15 matches found
EUVD-2021-1685
Malware in sbrugna...
containers crate before for Rust 资源管理错误漏洞
Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in Rust prior to 0.9.11, which stems from double line deletion by a util::mutate,mutate2 when panic occurs. No details of the vulnerability are provided at this time...
CloudBees Jenkins Git Parameter plugin cross-site scripting vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . A cross-site scripting vulnerability exists in the Git Parameter plugin 0.9.11 and earlier versions in CloudBees Jenkins. The vulnerability stems from the failure...
CloudBees Jenkins Git Parameter plugin cross-site scripting vulnerability (CNVD-2020-11651)
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . A cross-site scripting vulnerability exists in the Git Parameter plugin 0.9.11 and earlier versions in CloudBees Jenkins. The vulnerability stems from the failure...
PT-2020-15320 · Jenkins · Jenkins Git Parameter Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Git Parameter Plugin versions 0.9.11 and earlier Description: The issue results in a stored cross-site scripting vulnerability. This is exploitable by users with Job/Configure permission. The vulnerability occurs because the default...
Unspecified vulnerability in Http-signature
Http-signature is a library that includes client and server components with the Joyent HTTP signature scheme. A security vulnerability exists in Http-signature version 0.9.11 and earlier. An attacker can exploit this vulnerability by intercepting a request and replacing the packet header name and...
CVE-2017-16005
Http-signature is a "Reference implementation of Joyent's HTTP Signature Scheme". In versions =0.9.11, http-signature signs only the header values, but not the header names. This makes http-signature vulnerable to header forgery. Thus, if an attacker can intercept a request, he can swap header...
GHSA-GJ4P-3WH3-2RMF Arbitrary file read vulnerability in yard server
lib/yard/coreext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files...
YARD Arbitrary File Read Vulnerability
YARD is a documentation generation tool for the Ruby programming language. The tool is capable of generating documentation in a variety of formats. A security vulnerability in the lib/yard/coreext/file.rb file on servers in versions of YARD prior to 0.9.11 stems from the program's failure to...
DEBIAN-CVE-2017-17042
lib/yard/coreext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files...
LibOFX Buffer Overflow Vulnerability
LibOFX is a library that allows programs to support OFX financial data bi-directional exchange command responses. A buffer overflow vulnerability exists in the label parsing feature in LibOFX version 0.9.11. An attacker can exploit this vulnerability to execute code or cause a denial of service...
PT-2017-15554 · Libofx +1 · Libofx +1
Name of the Vulnerable Software and Affected Versions: LibOFX version 0.9.11 Description: A buffer overflow issue exists in the tag parsing functionality. This can be triggered by a specially crafted OFX file, causing a write out of bounds and resulting in a buffer overflow on the stack. An...
UBUNTU-CVE-2016-9942
Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service application crash or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed leng...
PYSEC-2013-4
Multiple cross-site scripting XSS vulnerabilities in Graphite before 0.9.11 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
PT-2003-1558 · Ethereal · Ethereal
Name of the Vulnerable Software and Affected Versions: Ethereal versions 0.9.11 and earlier Description: Multiple off-by-one vulnerabilities allow remote attackers to cause a denial of service and possibly execute arbitrary code via several dissectors, including AIM, GIOP Gryphon, OSPF, PPTP,...