Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations.
References
https://nvd.ni…
Codecov npm module before 3.6.2 allows remote attackers to execute arbitrary commands via the “gcov-args” argument.
References
https://nvd.nist.gov/vuln/detail/CVE-2020-7596
https://snyk.io/vuln/SNYK-JS-CODECOV-543183
https://github.com/advisories/GHS…
Waitress through version 1.3.1 allows request smuggling by sending the Content-Length header twice. Waitress would header fold a double Content-Length header and due to being unable to cast the now comma separated value to an integer would set the Cont…
A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka ‘.NET F…
A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka ‘ASP.NET…
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka ‘ASP.NET Core Denial of Service Vulnerability’.
References
https://nvd.nist.gov/vuln/detail/CVE-2020-0602
https://access.redhat.com/errata/RHSA-2020:0130
h…
libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow.
References
https://nvd.nist.gov/vuln/detail/CVE-2020-5311
https://github.com/python-pillow/Pillow/commit/a79b65c47c7dc6fe623aadf09aa6192fc54548f3
https://access.redhat.com/er…
swagger-ui has XSS in key names
References
https://nvd.nist.gov/vuln/detail/CVE-2016-1000229
https://access.redhat.com/errata/RHSA-2017:0868
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000229
https://github.com/advisories/GHSA-h8wp-wgcq-qhrf
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.67 and earlier related to the handling of default parameter expressions in closures allowed attackers to execute arbitrary code in sandboxed scripts.
References
https://nvd.nist.gov/vu…
While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data from parquet. This affected the C++, Python, Ruby an…
