134 matches found
CVE-2021-21634
Jenkins Jabber XMPP notifier and control Plugin 1.41 and earlier stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...
jenkins-2-plugins/kubernetes: Jenkins controller environment variables are accessible in Kubernetes Plugin
Jenkins Kubernetes Plugin 1.27.3 and earlier allows low-privilege users to access possibly sensitive Jenkins controller environment variables...
CloudBees Jenkins Blue Ocean Arbitrary File Read Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . Jenkins Blue Ocean plug-in...
CVE-2020-8485 ABB System 800xA Inter process communication vulnerability - 800xA for Mod 300
Insufficient protection of the inter-process communication functions in ABB System 800xA for MOD 300 all published versions enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash...
ABB System 800xA for MOD 300 Privilege License and Access Control Issues Vulnerability
ABB System 800xA for MOD 300 is a distributed control system for MOD 300 from ABB Switzerland. A vulnerability in ABB System 800xA for MOD 300 all versions with privilege permission and access control issues can be exploited by a local attacker to inject data, read or write to the controller or...
PT-2020-6580
Name of the Vulnerable Software and Affected Versions Ansible Engine versions 2.7.x through 2.9.x Description A flaw was found in the Ansible Engine when the fetch module is used, allowing an attacker to intercept the module, inject a new path, and choose a new destination path on the controller...
Authentication Bypass Vulnerability in Triconex SIS System
The Triconex SIS system is a modern programmable logic and process controller. An authentication bypass vulnerability exists in the Triconex SIS system, which could be exploited by an unauthorized attacker to gain access to the controller...
UBUNTU-CVE-2019-3887
A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister MSR access with nested=1 virtualization enabled. In that, L1 guest could access L0's APIC register values via L2 guest, when 'virtualize x2APIC mode' is enabled. A guest could use this flaw to potentially crash t...
PT-2019-11364 · Jenkins · Jenkins Hyper.Sh Commons Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins Hyper.sh Commons Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within the global configuration file on the Jenkins master or controller. Specifically,...
PT-2019-11361 · Jenkins · Jenkins Octopusdeploy Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins OctopusDeploy Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within the global configuration file on the Jenkins master or controller. Specifically, the...
Ansible: path traversal in the fetch module
A path traversal flaw was found in ansible. The fetch module allows copying and overwriting files outside of the specified destination in the local ansible controller host by not restricting an absolute path. The main threat from this vulnerability is to data confidentiality and integrity...
CMS ISWEB Path Traversal Vulnerability
CMS ISWEB is a content management system CMS. A directory traversal vulnerability exists in CMS ISWEB version 3.5.3. An attacker can exploit this vulnerability to download the config.php file and take control of the application...
The vulnerability of the CX-Programmer development environment, related to the reversibility of the password encoding method, allows attackers to obtain the password necessary to access the controller.
The vulnerability of the development environment CX-Programmer, which is part of the CX-One software suite designed for programming and configuring Omron PLCs, relates to the reversibility of the password encoding method. Exploiting this vulnerability allows a malicious actor to obtain the passwo...
UCOPIA Wireless Appliance 5.1 (Captive Portal) - Root Remote Code Execution Vulnerability
Exploit for linux platform in category remote exploits Exploit Title: Unauthenticated remote root code execution on captive portal Ucopia '/var/www/html/upload/bd.php;echo%20t As php is in sudoers without password...