40 matches found
Keras 代码问题漏洞
Keras is an open-source deep learning framework with multiple backends. Version 3.13.0 of Keras contains a code vulnerability that stems from the TFSLayer class’s unconditional loading of external SavedModels, which may lead to arbitrary code execution...
EUVD-1999-1497
Malware in sbrugna...
EUVD-1999-1496
Malware in sbrugna...
EUVD-2022-2769
Malicious code in bioql PyPI...
Credentials stored in plain text by Jenkins tfs Plugin
tfs Plugin 5.157.1 and earlier stores a webhook secret unencrypted in its global configuration file hudson.plugins.tfs.TeamPluginGlobalConfig.xml on the Jenkins controller as part of its configuration. This secret can be viewed by attackers with access to the Jenkins controller file system...
GHSA-W6C2-JRHH-JRXG Credentials stored in plain text by Jenkins tfs Plugin
tfs Plugin 5.157.1 and earlier stores a webhook secret unencrypted in its global configuration file hudson.plugins.tfs.TeamPluginGlobalConfig.xml on the Jenkins controller as part of its configuration. This secret can be viewed by attackers with access to the Jenkins controller file system...
GHSA-6C7R-6P5M-CP82 Improper Neutralization of Input During Web Page Generation in Jenkins Git Plugin
Jenkins Git Plugin 4.2.0 and earlier does not escape the error message for the repository URL for Microsoft TFS field form validation, resulting in a stored cross-site scripting vulnerability...
Improper Neutralization of Input During Web Page Generation in Jenkins Git Plugin
Jenkins Git Plugin 4.2.0 and earlier does not escape the error message for the repository URL for Microsoft TFS field form validation, resulting in a stored cross-site scripting vulnerability...
Design/Logic Flaw
Jenkins Team Foundation Server Plugin 5.157.1 and earlier stores a webhook secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system...
Cross-site Scripting (XSS)
jenkins-git-plugin is vulnerable to cross-site scripting. It does not escape the error message for the repository URL for Microsoft TFS field form validation...
CVE-2020-2136
Jenkins Git Plugin 4.2.0 and earlier does not escape the error message for the repository URL for Microsoft TFS field form validation, resulting in a stored cross-site scripting vulnerability...
CVE-2020-2136
Jenkins Git Plugin 4.2.0 and earlier does not escape the error message for the repository URL for Microsoft TFS field form validation, resulting in a stored cross-site scripting vulnerability...
CVE-2020-2136
Jenkins Git Plugin 4.2.0 and earlier does not escape the error message for the repository URL for Microsoft TFS field form validation, resulting in a stored cross-site scripting vulnerability...
Cross site scripting
Jenkins Git Plugin 4.2.0 and earlier does not escape the error message for the repository URL for Microsoft TFS field form validation, resulting in a stored cross-site scripting vulnerability...
CVE-2020-2136
Jenkins Git Plugin 4.2.0 and earlier does not escape the error message for the repository URL for Microsoft TFS field form validation, resulting in a stored cross-site scripting vulnerability...
CVE-2020-2136
Jenkins Git Plugin 4.2.0 and earlier does not escape the error message for the repository URL for Microsoft TFS field form validation, resulting in a stored cross-site scripting vulnerability...
CVE-2019-1072
Azure DevOps Server and Team Foundation Server (TFS) are affected by a remote code execution vulnerability caused by improper handling of user input. Exploitation can occur when an attacker uploads a specially crafted file to an affected server, potentially allowing code execution in the context ...
Remote code execution
Sitecore Experience Platform XP prior to 9.1.1 is vulnerable to remote code execution via deserialization, aka TFS 293863. An authenticated user with necessary permissions is able to remotely execute OS commands by sending a crafted serialized object...
CVE-2019-11080
Sitecore Experience Platform XP prior to 9.1.1 is vulnerable to remote code execution via deserialization, aka TFS 293863. An authenticated user with necessary permissions is able to remotely execute OS commands by sending a crafted serialized object...
CVE-2019-11080
Sitecore Experience Platform (XP) prior to 9.1.1 is affected by a deserialization-based remote code execution vulnerability (CVE-2019-11080). An authenticated user with the required permissions can remotely execute OS commands by sending a crafted serialized object. Public sources (including Red ...