Page 130 of 871 results (0.019 seconds)

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Plugin 2.15.3 and earlier allows attackers to connect to an attacker-specified URL. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en Jenkins Subversion Plugin versiones 2.15.3 y anteriores, permite a atacantes conectarse a una URL especificada por el atacante • http://seclists.org/fulldisclosure/2022/Jul/18 https://support.apple.com/kb/HT213345 https://www.jenkins.io/security/advisory/2022-04-12/#SECURITY-2075 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0

Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags (and more) parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. El plugin Jenkins Subversion versiones 2.15.3 y anteriores, no escapan el nombre y la descripción de los parámetros de las etiquetas List Subversion (y más) en las visualizaciones que muestran parámetros, resultando en una vulnerabilidad de tipo cross-site scripting (XSS) almacenado explotable por atacantes con permiso de Item/Configure A flaw was found in the Jenkins Subversion plugin. The Jenkins subversion plugin does not escape the name and description of List Subversion tags and parameters on views displaying the parameters. This issue results in a stored Cross-site scripting (XSS) vulnerability, exploitable by attackers with Item/Configure permission. • http://seclists.org/fulldisclosure/2022/Jul/18 https://support.apple.com/kb/HT213345 https://www.jenkins.io/security/advisory/2022-04-12/#SECURITY-2617 https://access.redhat.com/security/cve/CVE-2022-29046 https://bugzilla.redhat.com/show_bug.cgi?id=2074851 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0

Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected. La función mod_dav_svn de Subversion es vulnerable a una corrupción de memoria. • http://seclists.org/fulldisclosure/2022/Jul/18 https://bz.apache.org/bugzilla/show_bug.cgi?id=65861 https://cwiki.apache.org/confluence/display/HTTPD/ModuleLife https://issues.apache.org/jira/browse/SVN-4880 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZ4ARNGLMGYBKYDX2B7DRBNMF6EH3A6R https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJPMCWCGWBN3QWCDVILWQWPC75RR67LT https://support.apple.com/kb/HT213345 https://www.debian • CWE-416: Use After Free •

CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 1

Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable. • http://seclists.org/fulldisclosure/2022/Jul/18 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZ4ARNGLMGYBKYDX2B7DRBNMF6EH3A6R https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJPMCWCGWBN3QWCDVILWQWPC75RR67LT https://subversion.apache.org/security/CVE-2021-28544-advisory.txt https://support.apple.com/kb/HT213345 https://www.debian.org/security/2022/dsa-5119 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.3EPSS: 0%CPEs: 6EXPL: 0

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.3.1, iOS 15.4.1 and iPadOS 15.4.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.. Se abordó un problema de escritura fuera de límites con una comprobación de límites mejorada. • https://support.apple.com/en-us/HT213219 https://support.apple.com/en-us/HT213220 https://support.apple.com/en-us/HT213253 https://support.apple.com/en-us/HT213254 https://support.apple.com/en-us/HT213256 • CWE-787: Out-of-bounds Write •