545 matches found
openSUSE Security Update : dnsmasq (openSUSE-2019-2669)
This update for dnsmasq fixes the following issues : Security issues fixed: - CVE-2019-14834: Fixed a memory leak which could have allowed to remote attackers to cause denial of service via DHCP response creation bsc1154849 - CVE-2017-15107: Fixed a vulnerability in DNSSEC implementation...
SUSE SLED15 / SLES15 Security Update : dnsmasq (SUSE-SU-2019:3188-1)
This update for dnsmasq fixes the following issues : Security issues fixed : CVE-2019-14834: Fixed a memory leak which could have allowed to remote attackers to cause denial of service via DHCP response creation bsc1154849 CVE-2017-15107: Fixed a vulnerability in DNSSEC implementation. Processing...
SUSE SLED15 / SLES15 Security Update : dnsmasq (SUSE-SU-2019:3189-1)
This update for dnsmasq fixes the following issues : Security issues fixed : CVE-2019-14834: Fixed a memory leak which could have allowed to remote attackers to cause denial of service via DHCP response creation bsc1154849 CVE-2017-15107: Fixed a vulnerability in DNSSEC implementation. Processing...
SUSE-SU-2019:3188-1 Security update for dnsmasq
This update for dnsmasq fixes the following issues: Security issues fixed: - CVE-2019-14834: Fixed a memory leak which could have allowed to remote attackers to cause denial of service via DHCP response creation bsc1154849 - CVE-2017-15107: Fixed a vulnerability in DNSSEC implementation. Processi...
Design/Logic Flaw
Jenkins Anchore Container Image Scanner Plugin 1.0.19 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
CVE-2019-16544
Jenkins QMetry for JIRA - Test Management Plugin 1.12 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
Protect
Improper permission or value checking in the CLI console may allow a non-privileged user to obtain plaint text private keys of system's builtin local certificates via unsetting the keys encryption password or for user uploaded local certificates via setting an empty password. Note that backed up...
CVE-2019-14927
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote configuration download vulnerability allows an attacker to download the smartRTU's configuration file which contains data such as usernames,...
CVE-2019-10443
Jenkins iceScrum Plugin 1.1.4 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...
Design/Logic Flaw
Jenkins View26 Test-Reporting Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
Gather GRUB Password
This module gathers GRUB passwords from GRUB bootloader config files. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Gather GRUB Password', 'Description' = %q This module gathers GRUB password...
PT-2019-11834 · Jenkins · Jenkins Neoload Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins NeoLoad Plugin versions 2.2.5 and earlier Description: The issue concerns the storage of credentials in an unencrypted manner within the global configuration file and job config.xml files on the Jenkins master. This allows users with...
CVE-2019-10433
Jenkins Dingding钉钉 Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
Design/Logic Flaw
Jenkins Google Calendar Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
Design/Logic Flaw
Jenkins Call Remote Job Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
Design/Logic Flaw
Jenkins Git Changelog Plugin 2.17 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...
PT-2019-11810 · Jenkins · Jenkins Violation Comments To Gitlab Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Violation Comments to GitLab Plugin version 2.28 and earlier Description: The issue concerns the storage of credentials in an unencrypted manner. Specifically, the Violation Comments to GitLab Plugin stored API tokens unencrypted in j...
Directory traversal
Within Sahi Pro 8.0.0, an attacker can send a specially crafted URL to include any victim files on the system via the script parameter on the Scriptview page. This will result in file disclosure i.e., being able to pull any file from the remote victim application. This can be used to steal and...
BlackArch Linux v2019.09.01 - Penetration Testing Distribution
BlackArch Linux is an Arch Linux-based distribution for penetration testers and security researchers. The repository contains 2336 tools. You can install tools individually or in groups. BlackArch Linux is compatible with existing Arch installs. ChangeLog: added more than 150 new tools added...
[SECURITY] Fedora 30 Update: kde-settings-30.3-1.fc30
Config files for kde...