CVE-2019-16548

CVE-2019-16548 concerns the Jenkins Google Compute Engine Plugin (up to v4.1.1). The vulnerability is a CSRF flaw in ComputeEngineCloud#doProvision that could be abused to provision new agents without proper authorization. Impact is exposure of administrative actions (agent provisioning) via CSRF...

CVE-2019-16548

A cross-site request forgery vulnerability in Jenkins Google Compute Engine Plugin 4.1.1 and earlier in ComputeEngineClouddoProvision could be used to provision new agents...

CVE-2019-16548

A cross-site request forgery vulnerability in Jenkins Google Compute Engine Plugin 4.1.1 and earlier in ComputeEngineClouddoProvision could be used to provision new agents...

CVE-2019-16546

CVE-2019-16546 affects Jenkins Google Compute Engine Plugin 4.1.1 and earlier. The root cause is that the plugin does not verify SSH host keys when connecting agents, which enables a man-in-the-middle (MITM) scenario. Public-facing references in the connected documents confirm this behavior and d...

CVE-2019-16547

Missing permission checks in various API endpoints in Jenkins Google Compute Engine Plugin 4.1.1 and earlier allow attackers with Overall/Read permission to obtain limited information about the plugin configuration and environment...

CVE-2019-16547

Missing permission checks in various API endpoints in Jenkins Google Compute Engine Plugin 4.1.1 and earlier allow attackers with Overall/Read permission to obtain limited information about the plugin configuration and environment...

CVE-2019-16546

Jenkins Google Compute Engine Plugin 4.1.1 and earlier does not verify SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks...

CVE-2019-16547

CVE-2019-16547 affects the Jenkins Google Compute Engine Plugin (versions up to 4.1.1). The issue is missing permission checks on several API endpoints, allowing users with Overall/Read to obtain limited information about the plugin configuration and environment. In practice, the impact is inform...

PT-2019-14703 · Jenkins · Jenkins Google Compute Engine Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Google Compute Engine Plugin versions 4.1.1 and earlier Description: A cross-site request forgery issue exists in the ComputeEngineClouddoProvision function, which could be used to provision new agents. The Google Compute Engine Plugi...

PT-2019-14701 · Jenkins · Jenkins Google Compute Engine Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Google Compute Engine Plugin versions 4.1.1 and earlier Description: The issue allows man-in-the-middle attacks due to the lack of SSH host key verification when connecting agents created by the plugin. This enables potential attacker...

PT-2019-14702 · Jenkins · Jenkins Google Compute Engine Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Google Compute Engine Plugin versions 4.1.1 and earlier Description: The issue is related to missing permission checks in various API endpoints, allowing attackers with Overall/Read permission to obtain limited information about the...

The vulnerability of the Cisco IC3000 Industrial Compute Gateway’s software-hardware protection mechanism, related to uncontrolled resource consumption, allows a intruder to trigger a service failure.

The vulnerability of the Cisco IC3000 Industrial Compute Gateway software and hardware solution is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service failures by enabling too many simultaneous sessions in the web interface...

CVE-2019-2246

Thread start can cause invalid memory writes to arbitrary memory location since the argument is passed by user to kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9205, MDM9640, MSM8996AU, QCA6574,...

CVE-2019-10529

Possible use after free issue due to race condition while attempting to mark the entry pages as dirty using function setpagedirty in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon...

CVE-2019-10512

Payload size is not checked before using it as array index in audio in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in...

CVE-2019-10495

Arbitrary buffer write issue while processing sequence header during HEVC or AVC encoding. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, MSM8996AU,...

Stack overflow

Possible stack overflow when an index equal to io buffer size is accessed in camera module in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, ...

Code injection

Payload size is not checked before using it as array index in audio in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in...

Double free

Double free issue can happen when sensor power settings is freed by some thread while another thread try to access. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music...

Memory corruption

Thread start can cause invalid memory writes to arbitrary memory location since the argument is passed by user to kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9205, MDM9640, MSM8996AU, QCA6574,...