Security Bulletin: CVE-2021-28165 In Eclipse Jetty CPU usage can reach 100% upon receiving a large invalid TLS frame.

Summary CVE-2021-28165 In Eclipse Jetty CPU usage can reach 100% upon receiving a large invalid TLS frame. Vulnerability Details CVEID: CVE-2021-28165 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by improper input valistion. By sending a specially-crafted TLS frame, a...

Security Bulletin: CVE-2021-27568 An issue was discovered in netplex json-smart-v1, an exception is thrown from a function

Summary CVE-2021-27568 An issue was discovered in netplex json-smart-v1, an exception is thrown from a function, may cause programs to crash or expose sensitive info Vulnerability Details CVEID: CVE-2021-27568 DESCRIPTION: Netplex json-smart-v1 and json-smart-v2 are vulnerable to a denial of...

In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10) Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes (non external) secrets. It potentially applies to other API users of the stack API if they resend the secret.

...

IBM UrbanCode Deploy has an unspecified vulnerability

IBM UrbanCode Deploy UCD is a set of application automation deployment tools from IBM Corporation in the United States. The tool is based on an application deployment automation management information model and uses remote agent technology to automate the deployment of complex applications in...

CVE-2021-29711

IBM UrbanCode Deploy UCD 6.2.7.3, 6.2.7.4, 6.2.7.8 , 6.2.7.9, 7.0.3.0, 7.0.4.0, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2 could allow an authenticated user with certain permissions to initiate an agent upgrade through the CLI interface. IBM X-Force ID: 200965...

Code injection

IBM UrbanCode Deploy UCD 6.2.7.3, 6.2.7.4, 6.2.7.8 , 6.2.7.9, 7.0.3.0, 7.0.4.0, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2 could allow an authenticated user with certain permissions to initiate an agent upgrade through the CLI interface. IBM X-Force ID: 200965...

CVE-2021-29711

IBM UrbanCode Deploy UCD 6.2.7.3, 6.2.7.4, 6.2.7.8 , 6.2.7.9, 7.0.3.0, 7.0.4.0, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2 could allow an authenticated user with certain permissions to initiate an agent upgrade through the CLI interface. IBM X-Force ID: 200965...

CVE-2021-29711

CVE-2021-29711 affects IBM UrbanCode Deploy (UCD) versions including 6.2.7.3/4/8/9, 7.0.3.0/4.0/5.4, 7.1.0.0/1.0/1.1/1.2, and 7.1.1.x. The IBM security bulletin notes that an authenticated user with certain permissions could initiate an agent upgrade through the CLI interface, due to inconsistent...

IBM UrbanCode Deploy 安全漏洞

IBM UrbanCode Deploy UCD is a set of application automation deployment tools from IBM Corporation in the United States. The tool is based on an application deployment automation management information model and uses remote agent technology to automate the deployment of complex applications in...

UBUNTU-CVE-2021-22226

Under certain conditions, some users were able to push to protected branches that were restricted to deploy keys in GitLab CE/EE since version 13.9...

CVE-2021-22226

Under certain conditions, some users were able to push to protected branches that were restricted to deploy keys in GitLab CE/EE since version 13.9...

FreeBSD : Gitlab -- Multiple Vulnerabilities (8ba8278d-db06-11eb-ba49-001b217b3468)

Gitlab reports : DoS using Webhook connections CSRF on GraphQL API allows executing mutations through GET requests Private projects information disclosure Denial of service of user profile page Single sign-on users not getting blocked Some users can push to Protected Branch with Deploy keys A...

PT-2021-6693 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.9 and later Description: The issue allows certain users to push to protected branches that were restricted to deploy keys. This can be exploited by a remote attacker to access confidential data and compromise its...

Octopus Deploy SQL注入漏洞

Octopus Deploy is an automation tool for .NET, Java, and other application development and deployment from Octopus Deploy Australia. An SQL injection vulnerability exists in Octopus Server that stems from the data provided by a user in an Events REST API request not being properly parameterized...

Jenkins Cross-Site Request Forgery Vulnerability (CNVD-2021-49068)

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plug-ins to support building, deploying and automating any project . The Jenkins XebiaLabs XL Deploy Plugin suffers from a cross-site request forgery vulnerability that stems from a...

CVE-2021-21662

A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins...

CVE-2021-21665

A cross-site request forgery CSRF vulnerability in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins...

CVE-2021-21663

A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 7.5.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in...

CVE-2021-21664

An incorrect permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Generic Create permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored i...

CVE-2021-21662

A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins...