Security Bulletin: cups vulnerability in BAMOE 8.0.5 images

Summary There was a cups library vulnerability in BAMOE 8.0.5 images, transitively brought in by RHEL base OS image layer. Vulnerability Details CVEID:CVE-2024-47175 DESCRIPTION: OpenPrinting libppd could allow a remote attacker to execute arbitrary command on the system, caused by the failure to...

CVE-2025-30222

Shescape is a simple shell escape library for JavaScript. Versions 1.7.2 through 2.1.1 are vulnerable to potential environment variable exposure on Windows with CMD. This impact users of Shescape on Windows that explicitly configure shell: 'cmd.exe' or shell: true using any of...

Cleartext Transmission of Sensitive Information

Overview Affected versions of this package are vulnerable to Cleartext Transmission of Sensitive Information via the TlsStream process. An attacker can gain access to sensitive information by intercepting unencrypted data. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-arm to version 8.0...

CVE-2020-23064

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-11023. Reason: This candidate is a duplicate of CVE-2020-11023. Notes: All CVE users should reference CVE-2020-11023 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...

Low: Red Hat Security Advisory: OpenShift Container Platform 4.11.43 packages and security update

Red Hat OpenShift Container Platform release 4.11.43 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a...

Agent-to-controller security bypass vulnerability in Jenkins Compuware Topaz Utilities Plugin

Compuware Topaz Utilities Plugin 1.0.8 and earlier implements an agent/controller message that does not limit where it can be executed. It allows attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process. This vulnerability is onl...

Stored XSS vulnerability in Jenkins DotCi Plugin

DotCi Plugin 2.40.00 and earlier does not escape the GitHub user name parameter provided to commit notifications when displaying them in a build cause. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to submit crafted commit notifications to the...

Jenkins WildFly Deployer Plugin vulnerable to path traversal

Jenkins WildFly Deployer Plugin 1.0.2 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system. This vulnerability is only exploitable in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. See the LTS upgrade guide...

PT-2022-25754 · Jenkins · Jenkins +1

Name of the Vulnerable Software and Affected Versions: Jenkins DotCi Plugin versions 2.40.00 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability due to the failure to escape the GitHub user name parameter provided to commit notifications when displaying...

GHSA-CP6Q-836Q-GMJ3 Cross-Site Request Forgery in Jenkins Failed Job Deactivator Plugin

A cross-site request forgery CSRF vulnerability in Jenkins Failed Job Deactivator Plugin 1.2.1 and earlier allows attackers to disable jobs. This CSRF vulnerability is only exploitable in Jenkins 2.286 and earlier, LTS 2.277.1 and earlier. See the LTS upgrade guide...

Stored XSS vulnerability in Jenkins Git Plugin

Jenkins Git Plugin 4.8.2 and earlier does not escape the Git SHA-1 checksum parameters provided to commit notifications when displaying them in a build cause. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to submit crafted commit notifications to th...

Agent-to-controller security bypass in Jenkins Semantic Versioning Plugin

Jenkins Semantic Versioning Plugin defines a controller/agent message that processes a given file as XML and returns version information. The XML parser is not configured to prevent XML external entity XXE attacks, which is only a problem if XML documents are parsed on the Jenkins controller...

GHSA-CFHH-XGWQ-5R67 Sudden swap of user auth tokens in Volto

Impact Due to the usage of an outdated version of the react-cookie library, under the circumstances of given a server high load, it is possible that a user could get his/her auth cookie replaced with the auth cookie from another user, effectively giving him full access to the other users account...

GHSA-2587-W93G-63M2 Agent-to-controller security bypass in Jenkins HashiCorp Vault Plugin allows reading arbitrary files

Jenkins HashiCorp Vault Plugin 336.v182c0fbaaeb7 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system. This allows attackers able to control agent processes to read arbitrary files on the Jenkins controller file system. Thi...

Cilium - eBPF-based Networking, Security, And Observability

Cilium is open source software for providing and transparently securing network connectivity and loadbalancing between application workloads such as application containers or processes. Cilium operates at Layer 3/4 to provide traditional networking and security services as well as Layer 7 to...

PHP 5.2.12 Release Announcement

PHP 5.2.12 Release Announcement The PHP development team would like to announce the immediate availability of PHP 5.2.12. This release focuses on improving the stability of the PHP 5.2.x branch with over 60 bug fixes, some of which are security related. All users of PHP 5.2 are encouraged to...