The vulnerability of the Jenkins Pipeline Remote Loader plugin, related to defects in the data protection mechanism, allows attackers to circumvent sandbox restrictions.

The vulnerability of the Jenkins Pipeline Remote Loader plugin is related to deficiencies in data protection mechanisms. Exploiting this vulnerability allows a malicious actor to bypass sandbox restrictions and execute arbitrary methods remotely...

CVE-2019-1010039

uLaunchELF commit 170827a is affected by: Buffer Overflow. The impact is: Possible code execution and denial of service. The component is: Loader program loader.c overly trusts the arguments provided via command line...

CVE-2019-1010039

uLaunchELF commit 170827a is affected by: Buffer Overflow. The impact is: Possible code execution and denial of service. The component is: Loader program loader.c overly trusts the arguments provided via command line...

Buffer overflow

uLaunchELF commit 170827a is affected by: Buffer Overflow. The impact is: Possible code execution and denial of service. The component is: Loader program loader.c overly trusts the arguments provided via command line...

CVE-2019-1010039

The CVE-2019-1010039 entry affects uLaunchELF before commit 170827a, in the loader program (loader.c) where command-line arguments are overly trusted, leading to a buffer overflow. This vulnerability can cause code execution and Denial of Service. Documents consistently describe a buffer overflow...

CVE-2019-1010039

uLaunchELF commit 170827a is affected by: Buffer Overflow. The impact is: Possible code execution and denial of service. The component is: Loader program loader.c overly trusts the arguments provided via command line...

Sandbox Restrictions Bypass

Jenkins Pipeline Remote Loader Plugin is vulnerable to sandbox restrictions bypass vulnerability. A remote authenticated attacker to bypass security restrictions, caused by an unsafe whitelist entry issue by sending a specially-crafted request...

DEBIAN-CVE-2019-5051

An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability...

jenkins-plugin-workflow-remote-loader: Unsafe Script Security whitelist entry in Pipeline Remote Loader Plugin (SECURITY-921)

A flaw was found in the Jenkins Workflow Remote Loader plugin. An unsafe whitelist entry was made that allowed invoking arbitrary methods and bypassing sandbox protection. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

CVE-2019-10975

An out-of-bounds read vulnerability has been identified in Fuji Electric Alpha7 PC Loader Versions 1.1 and prior, which may crash the system...

Cross site scripting

An out-of-bounds read vulnerability has been identified in Fuji Electric Alpha7 PC Loader Versions 1.1 and prior, which may crash the system...

CVE-2019-10975

CVE-2019-10975 is an out-of-bounds read vulnerability in Fuji Electric Alpha7 PC Loader , affecting Versions 1.1 and prior . The issue may cause a system crash. The ZDI advisory describes a read-past-the-end in A7P file parsing, with exploitation depending on user interaction; ICS-CERT notes the ...

CVE-2019-10975

An out-of-bounds read vulnerability has been identified in Fuji Electric Alpha7 PC Loader Versions 1.1 and prior, which may crash the system...

RATs and stealers rush through “Heaven’s Gate” with new loader

By Holger Unterbrink and Edmund Brumaghin. Executive summary Malware is constantly finding new ways to avoid detection. This doesn't mean that some will never be detected, but it does allow adversaries to increase the period of time between initial release and detection. Flying under the radar fo...

jenkins-plugin-workflow-remote-loader: Unsafe Script Security whitelist entry in Pipeline Remote Loader Plugin (SECURITY-921)

A flaw was found in the Jenkins Workflow Remote Loader plugin. An unsafe whitelist entry was made that allowed invoking arbitrary methods and bypassing sandbox protection. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

The vulnerability of the Intel Dynamic Application Loader subsystem of the Intel Converged Security and Manageability Engine allows a perpetrator to enhance their privileges.

The vulnerability of the Intel Dynamic Application Loader DAL subsystem of the Intel Converged Security and Manageability Engine CSME is related to buffer overflow attacks. Exploiting this vulnerability can allow an attacker to increase their privileges remotely...

The vulnerability of the Dynamic Application Loader component of the Intel Converged Security and Manageability Engine and the Intel Trusted Execution Engine allows attackers to enhance their privileges.

The vulnerability of the Dynamic Application Loader component of the Intel Converged Security and Manageability Engine and the Intel Trusted Execution Engine is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...

Code injection

Jenkins Pipeline Remote Loader Plugin 1.4 and earlier provided a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection...

CVE-2019-10328

Jenkins Pipeline Remote Loader Plugin 1.4 and earlier provided a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection...

CVE-2019-10328

Jenkins Pipeline Remote Loader Plugin 1.4 and earlier provided a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection...