64 matches found
Security Bulletin: Multiple vulnerabilities in logback-core-1.3.14.jar affects IBM DevOps Code ClearCase [CVE-2024-12798, CVE-2024-12801, CVE-2025-11226,CVE-2026-1225]
Summary Multiple vulnerabilities in logback-core-1.3.14.jar affects IBM DevOps Code ClearCase CVE-2024-12798, CVE-2024-12801, CVE-2025-11226,CVE-2026-1225 Vulnerability Details CVEID:CVE-2026-1225 DESCRIPTION: ACE vulnerability in configuration file processing by QOS.CH logback-core up to and...
CVE-2019-11215
In Combodo iTop 2.2.0 through 2.6.0, if the configuration file is writable, then execution of arbitrary code can be accomplished by calling ajax.dataloader with a maliciously crafted payload. Many conditions can place the configuration file into a writable state: during installation; during...
EUVD-2021-18437
Malware in sbrugna...
EUVD-2001-0699
Malware in sbrugna...
EUVD-2006-5288
Malware in sbrugna...
EUVD-2007-0369
Malware in sbrugna...
EUVD-2019-17224
Malware in sbrugna...
EUVD-1999-1201
Malware in sbrugna...
EUVD-2020-12633
Malware in sbrugna...
EUVD-2021-33101
Malicious code in bioql PyPI...
EUVD-2022-51855
Malicious code in bioql PyPI...
EUVD-2022-30684
Malicious code in bioql PyPI...
EUVD-2024-19392
Malicious code in bioql PyPI...
EUVD-2022-6417
Malicious code in bioql PyPI...
CVE-2013-10036 Beetel Connection Manager NetConfig.ini Stack-Based Buffer Overflow
A stack-based buffer overflow vulnerability exists in Beetel Connection Manager version PCWBTLINDV1.0.0B04 when parsing the UserName parameter in the NetConfig.ini configuration file. A crafted .ini file containing an overly long UserName value can overwrite the Structured Exception Handler SEH,...
CVE-2025-53675
Jenkins Warrior Framework Plugin 1.2 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
PT-2025-28924 · Jenkins · Jenkins Kryptowire Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins Kryptowire Plugin versions 0.2 and earlier Description: The Jenkins Kryptowire Plugin stores the Kryptowire API key unencrypted in its global configuration file org.aerogear.kryptowire.GlobalConfigurationImpl.xml on the Jenkins...
PT-2025-28483 · Ivanti · Ivanti Connect Secure +1
Name of the Vulnerable Software and Affected Versions: Ivanti Connect Secure versions prior to 22.7R2.8 Ivanti Policy Secure versions prior to 22.7R1.5 Description: The issue allows a remote authenticated attacker with admin rights to write to a protected configuration file on disk through CLRF...
CVE-2025-30167
Jupyter Core is a package for the core common functionality of Jupyter projects. When using Jupyter Core prior to version 5.8.0 on Windows, the shared %PROGRAMDATA% directory is searched for configuration files SYSTEMCONFIGPATH and SYSTEMJUPYTERPATH, which may allow users to create configuration...
CVE-2023-41057
hyper-bump-it is a command line tool for updating the version in project files.hyper-bump-it reads a file glob pattern from the configuration file. That is combined with the project root directory to construct a full glob pattern that is used to find files that should be edited. These matched fil...