Security
Headlines
HeadlinesLatestCVEs

Tag

#maven

CVE-2020-8913: Google Play Core libraries release notes  |  Android Developers

A local, arbitrary code execution vulnerability exists in the SplitCompat.install endpoint in Android's Play Core Library versions prior to 1.7.2. A malicious attacker could create an apk which targets a specific application, and if a victim were to install this apk, the attacker could perform a directory traversal, execute code as the targeted application and access the targeted application's data on the Android device. We recommend all users update Play Core to version 1.7.2 or later.

CVE
Open in Source
#vulnerability#ios#android#windows#google#java#oracle#sap#maven#kotlin
CVE-2020-2163: Jenkins Security Advisory 2020-03-25

Jenkins 2.227 and earlier, LTS 2.204.5 and earlier improperly processes HTML content of list view column headers, resulting in a stored XSS vulnerability exploitable by users able to control column headers.

CVE-2020-2169: Jenkins Security Advisory 2020-03-25

A form validation endpoint in Jenkins Queue cleanup Plugin 1.3 and earlier does not properly escape a query parameter displayed in an error message, resulting in a reflected XSS vulnerability.

CVE-2020-2170: Jenkins Security Advisory 2020-03-25

Jenkins RapidDeploy Plugin 4.2 and earlier does not escape package names in the table of packages obtained from a remote server, resulting in a stored XSS vulnerability.

CVE-2014-0234: Red Hat Customer Portal - Access to 24x7 support and knowledge

The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of "mooo" for a Mongo account, which allows remote attackers to hijack the broker by providing this password, related to the openshift.sh script in Openshift Extras before 20130920. NOTE: this may overlap CVE-2013-4253 and CVE-2013-4281.

CVE-2019-16564: Jenkins Security Advisory 2019-12-17

Jenkins Pipeline Aggregator View Plugin 1.8 and earlier does not escape information shown on its view, resulting in a stored XSS vulnerability exploitable by attackers able to affects view content such as job display name or pipeline stage names.

CVE-2019-16562: Jenkins Security Advisory 2019-12-17

Jenkins buildgraph-view Plugin 1.8 and earlier does not escape the description of builds shown in its view, resulting in a stored XSS vulnerability exploitable by users able to change build descriptions.

CVE-2019-16563: Jenkins Security Advisory 2019-12-17

Jenkins Mission Control Plugin 0.9.16 and earlier does not escape job display names and build names shown on its view, resulting in a stored XSS vulnerability exploitable by attackers able to change these properties.

CVE-2019-17359: bouncycastle.org

The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64.

CVE-2019-15052: [DISCUSSION] CVE-2019-15052: Repository authentication sent to server of HTTP redirection response · Issue #10278 · gradle/gradle

The HTTP client in Gradle before 5.6 sends authentication credentials originally destined for the configured host. If that host returns a 30x redirect, Gradle also sends those credentials to all subsequent hosts that the request redirects to. This is similar to CVE-2018-1000007.