Jenkins Readonly Parameter Plugin 1.0.0 and earlier does not escape the name and description of Readonly String and Readonly Text parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. The specific flaw exists within the configuration of poller resources. Authentication is required to exploit this vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. The specific flaw exists within the processing of Virtual Metrics.
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Centreon. SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API. Thus, relative path traversal can occur.) The version string is used to construct the path to the command, and there is no validation of whether the version specified is a valid version. (Shims are executables that pass a command along to a specific version of pyenv. python-version to execute shims under their control. An attacker can craft a Python version string in. python-version file in the current working directory.
Pyenv 1.2.24 through 2.3.2 allows local users to gain privileges via a. The specific flaw exists within the GetPopupSubQueryDetails endpoint. This vulnerability allows remote attackers to disclose sensitive information on affected installations of BMC Track-It! 20.21.02.109.
On Patlite NH-FB series devices through 1.46, remote attackers can cause a denial of service by omitting the query string.