In Pallets Werkzeug before 0.15.5, SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames.
References
https://nvd.nist.gov/vuln/detail/CVE-2019-14322
https://palletsprojects.com/blog/werkzeug-0-15-5-released/
http://packetstorms…
A stored cross site scripting vulnerability in Jenkins Dependency Graph Viewer Plugin 0.13 and earlier allowed attackers able to configure jobs in Jenkins to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins.
References
…
A reflected cross site scripting vulnerability in Jenkins Embeddable Build Status Plugin 2.0.1 and earlier allowed attackers inject arbitrary HTML and JavaScript into the response of this plugin.
References
https://nvd.nist.gov/vuln/detail/CVE-2019-10…
A cross-site request forgery vulnerability in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs o…
HTML Injection has been discovered in the v0.19.0 version of the Fat Free CRM product via an authenticated request to the /comments URI.
References
https://nvd.nist.gov/vuln/detail/CVE-2019-10226
http://packetstormsecurity.com/files/152263/Fat-Free-CR…
「ユニクロ(UNIQLO)」とイタリアンブランド「マルニ(MARNI)」の初コラボレーションコレクシ…
新たなセキュリティ機能で対応ホスト機器のブート、セキュアなデータ管理と「保守修理規則」対応 カリフォ…
デンマーク コペンハーゲン発のプレミアムゲーミングオーディオブランド「EPOS」配信用のマイクやフル…
ゲームをプレイする際に音は非常に重要な要素の1つです。しかしオーディオの世界は青天井で、突き詰めてい…
A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrar…
