Security
Headlines
HeadlinesLatestCVEs

Tag

#java

CVE-2022-34207: Jenkins Security Advisory 2022-06-22

A cross-site request forgery (CSRF) vulnerability in Jenkins Beaker builder Plugin 1.10 and earlier allows attackers to connect to an attacker-specified URL.

CVE
Open in Source
#xss#csrf#vulnerability#web#java#auth#maven
CVE-2022-34204: Jenkins Security Advisory 2022-06-22

A missing permission check in Jenkins EasyQA Plugin 1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server.

CVE-2022-34179: Jenkins Security Advisory 2022-06-22

Jenkins Embeddable Build Status Plugin 2.0.3 and earlier allows specifying a `style` query parameter that is used to choose a different SVG image style without restricting possible values, resulting in a relative path traversal vulnerability that allows attackers without Overall/Read permission to specify paths to other SVG images on the Jenkins controller file system.

CVE-2021-41432: Stored XSS in the Blog Content · Issue #88 · flatpressblog/flatpress

A stored cross-site scripting (XSS) vulnerability exists in FlatPress 1.2.1 that allows for arbitrary execution of JavaScript commands through blog content.

CVE-2022-33114: SQL injection vulnerability exists in JFinal CMS 5.1.0 · Issue #38 · jflyfox/jfinal_cms

Jfinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via the attrVal parameter at /jfinal_cms/system/dict/list.

Flaws in Smart Jacuzzi App Could Be Exploited To Extract Users’ Data

By Deeba Ahmed The vulnerability existed in Jacuzzi Brand LLC’s SmartTub app web interface that could reveal users’ private data to… This is a post from HackRead.com Read the original post: Flaws in Smart Jacuzzi App Could Be Exploited To Extract Users’ Data

Fancy Bear Uses Nuke Threat Lure to Exploit 1-Click Bug

The APT is pairing a known Microsoft flaw with a malicious document to load malware that nabs credentials from Chrome, Firefox and Edge browsers.

RHSA-2022:5029: Red Hat Security Advisory: Red Hat build of Eclipse Vert.x 4.2.7 security update

An update is now available for Red Hat build of Eclipse Vert.x. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. For more information, see the CVE pages listed in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36518: jackson-databind: denial of service via a large depth of nested objects * CVE-2022-25647: com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson

GHSA-qmx3-m648-hr74: Log Injection in Apache Sling Commons Log and Apache Sling API

Apache Sling Commons Log <= 5.4.0 and Apache Sling API <= 2.25.0 are vulnerable to log injection. The ability to forge logs may allow an attacker to cover tracks by injecting fake logs and potentially corrupt log files.

Microsoft 365 Users in US Face Raging Spate of Attacks

A voicemail-themed phishing campaign is hitting specific industry verticals across the country, bent on scavenging credentials that can be used for a range of nefarious purposes.