github

Deserialization of Untrusted Data in Jenkins

Jenkins before versions 2.44, 2.32.2 is vulnerable to a remote code execution vulnerability involving the deserialization of various types in javax.imageio in XStream-based APIs...

6.5 CVSS

2022-05-13T01:36:54

osv

Deserialization of Untrusted Data in Jenkins

Jenkins before versions 2.44, 2.32.2 is vulnerable to a remote code execution vulnerability involving the deserialization of various types in javax.imageio in XStream-based APIs...

6.5 CVSS

2022-05-13T01:36:54

redhatcve

CVE-2020-26259

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling. The vulnerability may allow a remote attacker to delete arbitrary know files on the host as log as the executing...

7.5 CVSS

2020-12-17T20:48:46

redhatcve

CVE-2020-26258

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are not publicly...

7.5 CVSS

2020-12-17T20:48:37

redhatcve

CVE-2020-26217

A flaw was found in xstream. An unsafe deserialization of user-supplied XML, in conjunction with relying on the default deny list, allows a remote attacker to perform a variety of attacks including a remote code execution of arbitrary code in the context of the JVM running the XStream application....

9.3 CVSS

2020-11-18T10:26:26

oracle

Oracle Critical Patch Update Advisory - January 2020

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches are usually cumulative, but each advisory describes only the security patches added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be...

10.0 CVSS

2020-01-14T00:00:00

nessus

SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2600-1)

This update for the Linux Kernel 4.4.180-94_100 fixes several issues. The following security issues were fixed : CVE-2019-14835: A buffer overflow flaw was found in the way vhost functionality, that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged...

7.5 CVSS

2019-10-09T00:00:00

oracle

Oracle Critical Patch Update Advisory - April 2019

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories...

10.0 CVSS

2019-04-16T00:00:00

oracle

Oracle Critical Patch Update - April 2019

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories...

10.0 CVSS

2019-04-16T00:00:00

cve

CVE-2017-2608

Jenkins before versions 2.44, 2.32.2 is vulnerable to a remote code execution vulnerability involving the deserialization of various types in javax.imageio in XStream-based APIs...

6.5 CVSS

2018-05-15T20:29:00

ubuntucve

CVE-2017-2608

Jenkins before versions 2.44, 2.32.2 is vulnerable to a remote code execution vulnerability involving the deserialization of various types in javax.imageio in XStream-based APIs...

6.5 CVSS

2018-05-15T00:00:00

impervablog

Deserialization Attacks Surge Motivated by Illegal Crypto-mining

Imperva’s research group is constantly monitoring new web application vulnerabilities. In doing so, we’ve noticed at least four major insecure deserialization vulnerabilities that were published in the past year. Our analysis shows that, in the past three months, the number of deserialization...

10.0 CVSS

2018-01-24T17:45:08

oracle

Oracle Critical Patch Update - January 2018

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories...

10.0 CVSS

2018-01-16T00:00:00

oracle

Oracle Critical Patch Update - January 2018

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories...

10.0 CVSS

2018-01-16T00:00:00

ubuntucve

CVE-2016-10270

LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 8" and libtiff/tif_read.c:523:22. Bugs ...

6.8 CVSS

2017-03-24T00:00:00

openvas

Jenkins Multiple Vulnerabilities - Feb17 (Windows)

This host is installed with Jenkins and is prone to multiple vulnerabilities. ############################################################################### OpenVAS Vulnerability Test Jenkins Multiple Vulnerabilities - Feb17 (Windows) Authors: Christian Fischer...

6.5 CVSS

2017-03-13T00:00:00

openvas

Jenkins Multiple Vulnerabilities - Feb17 (Linux)

This host is installed with Jenkins and is prone to multiple vulnerabilities. ############################################################################### OpenVAS Vulnerability Test Jenkins Multiple Vulnerabilities - Feb17 (Linux) Authors: Christian Fischer christian.fischer@greenbone.net ...

6.5 CVSS

2017-03-13T00:00:00

nessus

Jenkins < 2.44 / 2.32.x < 2.32.2, Jenkins Operations Center < 1.625.22.1 / 2.7.22.0.1 / 2.32.2.1, and Jenkins Enterprise < 1.651.22.1 / 2.7.22.0.1 / 2.32.2.1 Multiple Vulnerabilities

The remote web server hosts a version of Jenkins that is prior to 2.44, or a version of Jenkins LTS prior to 2.32.2, or else a version of Jenkins Operations Center that is 1.625.x.y prior to 1.625.22.1, 2.7.x.0.y prior to 2.7.22.0.1, or 2.x.y.x prior to 2.32.2.1, or else a version of Jenkins...

6.5 CVSS

2017-03-08T00:00:00

hackerone

ownCloud: Outdated Jenkins server hosted at OwnCloud.org

Summary: The target OwnCloud's server is running an outdated version of Jenkins server which is vulnerable to various attacks. Server Location: https://ci.owncloud.org Vulnerable Software: Jenkins ver. 2.27 Proof of Exploitability CVE-2016-3727 POC URL:...

2017-02-24T08:22:00

seebug

Jenkins remote code execution vulnerability (CVE-2017-2608)

No description provided by...

2017-02-06T00:00:00