| Page(s) : 1 ... 32 33 34 35 36 37 38 39 40 41 [42] 43 44 45 46 47 48 49 50 51 52 ... | Result(s) : 175953 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| 5.4 | 2020-09-16 | CVE-2020-2262 | cve | Jenkins Android Lint Plugin 2.6 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by att... |
| 8.8 | 2020-09-16 | CVE-2020-2261 | cve | Jenkins Perfecto Plugin 1.17 and earlier executes a command on the Jenkins controller, allowing attackers with Job/Configure permission to run arbitrary commands on the Jenkins ... |
| 4.3 | 2020-09-16 | CVE-2020-2260 | cve | A missing permission check in Jenkins Perfecto Plugin 1.17 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-... |
| 5.4 | 2020-09-16 | CVE-2020-2259 | cve | Jenkins computer-queue-plugin Plugin 1.5 and earlier does not escape the agent name in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by at... |
| 4.3 | 2020-09-16 | CVE-2020-2258 | cve | Jenkins Health Advisor by CloudBees Plugin 3.2.0 and earlier does not correctly perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission t... |
| 5.4 | 2020-09-16 | CVE-2020-2257 | cve | Jenkins Validating String Parameter Plugin 2.4 and earlier does not escape various user-controlled fields, resulting in a stored cross-site scripting (XSS) vulnerability exploit... |
| 5.4 | 2020-09-16 | CVE-2020-2256 | cve | Jenkins Pipeline Maven Integration Plugin 3.9.2 and earlier does not escape the upstream job's display name shown as part of a build cause, resulting in a stored cross-site... |
| 4.3 | 2020-09-16 | CVE-2020-2255 | cve | A missing permission check in Jenkins Blue Ocean Plugin 1.23.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. |
| 6.5 | 2020-09-16 | CVE-2020-2254 | cve | Jenkins Blue Ocean Plugin 1.23.2 and earlier provides an undocumented feature flag that, when enabled, allows an attacker with Job/Configure or Job/Create permission to read arb... |
| 4.8 | 2020-09-16 | CVE-2020-2253 | cve | Jenkins Email Extension Plugin 2.75 and earlier does not perform hostname validation when connecting to the configured SMTP server. |
| 4.8 | 2020-09-16 | CVE-2020-2252 | cve | Jenkins Mailer Plugin 1.32 and earlier does not perform hostname validation when connecting to the configured SMTP server. |
| 7.5 | 2020-09-16 | CVE-2020-1748 | cve | A flaw was found in all supported versions before wildfly-elytron-1.6.8.Final-redhat-00001, where the WildFlySecurityManager checks were bypassed when using custom security mana... |
| 5.3 | 2020-09-16 | CVE-2020-1710 | cve | The issue appears to be that JBoss EAP 6.4.21 does not parse the field-name in accordance to RFC7230[1] as it returns a 200 instead of a 400. |
| 7.1 | 2020-09-16 | CVE-2020-14393 | cve | A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecti... |
| 7.8 | 2020-09-16 | CVE-2020-14382 | cve | A vulnerability was found in upstream release cryptsetup-2.2.0 where, there's a bug in LUKS2 format validation code, that is effectively invoked on every device/image prese... |
| 9.8 | 2020-09-16 | CVE-2020-14315 | cve | A memory corruption vulnerability is present in bspatch as shipped in Colin Percival’s bsdiff tools version 4.3. Insufficient checks when handling external inputs allows an atta... |
| 7.5 | 2020-09-16 | CVE-2020-10758 | cve | A vulnerability was found in Keycloak before 11.0.1 where DoS attack is possible by sending twenty requests simultaneously to the specified keycloak server, all with a Content-L... |
| 7.3 | 2020-09-16 | CVE-2020-10733 | cve | The Windows installer for PostgreSQL 9.5 - 12 invokes system-provided executables that do not have fully-qualified paths. Executables in the directory where the installer loads ... |
| 7.5 | 2020-09-16 | CVE-2014-10402 | cve | An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in t... |
| 10 | 2020-09-16 | VU#490028 | VU-CERT | Microsoft Windows Netlogon Remote Protocol (MS-NRPC) uses insecure AES-CFB8 initialization vector |
| Page(s) : 1 ... 32 33 34 35 36 37 38 39 40 41 [42] 43 44 45 46 47 48 49 50 51 52 ... | Result(s) : 175953 |
