft Cryptographic Services, which is associated with inadequate access restrictions. This...
PT-2023-1270 · Microsoft · 3D Builder
Name of the Vulnerable Software and Affected Versions: 3D Builder affected versions not specified Description: The issue exists due to insufficient input validation in the 3D Builder program, which can allow an attacker to execute arbitrary code on the target system by tricking a user into openin...
PT-2023-1124 · Microsoft · Windows Kernel +1
Name of the Vulnerable Software and Affected Versions: Windows Kernel affected versions not specified Description: The issue is related to insufficient access control in the Windows operating system kernel, which can be exploited to elevate privileges. This allows an attacker to affect the system...