Security News

Security news from: cvedetails.com

  • – 2. juli 2022CVE-2022-34912
    An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default con …
  • – 2. juli 2022CVE-2022-34911
    An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1. XSS can occur in configurations that allow a JavaScript payload in a username. After acco …
  • – 2. juli 2022CVE-2022-34913
    ** DISPUTED ** md2roff 1.7 has a stack-based buffer overflow via a Markdown file containing a large number of consecutive characters to be processed. NOTE: the vendor's position is that the produ …
  • – 1. juli 2022CVE-2022-34894
    In JetBrains Hub before 2022.2.14799, insufficient access control allowed the hijacking of untrusted services (CVSS:0.0) (Last Update:2022-07-01)
  • – 1. juli 2022CVE-2022-34903
    GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forg …
  • – 30. juni 2022CVE-2022-34796
    A missing permission check in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. (CVSS: …
  • – 30. juni 2022CVE-2022-34798
    Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specifie …
  • – 30. juni 2022CVE-2022-34800
    Jenkins Build Notifications Plugin 1.5.0 and earlier stores tokens unencrypted in its global configuration files on the Jenkins controller where they can be viewed by users with access to the Jenkins …
  • – 30. juni 2022CVE-2022-34802
    Jenkins RocketChat Notifier Plugin 1.5.2 and earlier stores the login password and webhook token unencrypted in its global configuration file on the Jenkins controller where they can be viewed by user …
  • – 30. juni 2022CVE-2022-34804
    Jenkins OpsGenie Plugin 1.9 and earlier transmits API keys in plain text as part of the global Jenkins configuration form and job configuration forms, potentially resulting in their exposure. (CVSS:0. …