The vulnerability of the /usr/lib/tmpfiles.d/tomcat.conf component of the Tomcat package on the SUSE Linux Enterprise operating system allows a hacker to gain increased privileges.

The vulnerability of the /usr/lib/tmpfiles.d/tomcat.conf component of the Tomcat package in the SUSE Linux Enterprise operating system is related to errors in the use of standard permissions. Exploiting this vulnerability can allow an attacker to increase their privileges...

CloudBees Jenkins Link Column Plugin Cross-Site Scripting Vulnerability

Cloudbees Jenkins Hudson Labs is the United States CloudBees Cloudbees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . A security vulnerability exists in...

CVE-2020-2218

Jenkins HP ALM Quality Center Plugin 1.6 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system...

CVE-2020-2212

Jenkins GitHub Coverage Reporter Plugin 1.8 and earlier stores secrets unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system or read permissions on the system configuration...

CVE-2020-2212

Jenkins GitHub Coverage Reporter Plugin 1.8 and earlier stores secrets unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system or read permissions on the system configuration...

Design/Logic Flaw

Jenkins White Source Plugin 19.1.1 and earlier stores credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission config.xml, or access to the master file system...

Design/Logic Flaw

Jenkins HP ALM Quality Center Plugin 1.6 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system...

CVE-2020-2218

Jenkins HP ALM Quality Center Plugin 1.6 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system...

CVE-2020-2212

Jenkins GitHub Coverage Reporter Plugin 1.8 and earlier stores secrets unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system or read permissions on the system configuration...

PT-2020-15434 · Jenkins · Jenkins Hp Alm Quality Center Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins HP ALM Quality Center Plugin versions 1.6 and earlier Description: The issue concerns the storage of a password in plain text in the global configuration file, specifically in...

PT-2020-15422 · Jenkins · Jenkins Slack Upload Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Slack Upload Plugin versions 1.7 and earlier Description: The issue allows users with Extended Read permission, or access to the master file system, to view a secret stored unencrypted in job config.xml files on the Jenkins master...

CVE-2019-19160

Reportexpress ProPlus contains a vulnerability that could allow an arbitrary code execution by inserted VBscript into the configure filerxp...

CVE-2019-19160

CVE-2019-19160 affects Capsoft Reportexpress ProPlus (Web reporting solution). The connected sources confirm a vulnerability that could allow arbitrary code execution by inserting VBScript into the configure file (rxp). Reported root cause involves a lack of integrity validation in Reportexpress ...

CVE-2020-8022 User-writeable configuration file /usr/lib/tmpfiles.d/tomcat.conf allows for escalation of priviliges

A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server...

Design/Logic Flaw

A flaw was found in the Red Hat Ceph Storage RadosGW Ceph Object Gateway. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the...

CVE-2020-12863

An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-083. Mitigation This flaw can be mitigated by limiting network scanner discover...

CVE-2020-12862

An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-082. Mitigation This flaw can be mitigated by limiting network scanner discover...

CVE-2020-12861

A flaw was found in sane-backends in versions prior to 1.0.30. A heap buffer overflow in epsondsnetread function could lead to a remote denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigation This flaw can b...

CVE-2020-14976

GNS3 ubridge through 0.9.18 on macOS, as used in GNS3 server before 2.1.17, allows a local attacker to read arbitrary files because it handles configuration-file errors by printing the configuration file while executing in a setuid root context...

CVE-2020-14976

GNS3 ubridge through 0.9.18 on macOS, as used in GNS3 server before 2.1.17, allows a local attacker to read arbitrary files because it handles configuration-file errors by printing the configuration file while executing in a setuid root context...