CVE-2020-2278

Jenkins Storable Configs Plugin 1.0 and earlier does not restrict the user-specified file name, allowing attackers with Job/Configure permission to replace any other '.xml' file on the Jenkins controller with a job config.xml file's content...

CVE-2020-2277

Jenkins Storable Configs Plugin 1.0 and earlier allows users with Job/Read permission to read arbitrary files on the Jenkins controller...

CVE-2020-2277

Summary: CVE-2020-2277 affects Jenkins Storable Configs Plugin 1.0 and earlier. It allows users with Job/Read permission to read arbitrary files on the Jenkins controller. The issue is documented across multiple sources, with remediation guidance indicating to upgrade to a version later than 1.0....

PT-2020-15506 · Jenkins · Jenkins Storable Configs Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Storable Configs Plugin version 1.0 and earlier Description: The issue allows users with Job/Read permission to read arbitrary files on the Jenkins controller. Recommendations: For Jenkins Storable Configs Plugin version 1.0 and...

PT-2020-15507 · Jenkins · Jenkins Storable Configs Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Storable Configs Plugin versions 1.0 and earlier Description: The issue allows attackers with Job/Configure permission to replace any other '.xml' file on the Jenkins controller with a job config.xml file's content, due to the lack of...

CVE-2020-12422

In non-standard configurations, a JPEG image created by JavaScript could have caused an internal variable to overflow, resulting in an out of bounds write, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox 78...

PT-2020-15339 · Jenkins · Jenkins Harvest Scm Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Harvest SCM Plugin versions 0.5.1 and earlier Description: The issue concerns the storage of passwords in an unencrypted manner within the global configuration file on the Jenkins master. This allows users with access to the master fi...

DEBIAN-CVE-2020-5212

In NetHack before 3.6.5, an extremely long value for the MENUCOLOR configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users...

openSUSE: Security Advisory for rmt-server (openSUSE-SU-2019:1824-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

DEBIAN-CVE-2019-19905

NetHack 3.6.x before 3.6.4 is prone to a buffer overflow vulnerability when reading very long lines from configuration files. This affects systems that have NetHack installed suid/sgid, and shared systems that allow users to upload their own configuration files...

openSUSE Security Update : rmt-server (openSUSE-2019-1824)

This update for rmt-server to version 2.3.1 fixes the following issues : - Fix mirroring logic when errors are encountered bsc1140492 - Refactor RMT::Mirror to download metadata/licenses in parallel - Check repo metadata GPG signatures during mirroring bsc1132690 - Add rmt-server-config subpackag...

OPENSUSE-SU-2019:1824-1 Security update for rmt-server

This update for rmt-server to version 2.3.1 fixes the following issues: - Fix mirroring logic when errors are encountered bsc1140492 - Refactor RMT::Mirror to download metadata/licenses in parallel - Check repo metadata GPG signatures during mirroring bsc1132690 - Add rmt-server-config subpackage...

Security update for rmt-server (important)

openSUSE Security Update: Security update for rmt-server Announcement ID: openSUSE-SU-2019:1824-1 Rating: important References: 1128858 1129271 1129392 1132160 1132690 1134190 1134428 1135222 1136020 1136081 1138316 1140492 Cross-References: CVE-2019-11068 CVE-2019-5419 Affected Products: openSUS...

Cross-Site Scripting (XSS)

web-console is vulnerable to cross-site scripting. The vulnerability, caused by missing X-Frame-Options and CSRF protections, in the oauth/token/request endpoint could allow a remote attacker to retrieve a token for CLI usage when using non default configs...

SUSE SLES15 Security Update : rmt-server (SUSE-SU-2019:1973-1)

This update for rmt-server to version 2.3.1 fixes the following issues : Fix mirroring logic when errors are encountered bsc1140492 Refactor RMT::Mirror to download metadata/licenses in parallel Check repo metadata GPG signatures during mirroring bsc1132690 Add rmt-server-config subpackage with...

BaserCMS Arbitrary PHP Code Execution Vulnerability

BaserCMS is an enterprise cms. An arbitrary PHP code execution vulnerability exists in libBaserModelThemeConfig.php in BaserCMS before 4.1.4, which can be exploited by remote attackers to execute arbitrary PHP code via the admin/themeconfigs/form dataThemeConfiglogo parameter. code...

CVE-2018-18942

In baserCMS before 4.1.4, lib\Baser\Model\ThemeConfig.php allows remote attackers to execute arbitrary PHP code via the admin/themeconfigs/form dataThemeConfiglogo parameter...

PHPCMS V9 version of the background design flaws lead to arbitrary code execution vulnerability

Source link: http://www.cnbraid.com/ 0x01 background Since the default after installation requires Super administrator privileges, so the vulnerability is very tasteless, but the feeling should be in other cms, there are also, so the main share under the mining idea PS: using the test environment...

Updated java-1.8.0-openjdk/copy-jdk-configs/lua-lunit/lua-posix packages fix security vulnerability

An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox...

SearchBlox File Exfiltration Denial of Service Vulnerability

SearchBlox is a set of open source and free based on Lucene full-text search engine toolkit to build enterprise search and analytics solutions. A security vulnerability exists in SearchBlox that allows remote attackers to exploit the vulnerability to overwrite configuration files, add or remove...