24 matches found
CVE-2020-2101
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier did not use a constant-time comparison function for validating connection secrets, which could potentially allow an attacker to use a timing attack to obtain this secret...
CVE-2020-2099
Jenkins 2.213 and earlier, LTS 2.204.1 and earlier improperly reuses encryption key parameters in the Inbound TCP Agent Protocol/3, allowing unauthorized attackers with knowledge of agent names to obtain the connection secrets for those agents, which can be used to connect to Jenkins, impersonati...
NetworkManager: Race condition allowing info leak
A race condition vulnerability was discovered in NetworkManager. Temporary files were created insecurely when saving or updating connection settings, which could allow local users to read connection secrets such as VPN passwords or WiFi keys...
RHEL 6 : java-1.8.0-openjdk (RHSA-2016:0050)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:0050 advisory. - TLS 1.2 Transcipt Collision attacks against MD5 in key exchange protocol SLOTH CVE-2015-7575 - OpenJDK: URL deserialization inconsistencie...