Cross site scripting

Jenkins HTML Publisher Plugin 1.32 and earlier does not escape job names, report names, and index page titles shown as part of the report frame, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

Cross site scripting

Jenkins HTML Publisher Plugin 1.16 through 1.32 both inclusive does not properly sanitize input, allowing attackers with Item/Configure permission to implement cross-site scripting XSS attacks and to determine whether a path on the Jenkins controller file system exists...

Design/Logic Flaw

Jenkins AppSpider Plugin 1.0.16 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about available scan config names, engine group names, and client names...

Cross site scripting

A vulnerability in the web-based management interface of Cisco AppDynamics Controller could allow an authenticated, remote attacker to perform a reflected cross-site scripting XSS attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of...

Cross site scripting

Jenkins iceScrum Plugin 1.1.6 and earlier does not sanitize iceScrum project URLs on build views, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to configure jobs...

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting future build step executions...

Authentication flaw

A vulnerability in Cisco Duo Authentication for Windows Logon and RDP could allow an authenticated, physical attacker to bypass secondary authentication and access an affected Windows device. This vulnerability is due to a failure to invalidate locally created trusted sessions after a reboot of t...

Input validation

In Jenkins Delphix Plugin 3.0.1 through 3.1.0 both inclusive a global option for administrators to enable or disable SSL/TLS certificate validation for Data Control Tower DCT connections fails to take effect until Jenkins is restarted when switching from disabled validation to enabled validation...

Information disclosure

A missing permission check in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers with Item/Read permission to trigger a build...

Command injection

A vulnerability in the web-based management interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform command injection attacks against an affected device. In order to exploit this vulnerability, the attacker must have valid...

Design/Logic Flaw

In JetBrains TeamCity between 2023.11 and 2023.11.4 custom build parameters of the "password" type could be disclosed...

Design/Logic Flaw

A missing permission check in an HTTP endpoint in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting futu...

Buffer overflow

A vulnerability in the web-based user interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform buffer overflow attacks against an affected device. In order to exploit this vulnerability, the attacker must have valid...

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers to trigger a build...

Cross site scripting

Jenkins Build Monitor View Plugin 1.14-860.vd06ef2568b3f and earlier does not escape Build Monitor View names, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to configure Build Monitor Views...

Cross site scripting

Jenkins GitBucket Plugin 0.8 and earlier does not sanitize Gitbucket URLs on build views, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to configure jobs...

Directory traversal

A vulnerability in the file upload functionality of Cisco AppDynamics Controller could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this...

Design/Logic Flaw

Jenkins HTML Publisher Plugin 1.32 and earlier archives invalid symbolic links in report directories on agents and recreates them on the controller, allowing attackers with Item/Configure permission to determine whether a path on the Jenkins controller file system exists, without being able to...

Default credentials

Jenkins MQ Notifier Plugin 1.4.0 and earlier logs potentially sensitive build parameters as part of debug information in build logs by default...

Default credentials

In Jenkins Delphix Plugin 3.0.1, a global option for administrators to enable or disable SSL/TLS certificate validation for Data Control Tower DCT connections is disabled by default...

Cross site scripting

Jenkins OWASP Dependency-Check Plugin 5.4.5 and earlier does not escape vulnerability metadata from Dependency-Check reports, resulting in a stored cross-site scripting XSS vulnerability...

Code injection

In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plugin were authorized improperly...

Design/Logic Flaw

In Jenkins Bitbucket Branch Source Plugin 866.vdea7dcd3008e and earlier, except 848.850.v6aa2a234ac81, when discovering pull requests from forks, the trust policy "Forks in the same account" allows changes to Jenkinsfiles from users without write access to the project when using Bitbucket Server...

Input validation

A vulnerability in the logging component of Cisco Duo Authentication for Windows Logon and RDP could allow an authenticated, local attacker to view sensitive information in clear text on an affected system. This vulnerability is due to improper storage of an unencrypted registry key in certain...

Crlf injection

A vulnerability in the SAML authentication process of Cisco Secure Client could allow an unauthenticated, remote attacker to conduct a carriage return line feed CRLF injection attack against a user. This vulnerability is due to insufficient validation of user-supplied input. An attacker could...

Code injection

A vulnerability in the ISE Posture System Scan module of Cisco Secure Client for Linux could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to the use of an uncontrolled search path element. An attacker could exploit this vulnerabilit...

Design/Logic Flaw

In Apache Linkis =1.4.0, The password is printed to the log when using the Oracle data source of the Linkis data source module. We recommend users upgrade the version of Linkis to version 1.5.0...

Design/Logic Flaw

This vulnerability exists in AppSamvid software due to the usage of a weaker cryptographic algorithm hash SHA1 in user login component. An attacker with local administrative privileges could exploit this to obtain the password of AppSamvid on the targeted system. Successful exploitation of this...

Design/Logic Flaw

This vulnerability exists in AppSamvid software due to the usage of vulnerable and outdated components. An attacker with local administrative privileges could exploit this by placing malicious DLLs on the targeted system. Successful exploitation of this vulnerability could allow the attacker to...

Design/Logic Flaw

This vulnerability exists in USB Pratirodh due to the usage of a weaker cryptographic algorithm hash SHA1 in user login component. A local attacker with administrative privileges could exploit this vulnerability to obtain the password of USB Pratirodh on the targeted system. Successful exploitati...

Privilege escalation

In Blue Planet® products through 22.12, a misconfiguration in the SAML implementation allows for privilege escalation. Only products using SAML authentication are affected. Blue Planet® has released software updates that address this vulnerability for the affected products. Customers are advised ...

Deserialization of untrusted data

Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.8.0 through 1.10.0, the attackers can use the specific payload to read from an arbitrary file. Users are advised to upgrade to Apache InLong's 1.11.0 or cherry-pick 1 to solve it. 1...

Cross site scripting

Cross-Site Scripting stored vulnerability in Gophish affecting version 0.12.1. This vulnerability could allow an attacker to store a malicious JavaScript payload in the campaign menu and trigger the payload when the campaign is removed from the menu...

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree Syzkaller reported the following issue: UBSAN: array-index-out-of-bounds in fs/jfs/jfsdmap.c:2867:6 index 196694 is out of range for type 's81365' aka 'signed char1365' CPU: 1...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: s390/ptrace: handle setting of fpc register correctly If the content of the floating point control fpc register of a traced process is modified with the ptrace interface the new value is tested for validity by temporarily loading...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to tag gcing flag on page during block migration It needs to add missing gcing flag on page during block migration, in order to garantee migrated data be persisted during checkpoint, otherwise out-of-order persistency...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: KVM: s390: fix setting of fpc register kvmarchvcpuioctlsetfpu allows to set the floating point control fpc register of a guest cpu. The new value is tested for validity by temporarily loading it into the fpc register. This may le...

Null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: ACPI: extlog: fix NULL pointer dereference check The gcc plugin -fanalyzer 1 tries to detect various patterns of incorrect behaviour. The tool reports: drivers/acpi/acpiextlog.c: In function ‘extlogexit’:...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: spmi: mediatek: Fix UAF on device remove The pmif driver data that contains the clocks is allocated along with spmicontroller. On device remove, spmicontroller will be freed first, and then devres , including the clocks, will be...

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in dbAdjTree Currently there is a bound check missing in the dbAdjTree while accessing the dmtstree. To add the required check added the bool isctl which is required to determine the size as...

Null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: ipmr: fix kernel panic when forwarding mcast packets The stacktrace was: 86.305548 BUG: kernel NULL pointer dereference, address: 0000000000000092 86.306815 PF: supervisor read access in kernel mode 86.307717 PF: errorcode0x0000 ...

Null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: powerpc/mm: Fix null-pointer dereference in pgtablecacheadd kasprintf returns a pointer to dynamically allocated memory which can be NULL upon failure. Ensure the allocation was successful by checking the pointer validity...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: ceph: fix deadlock or deadcode of misusing dget The lock order is incorrect between denty and its parent, we should always make sure that the parent get the lock first. But since this deadcode is never used and the parent dir wil...

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: UBSAN: array-index-out-of-bounds in dtSplitRoot Syzkaller reported the following issue: oop0: detected capacity change from 0 to 32768 UBSAN: array-index-out-of-bounds in fs/jfs/jfsdtree.c:1971:9 index -2 is out of range for type...

Out-of-bounds

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9khtctxstatus Fix an array-index-out-of-bounds read in ath9khtctxstatus. The bug occurs when txs-cnt, data from a URB provided by a USB device, is bigger than the si...

Null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: wifi: wfx: fix possible NULL pointer dereference in wfxsetmfpap Since 'ieee80211beaconget' can return NULL, 'wfxsetmfpap' should check the return value before examining skb data. So convert the latter to return an appropriate err...

Stack overflow

In the Linux kernel, the following vulnerability has been resolved: powerpc/lib: Validate size for vector operations Some of the fp/vmx code in sstep.c assume a certain maximum size for the instructions being emulated. The size of those operations however is determined separately in analyseinstr...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: scsi: core: Move scsihostbusy out of host lock for waking up EH handler Inside scsiehwakeup, scsihostbusy is called & checked with host lock every time for deciding if error handler kthread needs to be waken up. This can be too...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix possible NULL dereference in amdgpurasqueryerrorstatushelper Return invalid error code -EINVAL for invalid block id. Fixes the below: drivers/gpu/drm/amd/amdgpu/amdgpuras.c:1183 amdgpurasqueryerrorstatushelper...

Open redirect

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...