71 matches found
Jenkins Enterprise and Operations Center 2.346.x < 2.346.40.0.17 Multiple Vulnerabilities (CloudBees Security Advisory 2023-05-16)
The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.346.x prior to 2.346.40.0.17. It is, therefore, affected by multiple vulnerabilities including the following: - CSRF vulnerability and missing permission checks in Code Dx Plugin CVE-2023-2195,...
PT-2022-24516 · Jenkins · Jenkins Ns-Nd Integration Performance Publisher Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins NS-ND Integration Performance Publisher Plugin versions 4.8.0.146 and earlier Description: The issue concerns the unconditional disabling of SSL/TLS certificate and hostname validation for several features. There are no known...
CVE-2022-25366
Cryptomator through 1.6.5 allows DYLIB injection because, although it has the flag 0x1000 for Hardened Runtime, it has the com.apple.security.cs.disable-library-validation and com.apple.security.cs.allow-dyld-environment-variables entitlements. An attacker can exploit this by creating a malicious...
PT-2022-17244 · Unknown · Cryptomator
Name of the Vulnerable Software and Affected Versions: Cryptomator versions 1.6.5 and earlier Description: The issue allows DYLIB injection because, although it has the flag 0x1000 for Hardened Runtime, it has the com.apple.security.cs.disable-library-validation and...
CVE-2021-41531
NLnet Labs Routinator prior to 0.10.0 produces invalid RTR payload if an RPKI CA uses too large values in the max-length parameter in a ROA. This will lead to RTR clients such as routers to reject the RPKI data set, effectively disabling Route Origin Validation...
GO-2020-0049 Improper input validation in github.com/justinas/nosurf
Due to improper validation of caller input, validation is silently disabled if the provided expected token is malformed, causing any user supplied token to be considered valid...
CVE-2020-27192
BinaryNights ForkLift 3.4 was compiled with the com.apple.security.cs.disable-library-validation flag enabled which allowed a local attacker to inject code into ForkLift. This would allow the attacker to run malicious code with escalated privileges through ForkLift's helper tool...
PT-2020-3435 · Palo Alto Networks · Prisma Access +5
Name of the Vulnerable Software and Affected Versions: Palo Alto Networks PAN-OS versions prior to 9.1.3 Palo Alto Networks PAN-OS versions prior to 9.0.9 Palo Alto Networks PAN-OS versions prior to 8.1.15 Palo Alto Networks PAN-OS 8.0 EOL Description: When Security Assertion Markup Language SAML...
PT-2019-11777 · Jenkins · Jenkins Codefresh Integration Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Codefresh Integration Plugin versions 1.8 and earlier Description: The issue concerns the Jenkins Codefresh Integration Plugin, which unconditionally disables SSL/TLS certificate validation for the entire Jenkins controller JVM. This...
UBUNTU-CVE-2014-0191
The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitution or validation i...
PT-2013-1519 · Red Hat · Red Hat Enterprise Virtualization Manager
Name of the Vulnerable Software and Affected Versions: Red Hat Enterprise Virtualization Manager RHEV-M versions prior to 3.1 Description: The issue concerns the use of the -k curl parameter by the vds installer when adding a host, which prevents SSL certificates from being validated. This allows...