Jenkins Multiple Vulnerabilities (Oct 2014) - Windows

Jenkins is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:jenkins:jenkins"; ifdescription...

Code injection

Cisco IOS XE 15.43S on ASR 1000 devices improperly loads software packages, which allows local users to bypass license restrictions and obtain certain root privileges by using the CLI to enter crafted filenames, aka Bug ID CSCuv93130...

CVE-2015-6383

Cisco IOS XE 15.43S on ASR 1000 devices improperly loads software packages, which allows local users to bypass license restrictions and obtain certain root privileges by using the CLI to enter crafted filenames, aka Bug ID CSCuv93130...

Cisco ASR 1000 Series Root Shell License Bypass Vulnerability

A vulnerability in the way software packages are loaded in Cisco IOS XE Software for the Cisco Aggregation Services Routers ASR 1000 Series could allow an authenticated, local attacker to gain restricted root shell access. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be...

pacemaker security update

CentOS Errata and Security Advisory CESA-2015:2383 Updated pacemaker packages that fix one security issue, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common...

CVE-2015-8103

The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-.jar file and the "Groovy variant in 'ysoserial'"...

CVE-2015-5319

XML external entity XXE vulnerability in the create-job CLI command in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to read arbitrary files via a crafted job configuration that is then used in an "XML-aware tool," as demonstrated by get-job and update-job...

CVE-2015-5321

The sidepanel widgets in the CLI command overview and help pages in Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to the pages...

CVE-2015-8103

The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-.jar file and the "Groovy variant in 'ysoserial'"...

CVE-2015-5319

XML external entity XXE vulnerability in the create-job CLI command in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to read arbitrary files via a crafted job configuration that is then used in an "XML-aware tool," as demonstrated by get-job and update-job...

Information disclosure

The sidepanel widgets in the CLI command overview and help pages in Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to the pages...

CVE-2015-8103

The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-.jar file and the "Groovy variant in 'ysoserial'"...

CVE-2015-5321

CVE-2015-5321 affects Jenkins, enabling information disclosure via the sidepanel widgets in the CLI command overview and help pages. The root cause is an information leakage vulnerability exposed by direct requests to those pages, allowing remote attackers to obtain sensitive data. Affected versi...

Multiple Huawei eSpace switch denial of service vulnerabilities

Huawei eSpace U1910, eSpace U1911, eSpace U1930, eSpace U1960, eSpace U1980, and eSpace U1981 are eSpace U1900 series switch products from Huawei, China. A security vulnerability exists in the exception handling mechanism in the CLI Module of several Huawei eSpace switches, which allows remote...

CVE-2015-7845

The exception handling mechanism in the CLI Module in Huawei eSpace U1910, U1911, U1930, U1960, U1980, and U1981 unified gateways with software before V100R001C20SPH605 allows remote attackers to cause a denial of service CLI outage via crafted SSH packets...

CVE-2015-6370

The CVE-2015-6370 entry describes a local command-injection vulnerability in the Management I/O (MIO) CLI of Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices. The root cause is insufficient sanitization of user-supplied input in the CLI, allowing an authenticated l...

Cisco Firepower 9000 Command Injection at Management I/O Command-Line Interface Vulnerability

A vulnerability in the Management I/O MIO command-line interface CLI command execution of Cisco Firepower 9000 devices could allow an authenticated, local attacker to access the underlying operating system and execute commands at the root privilege level. The vulnerability is due to insufficient...

[SECURITY] Fedora 22 Update: telegram-cli-1.3.1-7.20150730git2052f4.fc22

Telegram is an Open Source instant messaging platform for mobile and desktop focused on privacy. This is a Linux Command-line interface for Telegram...

[SECURITY] Fedora 23 Update: telegram-cli-1.3.1-7.20150730git2052f4.fc23

Telegram is an Open Source instant messaging platform for mobile and desktop focused on privacy. This is a Linux Command-line interface for Telegram...

Fedora Update for telegram-cli FEDORA-2015-69133

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...