Skip to content

TechMedia

Header Image
Category

CRITICAL

104 Posts

Featured

Posted byWpmaster
[vm2] vm2 vulnerable to sandbox escape
Posted byWpmaster
[go.etcd.io/etcd/v3] Etcd-io Improper Authentication vulnerability
Posted byWpmaster
[github.com/sjqzhang/go-fastdfs] sjqzhang go-fastdfs vulnerable to path traversal
Posted byWpmaster
[knplabs/knp-snappy] PHAR deserialization allowing remote code execution

[org.jenkins-ci.main:jenkins-core] Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins

  • Posted inCRITICAL
  • Posted byWpmaster
  • 05/25/202212/17/2022

The agent-to-controller security subsystem limits which files on the Jenkins controller can be accessed by agent processes.
Multiple vulnerabilities in the file path filtering implementation of Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allow a…

[org.jenkins-ci.main:jenkins-core] Protection Mechanism Failure in Jenkins

  • Posted inCRITICAL
  • Posted byWpmaster
  • 05/25/202212/17/2022

Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.
References

https://nvd.nist.gov/vuln/detail/CVE-2021-21690
https://www.jenkin…

[org.jenkins-ci.main:jenkins-core] Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins

  • Posted inCRITICAL
  • Posted byWpmaster
  • 05/25/202212/17/2022

The agent-to-controller security subsystem limits which files on the Jenkins controller can be accessed by agent processes.
Multiple vulnerabilities in the file path filtering implementation of Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allow a…

[org.jenkins-ci.main:jenkins-core] Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins

  • Posted inCRITICAL
  • Posted byWpmaster
  • 05/25/202212/17/2022

The agent-to-controller security subsystem limits which files on the Jenkins controller can be accessed by agent processes.
Multiple vulnerabilities in the file path filtering implementation of Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allow a…

[org.jenkins-ci.main:jenkins-core] Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins

  • Posted inCRITICAL
  • Posted byWpmaster
  • 05/25/202212/24/2022

The agent-to-controller security subsystem limits which files on the Jenkins controller can be accessed by agent processes.
Multiple vulnerabilities in the file path filtering implementation of Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allow a…

[org.jenkins-ci.main:jenkins-core] Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins

  • Posted inCRITICAL
  • Posted byWpmaster
  • 05/25/202212/17/2022

The agent-to-controller security subsystem limits which files on the Jenkins controller can be accessed by agent processes.
Multiple vulnerabilities in the file path filtering implementation of Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allow a…

[linux-cmdline] linux-cmdline is vulnerable to Prototype Pollution via the constructor

  • Posted inCRITICAL
  • Posted byWpmaster
  • 05/25/202212/06/2022

The package linux-cmdline is a parser for Linux kernel command line arguments. Versions before 1.0.1 are vulnerable to Prototype Pollution via the constructor.
References

https://nvd.nist.gov/vuln/detail/CVE-2020-7704
https://github.com/piranna/linux-…

[omniauth-weibo-oauth2] omniauth-weibo-oauth2 included a code-execution backdoor inserted by a third party

  • Posted inCRITICAL
  • Posted byWpmaster
  • 05/25/202201/27/2023

The omniauth-weibo-oauth2 gem 0.4.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Versions through 0.4.5, and 0.5.1 and later, are unaffected.
References

https://nvd.nist.gov/vuln/detail/CVE-20…

[papercrop] papercrop does not properly handle crop input

  • Posted inCRITICAL
  • Posted byWpmaster
  • 05/25/202201/25/2023

The papercrop gem before 0.3.0 for Ruby on Rails does not properly handle crop input.
References

https://nvd.nist.gov/vuln/detail/CVE-2015-2784
https://github.com/rsantamaria/papercrop/commit/b4ecd95debaf0a8712bd1d34def83f41fc6b3579
https://github.com…

[DotNetCasClient] Jasig Java CAS Client, .NET CAS Client, and phpCAS contain URL parameter injection vulnerability

  • Posted inCRITICAL
  • Posted byWpmaster
  • 05/18/202201/10/2023

A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrar…

Posts navigation

Previous Posts 1 … 7 8 9 10 11 Next Posts
TechMedia
WordPress theme by componentz

Archives

2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
Hit enter to search or ESC to close