Security Bulletin: AGENT RELAY CODESTATION.KEYSTORE.PASSWORD STORED IN PLAIN TEXT

Summary A manually edited AGENT RELAY CODESTATION.KEYSTORE.PASSWORD stored in plain text is not encrypted upon restart. Vulnerability Details CVEID: CVE-2020-4884 DESCRIPTION: IBM UrbanCode Deploy UCD stores user credentials in plain in clear text which can be read by a local user. CVSS Base scor...

Security Bulletin: As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them

Summary As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. This primarily affects the usage of the agent's bundled ANTHOME libraries. Vulnerability Details CVEID: CVE-2020-11979...

Security Bulletin: Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE

Summary Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ dot dot backslash in a response to a recursive GET command. Vulnerability Details CVEID: CVE-2016-5725...

CVE-2020-4944

IBM UrbanCode Deploy UCD 7.0.3.0, 7.0.4.0, 7.0.5.3, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2, stores keystore passwords in plain text after a manual edit, which can be read by a local user. IBM X-Force ID: 191944...

Apache Tomcat <= 5.5.25 CSRF Vulnerability - Linux

Apache Tomcat is prone to a cross-site request forgery CSRF vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is...

Nagios XI Dashboard Tools Cross-Site Scripting (CVE-2020-27989)

A stored cross-site scripting vulnerability exists in Nagios XI. The vulnerability is due to insufficient validation of user inputs when processing requests for Deploy Dashboards feature...

CVE-2021-21270

OctopusDSC is a PowerShell module with DSC resources that can be used to install and configure an Octopus Deploy Server and Tentacle agent. In OctopusDSC version 4.0.977 and earlier a customer API key used to connect to Octopus Server is exposed via logging in plaintext. This vulnerability is...

Design/Logic Flaw

OctopusDSC is a PowerShell module with DSC resources that can be used to install and configure an Octopus Deploy Server and Tentacle agent. In OctopusDSC version 4.0.977 and earlier a customer API key used to connect to Octopus Server is exposed via logging in plaintext. This vulnerability is...

Octopus DSC Security Breach

Octopus DSC is a PowerShell module with DSC resources that can be used to install and configure Octopus Deploy servers and reach agents. A security vulnerability exists in Octopus DSC version 4.0.977 and earlier, which stems from a vulnerability that allows client API keys used to connect to the...

CVE-2020-26830

SAP Solution Manager 7.2 User Experience Monitoring, version - 7.2, does not perform necessary authorization checks for an authenticated user. Due to inadequate access control, a network attacker authenticated as a regular user can use operations which should be restricted to administrators. Thes...

Security Bulletin: CVE-2020-26217 XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream.

Summary CVE-2020-26217 XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Vulnerability Details CVEID: CVE-2020-26217 DESCRIPTION: XStream could allow a...

Security update for ceph (moderate)

openSUSE Security Update: Security update for ceph Announcement ID: openSUSE-SU-2020:2082-1 Rating: moderate References: 1163764 1170200 1170498 1173079 1174466 1174529 1174644 1175120 1175161 1175169 1176451 1176499 1176638 1177078 1177151 1177319 1177344 1177450 1177643 1177676 1177843 1177933...

Security Bulletin: CVE-2019-17638 jetty double-release of a byte buffer

Summary In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. When this happens, the ByteBuffer containing the HTTP response headers is released back to the ByteBufferPool twice. Because of...

Security Bulletin: CVE-2019-10173CVE-2019-10173 xstream API If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands

Summary CVE-2019-10173 xstream API If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands Vulnerability Details CVEID: CVE-2019-10173 DESCRIPTION: xstream API could allow a remote attacker to execute arbitrary commands on the system,...

Nagios XI Cross-Site Scripting Vulnerability (CNVD-2020-63972)

Nagios XI is a commercial monitoring solution built on Nagios Core, including dashboards, web-based configuration, advanced reporting and rich data visualization. A cross-site scripting vulnerability exists in the Deploy tool Add Proxy in Nagios XI versions prior to 5.7.5. No details of the...

Nagios XI 跨站脚本漏洞

Nagios XI is a commercial monitoring solution built on Nagios Core, including dashboards, web-based configuration, advanced reporting and rich data visualization. A cross-site scripting vulnerability exists in the Deploy tool Add Proxy in Nagios XI versions prior to 5.7.5. No details of the...

IBM UrbanCode Deploy Information Disclosure Vulnerability (CNVD-2020-63485)

IBM UrbanCode Deploy UCD is a set of application automation deployment tools from IBM in the United States. The tool is based on an application deployment automation management information model, and through remote agent technology, to realize the complex application in different environments, su...

IBM UrbanCode Deploy Security Bypass Vulnerability (CNVD-2020-63484)

IBM UrbanCode Deploy UCD is a set of application automation deployment tools from IBM in the United States. The tool is based on an application deployment automation management information model, and through remote agent technology, to realize the complex application in different environments, su...

IBM UrbanCode Deploy Information Disclosure Vulnerability (CNVD-2020-63486)

IBM UrbanCode Deploy UCD is a set of application automation deployment tools from IBM in the United States. The tool is based on an application deployment automation management information model, and through remote agent technology, to realize the complex application in different environments, su...

CVE-2020-4483

IBM UrbanCode Deploy UCD 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181857...