4651 matches found
CVE-2020-2130
CVE-2020-2130 concerns the Jenkins Harvest SCM Plugin (versions ≤ 0.5.1), where passwords are stored unencrypted in the Jenkins master configuration. The vulnerability, documented across multiple sources (GHSA and OSV/NVD records), states that credentials are kept in plaintext in the global confi...
CVE-2020-2129
CVE-2020-2129 affects Jenkins Eagle Tester Plugin versions 1.0.9 and earlier. The vulnerability arises from storing a password unencrypted in the plugin’s global configuration file on the Jenkins master, enabling access by users with master-file-system access. The connected sources corroborate th...
CVE-2020-2125
Jenkins Debian Package Builder Plugin 1.6.11 and earlier stores a GPG passphrase unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system...
CVE-2020-2125
The CVE-2020-2125 issue affects Jenkins Debian Package Builder Plugin versions 1.6.11 and earlier. The vulnerability is that the plugin stores a GPG passphrase unencrypted in its global configuration file on the Jenkins master/controller, specifically ru.yandex.jenkins.plugins.debuilder.DebianPac...
CVE-2020-2124
CVE-2020-2124 affects Jenkins Dynamic Extended Choice Parameter Plugin (versions ≤ 1.0.1). The vulnerability: passwords are stored unencrypted in job config.xml files on the Jenkins master, allowing access by users with Extended Read permission or master FS access. Impact is exposure of stored cr...
PT-2020-15338 · Jenkins · Jenkins Eagle Tester Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Eagle Tester Plugin versions 1.0.9 and earlier Description: The issue concerns the storage of a password in an unencrypted form in the global configuration file on the Jenkins master. This allows users with access to the master file...
CVE-2019-11481
Kevin Backhouse discovered that apport would read a user-supplied configuration file with elevated privileges. By replacing the file with a symbolic link, a user could get apport to read any file on the system as root, with unknown consequences...
Authorization
Kevin Backhouse discovered that apport would read a user-supplied configuration file with elevated privileges. By replacing the file with a symbolic link, a user could get apport to read any file on the system as root, with unknown consequences...
Command injection
A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Carefully crafted nefarious Configuration .cf files can be configured to run system commands similar to CVE-2018-11805. This issue is less stealthy and attempts to exploit the issue will throw warnings. Thanks to Damian...
DEBIAN-CVE-2020-5211
In NetHack before 3.6.5, an invalid extended command in value for the AUTOCOMPLETE configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems...
CVE-2020-5211
In NetHack before 3.6.5, an invalid extended command in value for the AUTOCOMPLETE configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems...
CVE-2020-5213
In NetHack before 3.6.5, too long of a value for the SYMBOL configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to...
Privilege escalation
In NetHack before 3.6.5, detecting an unknown configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own...
CVE-2020-5212
In NetHack before 3.6.5, an extremely long value for the MENUCOLOR configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users...
UBUNTU-CVE-2020-5212
In NetHack before 3.6.5, an extremely long value for the MENUCOLOR configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users...
CVE-2020-5211 NetHack AUTOCOMPLETE configuration file option is subject to a buffer overflow
In NetHack before 3.6.5, an invalid extended command in value for the AUTOCOMPLETE configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems...
CVE-2020-5211
In NetHack before 3.6.5, an invalid extended command in value for the AUTOCOMPLETE configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems...
CVE-2020-5212 NetHack MENUCOLOR configuration file option is subject to a buffer overflow
In NetHack before 3.6.5, an extremely long value for the MENUCOLOR configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users...
CVE-2020-5214 NetHack error recovery after syntax error in configuration file is subject to a buffer overflow
In NetHack before 3.6.5, detecting an unknown configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own...
SUSE SLED15 / SLES15 Security Update : slurm (SUSE-SU-2020:0228-1)
This update for slurm fixes the following issues : CVE-2019-19727: Fix permissions of configuration file 'slurmdbd.conf' bsc1155784. Fix ownership of /var/spool/slurm on new installations and upgrade bsc1158696. Fix '%posttrans' macro to cope with added newline bsc1153259. Note that Tenable Netwo...