52 matches found
Veritas NetBackup 安全漏洞
Veritas NetBackup is a storage service from Veritas, Inc. that is used to provide backup and recovery capabilities for enterprise environments. The software supports the detection of ransomware and the protection of metadata, virtual environments, and other environmental data backups. A security...
Veritas NetBackup 安全漏洞
Veritas NetBackup is a storage service from Veritas, Inc. that is used to provide backup and recovery capabilities for enterprise environments. The software supports the detection of ransomware and the backup protection of metadata, virtual environments and other environmental data. A security...
Veritas NetBackup 安全漏洞
Veritas NetBackup is a storage service from Veritas, Inc. that is used to provide backup and recovery capabilities for enterprise environments. The software supports the detection of ransomware and the backup protection of metadata, virtual environments and other environmental data. A security...
Rockwell Automation FactoryTalk AssetCentre 代码问题漏洞
Rockwell Automation FactoryTalk AssetCentre is an asset management software tool from Rockwell Automation that allows manufacturers and industrial companies to centrally manage controllers and other automation-related assets. A security vulnerability exists in Rockwell Automation FactoryTalk...
PYSEC-2021-50
An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheelasync client. Thus, an attacker can remotely run any wheel modules on the master...
CVE-2020-36163
An issue was discovered in Veritas NetBackup and OpsCenter through 8.3.0.1. NetBackup processes using Strawberry Perl attempt to load and execute libraries from paths that do not exist by default on the Windows operating system. By default, on Windows systems, users can create directories under...
Salt Bugs Allow Full RCE as Root on Cloud Servers
The open-source Salt management framework contains high-severity security vulnerabilities that allow full remote code execution as root on servers in data centers and cloud environments. And in-the-wild attacks are expected imminently. According to F-Secure researchers, the framework, authored by...
PT-2019-11843 · Jenkins · Jenkins Fortify On Demand Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Fortify on Demand Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within job config.xml files on the Jenkins master or controller. These credentials can be...
jenkins: Arbitrary file write vulnerability using file parameter definitions (SECURITY-1424)
A path traversal vulnerability in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java allowed attackers with Job/Configure permission to define a file parameter with a file name outside the intended directory, resulting in an arbitrary fil...
CVE-2019-10163
A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages. Note that only servers configured a...
CVE-2019-10163
A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages. Note that only servers configured a...
FreeBSD : powerdns -- multiple vulnerabilities (1c21f6a3-9415-11e9-95ec-6805ca2fa271)
PowerDNS Team reports : CVE-2019-10162: An issue has been found in PowerDNS Authoritative Server allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. The issue is due to the fact that the Authoritative Server will exit wh...
PT-2019-11343 · Jenkins · Jenkins Hockeyapp Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins HockeyApp Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner in job config.xml files on the Jenkins master. These credentials can be accessed by users who have...
GHSA-G89M-3WJW-H857 Puppet vulnerable to Path Traversal
Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a .. dot dot in a...
Puppet vulnerable to Path Traversal
Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a .. dot dot in a...
CVE-2017-11318
Cobian Backup 11 client allows man-in-the-middle attackers to add and execute new backup tasks when the master server is spoofed. In addition, the attacker can execute system commands remotely by abusing pre-backup events...
Amazon Linux AMI : puppet (ALAS-2012-135)
Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a .. dot dot in a...
AIX 6.1 TL 1 : bind (IZ56316)
AIX 'named' is an implementation of BIND Berkeley Internet Name Domain providing server functionality for the Domain Name System DNS Protocol. AIX currently ships and supports three versions of BIND: 4, 8, and 9. There is an error in the handling of dynamic update messages in BIND 9. A crafted...
DEBIAN-CVE-2012-3864
Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, allows remote authenticated users to read arbitrary files on the puppet master server by leveraging an arbitrary user's certificate and private key in a GET request...
Design/Logic Flaw
lib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, uses 0644 permissions for lastrunreport.yaml, which allows local users to obtain sensitive configuration information by leveraging access to the puppet master server to read this file...