Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2022-36921: Jenkins Security Advisory 2022-07-27

A missing permission check in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

CVE
Open in Source
#xss#csrf#vulnerability#web#android#google#git#java#auth#ssh#rpm#maven
CVE-2022-36887: Jenkins Security Advisory 2022-07-27

A cross-site request forgery (CSRF) vulnerability in Jenkins Job Configuration History Plugin 1155.v28a_46a_cc06a_5 and earlier allows attackers to delete entries from job, agent, and system configuration history, or restore older versions of job, agent, and system configurations.

CVE-2022-36914: Jenkins Security Advisory 2022-07-27

Jenkins Files Found Trigger Plugin 1.5 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.

CVE-2022-36897: Jenkins Security Advisory 2022-07-27

A missing permission check in Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins.

CVE-2022-24406: Full Disclosure: Open-Xchange Security Advisory 2022-07-21

OX App Suite through 7.10.6 allows SSRF because multipart/form-data boundaries are predictable, and this can lead to injection into internal Documentconverter API calls.

CVE-2022-34549: CWE-434: Unrestricted Upload of File with Dangerous Type (4.8)

Sims v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /uploadServlet. This vulnerability allows attackers to escalate privileges and execute arbitrary commands via a crafted file.

CVE-2022-34550: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') · Issue #8 · rawchen/sims

Sims v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /addNotifyServlet. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the notifyInfo parameter.

Open-Xchange issues fixes for RCE, SSRF bugs in OX App Suite

Security release also includes precautionary patches for potential Log4j-like flaw in Logback library

Taking the Risk-Based Approach to Vulnerability Patching

Software vulnerabilities are a major threat to organizations today. The cost of these threats is significant, both financially and in terms of reputation.Vulnerability management and patching can easily get out of hand when the number of vulnerabilities in your organization is in the hundreds of thousands of vulnerabilities and tracked in inefficient ways, such as using Excel spreadsheets or

CVE-2022-36880: Webmin

The Read Mail module in Webmin 1.995 and Usermin through 1.850 allows XSS via a crafted HTML e-mail message.