CVE-2020-3626

Any application can bind to it and exercise the APIs due to no protection for AIDL uimlpaservice in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MSM8905, MSM8909W, MSM8917, MSM8920,...

Beijing Tianying Jiuzhou Network Technology Co., Ltd. flipping novels APP there are logic flaws vulnerability

Flip Novel App is a reading app that allows you to read original novels. Beijing Tianying Jiuzhou Network Technology Co., Ltd Flip Novel APP has a logic flaw vulnerability. Attackers can use the vulnerability to arbitrarily bind other people's cell phone numbers that are not bound to the APP and...

CVE-2020-2182

Jenkins Credentials Binding Plugin 1.22 and earlier does not mask i.e., replace with asterisks secrets containing a $ character in some circumstances...

FasterXML jackson-databind code issue vulnerability (CNVD-2020-53535)

FasterXML Jackson is a U.S. FasterXML company for Java data processing tools . jackson-databind is one of the components with data binding capabilities . A security vulnerability exists in FasterXML jackson-databind version 2.x prior to 2.9.10.5. No detailed vulnerability details are provided at...

thrift: Endless loop when feed with specific input data

In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings...

Unspecified Vulnerability in CloudBees Jenkins Credentials Binding Plugin (CNVD-2020-33749)

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Jenkins Credentials Binding Plugin is used in...

Unspecified Vulnerability in CloudBees Jenkins Credentials Binding Plugin

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Jenkins Credentials Binding Plugin is used in...

CVE-2020-2181

Jenkins Credentials Binding Plugin 1.22 and earlier does not mask i.e., replace with asterisks secrets in the build log when the build contains no build steps...

CVE-2020-2181

Jenkins Credentials Binding Plugin 1.22 and earlier does not mask i.e., replace with asterisks secrets in the build log when the build contains no build steps...

CVE-2020-2182

Jenkins Credentials Binding Plugin 1.22 and earlier does not mask i.e., replace with asterisks secrets containing a $ character in some circumstances...

Hardcoded credentials

Jenkins Credentials Binding Plugin 1.22 and earlier does not mask i.e., replace with asterisks secrets in the build log when the build contains no build steps...

CVE-2020-2182

CVE-2020-2182 affects Jenkins Credentials Binding Plugin up to version 1.22. The root issue is improper masking of secrets containing a dollar sign: after escaping $ to $$ (to prevent premature expansion), the escaped form was not masked in some cases (e.g., certain build steps). The advisory ind...

CVE-2020-2181

CVE-2020-2181 affects Jenkins Credentials Binding Plugin (versions 1.22 and earlier) where secrets are not masked in build logs when a build contains no build steps. This is documented in a GHSA advisory for Jenkins Credentials Binding Plugin and reflected in Red Hat advisories linking CVE-2020-2...

CVE-2020-2181

Jenkins Credentials Binding Plugin 1.22 and earlier does not mask i.e., replace with asterisks secrets in the build log when the build contains no build steps...

PT-2020-15394 · Jenkins · Jenkins Credentials Binding Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Credentials Binding Plugin versions 1.22 and earlier Description: The issue concerns the Jenkins Credentials Binding Plugin, where secrets are not masked in the build log when the build contains no build steps. This affects the securi...

PT-2020-15395 · Jenkins · Jenkins Credentials Binding Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Credentials Binding Plugin versions 1.22 and earlier Description: The issue concerns the masking of secrets in the Jenkins Credentials Binding Plugin. Secrets containing a $ character are not properly masked in certain circumstances,...

CVE-2019-10608

Information disclosure issue occurs as there is no binding between the secure keypad session and the secure display session that allows user to take control of the REE to stop the secure keypad session and read the keypad input. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity,...

istio/envoy: mishandling regular expressions for long URIs leading to DoS

A flaw was found in Istio in versions prior to 1.1.13 and 1.2.4. Regular expressions for long URIs are mishandled leading to a denial of service during the use of JWT, VirtualService, HTTPAPISpecBinding, or QuotaSpecBinding API. The highest threat from this vulnerability is to system availability...

thrift: Endless loop when feed with specific input data

In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings...

CVE-2020-5242

openHAB before 2.5.2 allow a remote attacker to use REST calls to install the EXEC binding or EXEC transformation service and execute arbitrary commands on the system with the privileges of the user running openHAB. Starting with version 2.5.2 all commands need to be whitelisted in a local file...