CVE-2019-1003020

A server-side request forgery vulnerability exists in Jenkins Kanboard Plugin 1.5.10 and earlier in KanboardGlobalConfiguration.java that allows attackers with Overall/Read permission to submit a GET request to an attacker-specified URL...

CVE-2018-1000416

The CVE-2018-1000416 entry concerns Jenkins Job Config History Plugin (versions up to 2.18) with a reflected cross-site scripting (XSS) flaw in all Jelly files that allows an attacker to inject arbitrary HTML into Jenkins output shown to users who have Job/Configure access. This is a client-side ...

CVE-2018-20576

Orange Livebox 00.96.320S devices allow cgi-bin/autodialing.exe and cgi-bin/phonetest.exe CSRF, leading to arbitrary outbound telephone calls to an attacker-specified telephone number. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan...

PT-2018-3321 · Tp Link · Tp-Link Tl-R600Vpn

Name of the Vulnerable Software and Affected Versions: TP-Link TL-R600VPN affected versions not specified Description: A remote code execution issue exists in the HTTP header-parsing function of the TP-Link TL-R600VPN HTTP Server. This is caused by a buffer overflow when a specially crafted HTTP...

CVE-2018-1999039

A server-side request forgery vulnerability exists in Jenkins Confluence Publisher Plugin 2.0.1 and earlier in ConfluenceSite.java that allows attackers to have Jenkins submit login requests to an attacker-specified Confluence server URL with attacker specified credentials...

CVE-2017-5463

Android intents can be used to launch Firefox for Android in reader mode with a user specified URL. This allows an attacker to spoof the contents of the addressbar as displayed to users. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerabili...

CloudBees Jenkins Git Plugin Multiple File Server-Side Request Forgery Vulnerability

CloudBees Jenkins is the U.S. CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and a number of timed tasks . Git Plugin is used in one of the version control plugin . A...

PT-2018-16159 · Bracket · Bracket-Template

Name of the Vulnerable Software and Affected Versions: bracket-template affected versions not specified Description: The issue is related to reflected XSS, which can occur when a variable passed via a GET parameter is used in a template. Recommendations: At the moment, there is no information abo...

CVE-2018-1000183

A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubServerConfig.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing...

PT-2022-10319 · Alt +1 · Alt Linux

Name of the Vulnerable Software and Affected Versions: ALT Linux affected versions not specified Description: General information about the issue is not provided. There is no information about the estimated number of potentially affected devices worldwide or details about real-world incidents whe...

PT-2018-4064 · Manageiq · Manageiq Evm

Name of the Vulnerable Software and Affected Versions: ManageIQ Enterprise Virtualization Manager EVM affected versions not specified Description: A cross-site request forgery CSRF issue allows remote attackers to hijack user authentication for requests with unspecified impact. The exact vectors...

PT-2018-5001 · Antenna House · Antenna House Dmc Htmlfilter

Name of the Vulnerable Software and Affected Versions: AntennaHouse DMC HTMLFilter affected versions not specified Description: An exploitable heap corruption issue exists in the DHFSummary functionality. Recommendations: At the moment, there is no information about a newer version that contains ...

PT-2018-2606 · Moxa · Moxa Eds +1

Name of the Vulnerable Software and Affected Versions: Moxa IKS and EDS affected versions not specified Description: The issue is related to a failure in properly checking array bounds, which may allow an attacker to read device memory at arbitrary addresses. This could potentially lead to the...

Error: "This Operation Cannot be Performed Because a VDI is in Use by Some Other Operation"

Starting vm fail unable to find the disk OR Unable to start a VM error : "this operation cannot be performed because a VDI is in use by some other operation" OR Unable to start a VM , error : "The SR failed to complete the operation" OR Unable to start the VM , error : "This operation cannot be...

shop.obkladypasek.cz XSS vulnerability

Open Bug Bounty ID: OBB-582520 Description| Value ---|--- Affected Website:| shop.obkladypasek.cz Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CVE-2018-7226

An issue was discovered in vcSetXCutTextProc in VNConsole.c in LinuxVNC and VNCommand from the LibVNC/vncterm distribution through 0.9.10. Missing sanitization of the client-specified message length may cause integer overflow or possibly have unspecified other impact via a specially crafted VNC...

ipage.com XSS vulnerability

Open Bug Bounty ID: OBB-558108 Description| Value ---|--- Affected Website:| ipage.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Security feature bypass

The crash reporting feature in Abrt allows local users to gain privileges by leveraging an execve by root after a chroot into a user-specified directory in a namedspaced environment...

PT-2018-8395 · Canonical +2 · Cpio

Name of the Vulnerable Software and Affected Versions: No vulnerable software or affected versions specified. Description: The provided information does not contain details about a specific issue. It appears to be related to the management of vulnerability identifiers, indicating that a particula...

[SECURITY] Fedora 25 Update: backintime-1.1.24-1.fc25

Back In Time is a simple backup system for Linux inspired from =EF=BF=BD=EF=BF=BD=EF=BF=BDflyback project=EF=BF=BD=EF=BF=BD=EF=BF=BD and =EF=BF=BD=EF=BF=BD=EF=BF=BDTimeVault=EF=BF=BD=EF=BF=BD=EF=BF=BD. The backup is done by taking snapshots of a specified set of directories...