13 results (0.013 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

Jenkins CVS Plugin 2.19 and earlier does not escape the name and description of CVS Symbolic Name parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. El plugin Jenkins CVS versiones 2.19 y anteriores, no escapa del nombre y la descripción de los parámetros CVS Symbolic Name en las visualizaciones que muestran parámetros, resultando en una vulnerabilidad de scripting cruzado (XSS) almacenada que puede ser explotada por atacantes con permiso Item/Configure • https://www.jenkins.io/security/advisory/2022-04-12/#SECURITY-2617 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Jenkins CVS Plugin versiones 2.16 y anteriores, no configuran su analizador XML para impedir ataques de tipo XML external entity (XXE) • http://www.openwall.com/lists/oss-security/2020/12/03/2 https://www.jenkins.io/security/advisory/2020-12-03/#SECURITY-2146 • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0

Heap-based buffer overflow in the proxy_connect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP response. Desbordamiento de búfer basado en memoria dinámica en la funcion proxy_connect en src/client.c en CVS v1.11 y v1.12 permite a los servidores proxy HTTP remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de una respuesta HTTP manipulada. • http://lists.opensuse.org/opensuse-updates/2012-02/msg00064.html http://rhn.redhat.com/errata/RHSA-2012-0321.html http://secunia.com/advisories/47869 http://secunia.com/advisories/48063 http://secunia.com/advisories/48142 http://secunia.com/advisories/48150 http://ubuntu.com/usn/usn-1371-1 http://www.debian.org/security/2012/dsa-2407 http://www.mandriva.com/security/advisories?name=MDVSA-2012:044 http://www.osvdb.org/78987 http://www.securityfocus.com/bid/51943 h • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •

CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0

Array index error in the apply_rcs_change function in rcs.c in CVS 1.11.23 allows local users to gain privileges via an RCS file containing crafted delta fragment changes that trigger a heap-based buffer overflow. Error de índice de array en la función apply_rcs_change de rcs.c de CVS v1.11.23 permite a usuarios locales aumentar sus privilegios mediante un fichero RCS que contenga cambios en un fragmento delta manipulado que provoquen un desbordamiento de búfer basado en memoria dinámica (heap). • http://cvs.savannah.gnu.org/viewvc/cvs/ccvs/src/rcs.c?r1=1.262.4.65&r2=1.262.4.66&sortby=rev http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050212.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050287.html http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050090.html http://secunia.com/advisories/41079 http://secunia.com/advisories/42041 http://secunia.com/advisories/42409 http://www.osvdb.org/68952 http: • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •

CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 0

CVS 1.12 and earlier on Debian GNU/Linux, when using the repouid patch, allows remote attackers to bypass authentication via the pserver access method. • http://www.debian.org/security/2005/dsa-715 •