CVE-2020-10678

In Octopus Deploy before 2020.1.5, for customers running on-premises Active Directory linked to their Octopus server, an authenticated user can leverage a bug to escalate privileges...

CVE-2020-10678

CVE-2020-10678 affects Octopus Deploy prior to 2020.1.5 when running with on-premises Active Directory linked to the Octopus server. The issue is an authenticated user privilege-escalation bug described across multiple sources (Red Hat, CNVD, NVD, etc.). The connected documents identify the affec...

CVE-2019-4666

IBM UrbanCode Deploy UCD 7.0.3 and IBM UrbanCode Build 6.1.5 could allow a local user to obtain sensitive information by unmasking certain secure values in documents. IBM X-Force ID: 171248...

CVE-2019-4666

IBM UrbanCode Deploy UCD 7.0.3 and IBM UrbanCode Build 6.1.5 could allow a local user to obtain sensitive information by unmasking certain secure values in documents. IBM X-Force ID: 171248...

Code injection

IBM UrbanCode Deploy UCD 7.0.3 and IBM UrbanCode Build 6.1.5 could allow a local user to obtain sensitive information by unmasking certain secure values in documents. IBM X-Force ID: 171248...

CVE-2019-4666

IBM UrbanCode Deploy UCD 7.0.3 and IBM UrbanCode Build 6.1.5 could allow a local user to obtain sensitive information by unmasking certain secure values in documents. IBM X-Force ID: 171248...

chellow (>=2050.0.0 <=2243.0.0), dcicsnovault (>=2.0.0b0 <=2.0.0b11) +11 more potentially affected by CVE-2020-5236 via waitress (>=0.8.10 <=1.4.2)

waitress PYPI version =0.8.10, =2050.0.0, =2.0.0b0, =1.4.0, =17.4.0, =1.1.0.dev20170908, =1.3.7, =0.9.1, =1.0.3, =1.0.5 Source cves: CVE-2020-5236 Source advisory: OSV:PYSEC-2020-155...

Fedora: Security Advisory for ocsinventory-agent (FEDORA-2020-4c8a066b83)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

chellow (>=2050.0.0 <=2230.0.0), dcicsnovault (>=2.0.0b0 <=2.0.0b11) +11 more potentially affected by CVE-2019-16792 via waitress (>=0.8.10 <=1.3.1)

waitress PYPI version =0.8.10, =2050.0.0, =2.0.0b0, =1.4.0, =17.4.0, =1.1.0.dev20170908, =1.3.7, =0.9.1, =1.0.3, =1.0.4 Source cves: CVE-2019-16792 Source advisory: OSV:PYSEC-2020-178...

chellow (>=2050.0.0 <=2233.0.0), dcicsnovault (>=2.0.0b0 <=2.0.0b11) +11 more potentially affected by CVE-2019-16789 via waitress (>=0.8.10 <=1.4.1)

waitress PYPI version =0.8.10, =2050.0.0, =2.0.0b0, =1.4.0, =17.4.0, =1.1.0.dev20170908, =1.3.7, =0.9.1, =1.0.3, =1.0.5 Source cves: CVE-2019-16789 Source advisory: OSV:GHSA-968F-66R5-5V74...

chellow (>=2050.0.0 <=2231.0.0), dcicsnovault (>=2.0.0b0 <=2.0.0b11) +11 more potentially affected by unknown CVE via waitress (>=0.8.10 <=1.4.0)

waitress PYPI version =0.8.10, =2050.0.0, =2.0.0b0, =1.4.0, =17.4.0, =1.1.0.dev20170908, =1.3.7, =0.9.1, =1.0.3, =1.0.5 Source cves: unknown CVE Source advisory: OSV:GHSA-M5FF-3WJ3-8PH4...

chellow (>=2050.0.0 <=2230.0.0), dcicsnovault (>=2.0.0b0 <=2.0.0b11) +11 more potentially affected by CVE-2019-16786 via waitress (>=0.8.10 <=1.3.1)

waitress PYPI version =0.8.10, =2050.0.0, =2.0.0b0, =1.4.0, =17.4.0, =1.1.0.dev20170908, =1.3.7, =0.9.1, =1.0.3, =1.0.4 Source cves: CVE-2019-16786 Source advisory: OSV:GHSA-G2XC-35JW-C63P...

Security Bulletin: CSV Injection (CVE-2019-4490)

Summary Maliciously crafted data in UCD could generate a malicious csv download file, when opened with certain unpactched 3rd party tools. Vulnerability Details CVEID: CVE-2019-4490 DESCRIPTION: CVSS Base score: 7.8 CVSS Temporal Score: See:...

OpenJDK: Integer overflow in bounds check in SunGraphics2D (2D, 8225292)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: 2D. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

CVE-2019-19376

In Octopus Deploy before 2019.10.6, an authenticated user with TeamEdit permission could send a malformed Team API request that bypasses input validation and causes an application level denial of service condition. The fix for this was also backported to LTS 2019.9.8 and LTS 2019.6.14...

CVE-2019-19375

In Octopus Deploy before 2019.10.7, in a configuration where SSL offloading is enabled, the CSRF cookie was sometimes sent without the secure attribute. The fix for this was backported to LTS versions 2019.6.14 and 2019.9.8...

CVE-2019-19376

In Octopus Deploy before 2019.10.6, an authenticated user with TeamEdit permission could send a malformed Team API request that bypasses input validation and causes an application level denial of service condition. The fix for this was also backported to LTS 2019.9.8 and LTS 2019.6.14...

CVE-2019-19375

In Octopus Deploy before 2019.10.7, in a configuration where SSL offloading is enabled, the CSRF cookie was sometimes sent without the secure attribute. The fix for this was backported to LTS versions 2019.6.14 and 2019.9.8...

Input validation

In Octopus Deploy before 2019.10.6, an authenticated user with TeamEdit permission could send a malformed Team API request that bypasses input validation and causes an application level denial of service condition. The fix for this was also backported to LTS 2019.9.8 and LTS 2019.6.14...

Cross site request forgery (csrf)

In Octopus Deploy before 2019.10.7, in a configuration where SSL offloading is enabled, the CSRF cookie was sometimes sent without the secure attribute. The fix for this was backported to LTS versions 2019.6.14 and 2019.9.8...