492 matches found
The vulnerability of the Continuous Integration and Deployment Application Delivery system (CI/CD) of JetBrains TeamCity lies in the redirection of URLs to an unreliable website, allowing attackers to redirect users to arbitrary URL addresses.
The vulnerability of the Continuous Integration and Deployment application delivery system CI/CD of TeamCity in JetBrains is related to the redirection of URLs to an unreliable website during the editing of the VCS root page. Exploiting this vulnerability could allow a malicious actor to redirect...
CVE-2025-47854
In JetBrains TeamCity before 2025.03.2 open redirect was possible on editing VCS Root page...
CVE-2025-47854
In JetBrains TeamCity before 2025.03.2 open redirect was possible on editing VCS Root page...
CVE-2025-47854
In JetBrains TeamCity before 2025.03.2 open redirect was possible on editing VCS Root page...
CVE-2025-47854
JetBrains TeamCity has a CVE-2025-47854 open redirect vulnerability in versions prior to 2025.03.2, triggered when editing the VCS Root page due to improper handling of the destination jump (input validation issue). Affected product: JetBrains TeamCity (CI/CD server). Impact is open redirect; exp...
CVE-2025-47854
In JetBrains TeamCity before 2025.03.2 open redirect was possible on editing VCS Root page...
PT-2025-27988
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved. The issue is related to the vgacon scroll function, where a check for the vc origin address range has been added. The vulnerabili...
CVE-2025-32021
CVE-2025-32021 concerns Weblate before 5.11, where creating a new component from an existing one could leak VCS credentials. If the source repository URL is present in settings, that URL is carried in client URL parameters during creation; credentials such as GitHub PATs and usernames could appea...
CVE-2025-32021 Weblate VCS credentials included in URL parameters are potentially logged and saved into browser history as plaintext
Weblate is a web based localization tool. Prior to version 5.11, when creating a new component from an existing component that has a source code repository URL specified in settings, this URL is included in the client's URL parameters during the creation process. If, for example, the source code...
CVE-2025-32021 Weblate VCS credentials included in URL parameters are potentially logged and saved into browser history as plaintext
Weblate is a web based localization tool. Prior to version 5.11, when creating a new component from an existing component that has a source code repository URL specified in settings, this URL is included in the client's URL parameters during the creation process. If, for example, the source code...
GHSA-M67M-3P5G-CW9J VCS credentials included in URL parameters are potentially logged and saved into browser history as plaintext
Summary When creating a new component from an existing component that has a source code repository URL specified in settings, this URL is included in the client's URL parameters during the creation process. If, for example, the source code repository URL contains GitHub credentials, the...
VCS credentials included in URL parameters are potentially logged and saved into browser history as plaintext
Summary When creating a new component from an existing component that has a source code repository URL specified in settings, this URL is included in the client's URL parameters during the creation process. If, for example, the source code repository URL contains GitHub credentials, the...
CVE-2023-52973 vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF
In the Linux kernel, the following vulnerability has been resolved: vcscreen: move load of struct vcdata pointer in vcsread to avoid UAF After a call to consoleunlock in vcsread the vcdata struct can be freed by vcdeallocate. Because of that, the struct vcdata pointer load must be done at the top...
CVE-2023-52973
The CVE-2023-52973 issue affects the Linux kernel’s vc_screen path (vt/vc_screen.c). Root cause: a use-after-free of vc_data after console_unlock() in vcs_read(), where the vc_data pointer was loaded inside the loop, allowing a UAF in vcs_size(). The bug was fixed by moving the vc_data load to th...
Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities
Summary IBM Guardium Data Security Center has addressed these vulnerabilities with an update Vulnerability Details CVEID:CVE-2019-20916 DESCRIPTION: pypa pip package for python could allow a remote attacker to traverse directories on the system, caused by a flaw when installing package via a...
CVE-2022-20814
A vulnerability in the certificate validation of Cisco Expressway-C and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability is due to a lack of validation of the SSL server certificate that an affected device...
PT-2025-28646
Name of the Vulnerable Software and Affected Versions: Go versions prior to 1.24.5 Go versions prior to 1.23.11 Description: The issue concerns unexpected command execution in untrusted VCS repositories when using the Go toolchain. This can occur when the toolchain is used in directories fetched...
CVE-2024-50175
In the Linux kernel, the following vulnerability has been resolved: media: qcom: camss: Remove usecount guard in stopstreaming The usecount check was introduced so that multiple concurrent Raw Data Interfaces RDIs could be driven by different virtual channels VCs on the CSIPHY input driving the...
CVE-2022-20853
A vulnerability in the REST API of Cisco Expressway Series and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management...
CVE-2022-20814
A vulnerability in the certificate validation of Cisco Expressway-C and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability is due to a lack of validation of the SSL server certificate that an affected device...