NVIDIA CUDA Toolkit SDK contains an integer overflow vulnerability in cuobjdump.To exploit this vulnerability, a remote attacker would require a local user to download a specially crafted, corrupted file and locally execute cuobjdump against...
A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store...
Guest driver might execute HW commands when shared buffers are not yet allocated, potentially leading to a use-after-free condition. Date published : 2022-03-29 https://lists.nongnu.org/archive/html/qemu-devel/2022-03/msg05197.html
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerDialog_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute...
Jenkins Tests Selector Plugin 1.3.3 and earlier allows users with Item/Configure permission to read arbitrary files on the Jenkins controller. Date published : 2022-03-29 https://www.jenkins.io/security/advisory/2022-03-29/#SECURITY-2338 http://www.openwall.com/lists/oss-security/2022/03/29/1
Jenkins Tests Selector Plugin 1.3.3 and earlier does not escape the Properties File Path option for Choosing Tests parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. Date...
A missing permission check in Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Date published : 2022-03-29 https://www.jenkins.io/security/advisory/2022-03-29/#SECURITY-2685 http://www.openwall.com/lists/oss-security/2022/03/29/1
Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Item/Configure permission to upload arbitrary files from the Jenkins controller via FTP to an attacker-specified FTP server. Date published : 2022-03-29 https://www.jenkins.io/security/advisory/2022-03-29/#SECURITY-2684 http://www.openwall.com/lists/oss-security/2022/03/29/1
Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Item/Configure permission to copy arbitrary files and directories from the Jenkins controller to the agent workspace. Date published : 2022-03-29 https://www.jenkins.io/security/advisory/2022-03-29/#SECURITY-2683 http://www.openwall.com/lists/oss-security/2022/03/29/1
Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Date published : 2022-03-29 https://www.jenkins.io/security/advisory/2022-03-29/#SECURITY-1897 http://www.openwall.com/lists/oss-security/2022/03/29/1
Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Date published : 2022-03-29 https://www.jenkins.io/security/advisory/2022-03-29/#SECURITY-1899 http://www.openwall.com/lists/oss-security/2022/03/29/1
Jenkins SiteMonitor Plugin 0.6 and earlier does not escape URLs of sites to monitor in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. Date published : 2022-03-29...
A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to restore the default ownership of a job. Date published : 2022-03-29 https://www.jenkins.io/security/advisory/2022-03-29/#SECURITY-2062%20%282%29 http://www.openwall.com/lists/oss-security/2022/03/29/1
A missing permission check in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers with Item/Read permission to change the owners and item-specific permissions of a job. Date published : 2022-03-29 https://www.jenkins.io/security/advisory/2022-03-29/#SECURITY-2062%20%281%29...