[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250770

 
 

909

 
 

196157

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 195419 Download | Alert*

The host is installed with Jenkins LTS through 2.235.1 or Jenkins rolling release through 2.244 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to properly handle escaping 'href' attribute of links to downstream jobs displayed in the build console page. Successful exploitation could allow attackers to cause a stored XSS vulnerability.

The host is installed with Jenkins LTS through 2.235.1 or Jenkins rolling release through 2.244 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to properly handle escaping 'href' attribute of links to downstream jobs displayed in the build console page. Successful exploitation could allow attackers to cause a stored XSS vulnerability.

Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: * nss: TLS 1.3 CCS flood remote DoS Attack For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. Bug Fix ...

Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a later upstream version: nss , nspr . Security Fix: * nss: TLS 1.3 CCS flood remote DoS Attack For mo ...

Jenkins 2.275 and LTS 2.263.2 allows reading arbitrary files using the file browser for workspaces and archived artifacts due to a time-of-check to time-of-use (TOCTOU) race condition. This issue is caused by an incorrectly applied fix for SECURITY-1452 / CVE-2021-21602 in the 2021-01-13 security advisory.

*CVE-2021-21639: Lack of type validation in agent related REST API Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not validate the type of object created after loading the data submitted to the config.xml REST API endpoint of a node. This allows attackers with Computer/Configure permission to replace a node with one of a different type. Jenkins 2.287, LTS 2.277.2 validates the type of o ...

The host is installed with Apache Log4j 2.0.x through 2.15.0 (excluding security releases 2.3.1, 2.12.2 and 2.12.3) and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle issue in the logging configuration when it uses a non-default Pattern Layout with a Context Lookup. Successful exploitation could allow attackers with control o ...

The host is installed with Apache Jena 4.4.0 or Apache Jena before 4.2.0 or and is prone to an XML external entity (XXE) vulnerability. A flaw is present in the application, which fails to properly handle the RDF/XML parser. Successful exploitation could allow an attacker to cause an external DTD to be retrieved.

dotnet-templates-8.0 is installed

netstandard-targeting-pack-2.1-8.0 is installed


Pages:      Start    10477    10478    10479    10480    10481    10482    10483    10484    10485    10486    10487    10488    10489    10490    ..   19541

© SecPod Technologies