SUSE-SU-2020:0228-1 Security update for slurm

This update for slurm fixes the following issues: - CVE-2019-19727: Fix permissions of configuration file 'slurmdbd.conf' bsc1155784. - Fix ownership of /var/spool/slurm on new installations and upgrade bsc1158696. - Fix '%posttrans' macro to cope with added newline bsc1153259...

LibMiner: Container-Based Cryptocurrency Miner Targeting Unprotected Redis Servers

Qualys is actively tracking threats which target containers. In our recent analysis, we have identified a few docker instances executing a malware which we term as “LibMiner”. This malware has the capability to deploy and execute Cryptominer. It uses a unique technique for lateral movement across...

Code injection

A vulnerability has been identified in TIA Portal V14 All versions, TIA Portal V15 All versions V15.1 Update 7, TIA Portal V16 All versions V16 Update 6, TIA Portal V17 All versions V17 Update 4. Changing the contents of a configuration file could allow an attacker to execute arbitrary code with...

CVE-2019-10934

Siemens TIA Portal path traversal vulnerability (CVE-2019-10934) affects TIA Portal V14 (all), V15 (all before V15.1 Update 7), V16 (all before V16 Update 6), and V17 (all before V17 Update 4). Changing a configuration file could allow an attacker with a valid account and limited rights to execut...

CVE-2019-10934

A vulnerability has been identified in TIA Portal V14 All versions, TIA Portal V15 All versions V15.1 Update 7, TIA Portal V16 All versions V16 Update 6, TIA Portal V17 All versions V17 Update 4. Changing the contents of a configuration file could allow an attacker to execute arbitrary code with...

Siemens TIA Portal (Update F)

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Siemens Equipment: TIA Portal Vulnerability: Path Traversal 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-20-014-05 Siemens TIA Portal Update E that was published June...

MGASA-2019-0418 Updated clamaw packages fix security issue

The updated packages fix an issue: Wrong permissions on /etc/freshclam.conf prevent freshclam usage with authenticated proxy. rhbz1733112...

curl: Heap Buffer Overflow (READ of size 1) in ourWriteOut

Summary: Whilst fuzzing the curl command line tool built from commit 779b415 with AFL, ASAN and libdislocator, a heap buffer overflow was triggered when a crafted curl configuration file was loaded. Steps To Reproduce: echo "LXdAAAou" | base64 -d test0070.conf ./curl -q -K test0070.conf...

CVE-2019-16572

Jenkins Weibo Plugin 1.0.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

CVE-2019-16556

Jenkins Rundeck Plugin 3.6.5 and earlier stores credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

Design/Logic Flaw

Jenkins Weibo Plugin 1.0.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

CVE-2019-16572

Jenkins Weibo Plugin 1.0.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

CVE-2019-16572

CVE-2019-16572 affects Jenkins Weibo Plugin versions 1.0.1 and earlier. Root cause: credentials are stored unencrypted in the plugin’s global configuration file on the Jenkins master, enabling access by users with master file-system access. Consequences stated across connected sources include exp...

CVE-2019-16556

The vulnerability CVE-2019-16556 affects the Jenkins Rundeck Plugin (versions 3.6.5 and earlier). The underlying issue is that credentials are stored in plaintext in the plugin’s global configuration file and in job config.xml files on the Jenkins master. This allows viewing by users with Extende...

CVE-2014-0241

rubygem-hammercliforeman: File /etc/hammer/cli.modules.d/foreman.yml world readable...

ELOG < 3.1.4-283534d Multiple Vulnerabilities - Active Check

ELOG is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:elogproject:elog"; ifdescription...

Shadowsocks-libev ss-server Stream Cipher Information Disclosure Vulnerability

Summary An exploitable information disclosure vulnerability exists in the network packet handling functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher, a specially crafted set of network packets can cause an outbound connection from the server, resulting in information...

CVE-2019-19018

An issue was discovered in TitanHQ WebTitan before 5.18. It exposes a database configuration file under /include/dbconfig.ini in the web administration interface, revealing what database the web application is using...

CVE-2019-16543

Jenkins Spira Importer Plugin 3.2.2 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

CVE-2019-16543

Jenkins Spira Importer Plugin 3.2.2 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...