PT-2021-14655 · Jenkins · Jenkins Tracetronic Ecu-Test Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins TraceTronic ECU-TEST Plugin versions 2.23.1 and earlier Description: The issue allows credentials to be stored unencrypted in the global configuration file on the Jenkins controller, making them accessible to users with access to the...

Ethereum Aleth Denial of Service Vulnerability

Ethereum Aleth is a C++-based client application from the Ethereum community that supports the Ethereum protocol. A denial of service vulnerability exists in Aleth Ethereum C++ client version =1.8.0, which originates in the config.json file and may result in a denial of service. No details of the...

Ethereum Aleth 缓冲区错误漏洞

Ethereum Aleth is a C++-based client application from the Ethereum community that supports the Ethereum protocol. A denial of service vulnerability exists in Aleth Ethereum C++ client version =1.8.0, which originates in the config.json file and may result in a denial of service. No details of the...

Multiple Veritas Product Security Vulnerabilities

Veritas Infoscale and others are products of Veritas, Inc.Veritas Infoscale is a highly available virtualized storage software.Veritas Foundation For Windows is a backup, storage management software.Veritas Foundation HA For Veritas Foundation HA For Windows is a backup, storage management...

CVE-2020-29311

Ubilling v1.0.9 allows Remote Command Execution as Root user by executing a malicious command that is injected inside the config file and being triggered by another part of the software...

CVE-2020-29311

Ubilling v1.0.9 allows Remote Command Execution as Root user by executing a malicious command that is injected inside the config file and being triggered by another part of the software...

Command injection

Ubilling v1.0.9 allows Remote Command Execution as Root user by executing a malicious command that is injected inside the config file and being triggered by another part of the software...

CVE-2020-29311

Ubilling v1.0.9 allows Remote Command Execution as Root user by executing a malicious command that is injected inside the config file and being triggered by another part of the software...

CVE-2020-8564

In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This affects v1.19.3, v1.18.10, v1.17.13...

CVE-2020-8564

In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This affects v1.19.3, v1.18.10, v1.17.13...

frr: default permission issue eases information leaks

An issue was discovered in FRRouting FRR aka Free Range Routing through 7.3.1. When using the split-config feature, the init script creates an empty config file with world-readable default permissions, leading to a possible information leak via tools/frr.in and tools/frrcommon.sh.in. NOTE: some...

PT-2020-4466 · Cisco · Cisco Ftd +1

Name of the Vulnerable Software and Affected Versions: Cisco Firepower Threat Defense FTD Software affected versions not specified Description: A vulnerability in the multi-instance feature of Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to escape the...

openSUSE Security Update : crmsh (openSUSE-2020-1678)

This update for crmsh fixes the following issues : - Fixed startdelay with start-delaybsc1176569 - fix onfail should be on-failbsc1176569 - config: Try to handle configparser.MissingSectionHeaderError while reading config file - uiconfigure: Obscure sensitive data by defaultbsc1163581 This update...

openSUSE Security Update : crmsh (openSUSE-2020-1688)

This update for crmsh fixes the following issues : - Fixed startdelay with start-delaybsc1176569 - fix onfail should be on-failbsc1176569 - config: Try to handle configparser.MissingSectionHeaderError while reading config file - uiconfigure: Obscure sensitive data by defaultbsc1163581 This update...

SUSE-SU-2020:2928-1 Security update for crmsh

This update for crmsh fixes the following issues: - Fixed startdelay with start-delaybsc1176569 - fix onfail should be on-failbsc1176569 - config: Try to handle configparser.MissingSectionHeaderError while reading config file - uiconfigure: Obscure sensitive data by defaultbsc1163581...

PT-2020-15527 · Jenkins · Jenkins Sms Notification Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins SMS Notification Plugin versions 1.2 and earlier Description: The issue concerns the storage of an access token in an unencrypted form within the global configuration file on the Jenkins controller. Specifically, the file...

libvpx security update

1.3.0-8 - Fix for CVE-2020-0034 - Resolves: rhbz1823909 1.3.0-7 - Fix for CVE-2019-9232 and CVE-2019-9433 - Resolves: rhbz1796085, rhbz1796099 1.3.0-6 - Fix for CVE-2017-0393 - Resolves: rhbz1779498 1.3.0-4 - fix Illegal Instruction abort 1.3.0-3 - update library symbol list for 1.3.0 from Debian...

VyOS Configuration Importer

This module imports a VyOS device configuration. Module Options msf use auxiliary/admin/networking/vyosconfig msf auxiliaryvyosconfig show actions ...actions... msf auxiliaryvyosconfig set ACTION msf auxiliaryvyosconfig show options ...show and set options... msf auxiliaryvyosconfig run This modu...

CVE-2020-5781

In IgniteNet HeliOS GLinq v2.2.1 r2961, the langSelection parameter is stored in the luci configuration file /etc/config/luci by the authenticator.htmlauth function. When modified with arbitrary javascript, this causes a denial-of-service condition for all other users...

Arbitrary Code Execution

pcp is vulnerable to arbitrary code execution. A user is able to run code as root by including OS commands in /var/log/pcp/configs.sh...