Security
Headlines
HeadlinesLatestCVEs

Tag

#js

CVE-2022-30769: Releases · ZoneMinder/zoneminder

Session fixation exists in ZoneMinder through 1.36.12 as an attacker can poison a session cookie to the next logged-in user.

CVE
#xss#csrf#web#ubuntu#js#git#java#php#c++#perl#auth
CVE-2022-24942

Heap based buffer overflow in HTTP Server functionality in Micrium uC-HTTP 3.01.01 allows remote code execution via HTTP request.

CVE-2022-45396: Jenkins Security Advisory 2022-11-15

Jenkins SourceMonitor Plugin 0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

CVE-2022-45385: Jenkins Security Advisory 2022-11-15

A missing permission check in Jenkins CloudBees Docker Hub/Registry Notification Plugin 2.6.2 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository.

CVE-2022-45379: Jenkins Security Advisory 2022-11-15

Jenkins Script Security Plugin 1189.vb_a_b_7c8fd5fde and earlier stores whole-script approvals as the SHA-1 hash of the script, making it vulnerable to collision attacks.

CVE-2022-45386: Jenkins Security Advisory 2022-11-15

Jenkins Violations Plugin 0.7.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

CVE-2022-38666: Jenkins Security Advisory 2022-11-15

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.146 and earlier unconditionally disables SSL/TLS certificate and hostname validation for several features.

CVE-2022-45399: Jenkins Security Advisory 2022-11-15

A missing permission check in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics.

CVE-2022-45391: Jenkins Security Advisory 2022-11-15

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier globally and unconditionally disables SSL/TLS certificate and hostname validation for the entire Jenkins controller JVM.

CVE-2022-45384: Jenkins Security Advisory 2022-11-15

Jenkins Reverse Proxy Auth Plugin 1.7.3 and earlier stores the LDAP manager password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system.