Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution. Date published : 2020-01-29...
Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. Date published : 2020-01-29 https://helpx.adobe.com/security/products/magento/apsb20-02.html
Adobe Illustrator CC versions 24.0 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. Date published : 2020-01-29 https://helpx.adobe.com/security/products/illustrator/apsb20-03.html
Adobe Illustrator CC versions 24.0 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. Date published : 2020-01-29 https://helpx.adobe.com/security/products/illustrator/apsb20-03.html
Adobe Illustrator CC versions 24.0 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. Date published : 2020-01-29 https://helpx.adobe.com/security/products/illustrator/apsb20-03.html
Adobe Illustrator CC versions 24.0 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. Date published : 2020-01-29 https://helpx.adobe.com/security/products/illustrator/apsb20-03.html
Adobe Illustrator CC versions 24.0 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. Date published : 2020-01-29 https://helpx.adobe.com/security/products/illustrator/apsb20-03.html
A vulnerability in the web UI of Cisco Small Business Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to...
Jenkins WebSphere Deployer Plugin 1.6.1 and earlier does not configure the XML parser to prevent XXE attacks which can be exploited by a user with Job/Configure permissions. Date published : 2020-01-29 https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1719 http://www.openwall.com/lists/oss-security/2020/01/29/1
Jenkins Fortify Plugin 19.1.29 and earlier stores proxy server passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the...
Jenkins Code Coverage API Plugin 1.1.2 and earlier does not escape the filename of the coverage report used in its view, resulting in a stored XSS vulnerability exploitable by users able to change job...
REST API endpoints in Jenkins 2.218 and earlier, LTS 2.204.1 and earlier were vulnerable to clickjacking attacks. Date published : 2020-01-29 https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1704 http://www.openwall.com/lists/oss-security/2020/01/29/1
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier allowed users with Overall/Read access to view a JVM memory usage chart. Date published : 2020-01-29 https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1650 http://www.openwall.com/lists/oss-security/2020/01/29/1
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier exposed session identifiers on a user’s detail object in the whoAmI diagnostic page. Date published : 2020-01-29 https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1695 http://www.openwall.com/lists/oss-security/2020/01/29/1