Information disclosure

IBM UrbanCode Deploy UCD 7.0.5 could allow a user with special permissions to obtain sensitive information via generic processes. IBM X-Force ID: 175639...

CVE-2020-4260

IBM UrbanCode Deploy (UCD) 7.0.5 could allow a user with special permissions to obtain sensitive information via generic processes. Affected versions include UCD 6.2.7.3–4, 7.0.3–7.0.4.x, and all versions; the issue is described as secure properties being revealed through specially configured gen...

CVE-2020-4260

IBM UrbanCode Deploy UCD 7.0.5 could allow a user with special permissions to obtain sensitive information via generic processes. IBM X-Force ID: 175639...

Octopus Deploy elevation of privilege vulnerability (CNVD-2020-22263)

Octopus Deploy is an automation tool for .NET, Java and other application development and deployment from Octopus Deploy Australia. An elevation of privilege vulnerability exists in Octopus Deploy versions prior to 2020.1.5, which can be exploited by an attacker to elevate privileges...

CVE-2020-10678

In Octopus Deploy before 2020.1.5, for customers running on-premises Active Directory linked to their Octopus server, an authenticated user can leverage a bug to escalate privileges...

CVE-2020-10678

In Octopus Deploy before 2020.1.5, for customers running on-premises Active Directory linked to their Octopus server, an authenticated user can leverage a bug to escalate privileges...

Design/Logic Flaw

In Octopus Deploy before 2020.1.5, for customers running on-premises Active Directory linked to their Octopus server, an authenticated user can leverage a bug to escalate privileges...

CVE-2020-10678

In Octopus Deploy before 2020.1.5, for customers running on-premises Active Directory linked to their Octopus server, an authenticated user can leverage a bug to escalate privileges...

CVE-2020-10678

CVE-2020-10678 affects Octopus Deploy prior to 2020.1.5 when running with on-premises Active Directory linked to the Octopus server. The issue is an authenticated user privilege-escalation bug described across multiple sources (Red Hat, CNVD, NVD, etc.). The connected documents identify the affec...

CVE-2019-4666

IBM UrbanCode Deploy UCD 7.0.3 and IBM UrbanCode Build 6.1.5 could allow a local user to obtain sensitive information by unmasking certain secure values in documents. IBM X-Force ID: 171248...

CVE-2019-4666

IBM UrbanCode Deploy UCD 7.0.3 and IBM UrbanCode Build 6.1.5 could allow a local user to obtain sensitive information by unmasking certain secure values in documents. IBM X-Force ID: 171248...

Code injection

IBM UrbanCode Deploy UCD 7.0.3 and IBM UrbanCode Build 6.1.5 could allow a local user to obtain sensitive information by unmasking certain secure values in documents. IBM X-Force ID: 171248...

CVE-2019-4666

IBM UrbanCode Deploy UCD 7.0.3 and IBM UrbanCode Build 6.1.5 could allow a local user to obtain sensitive information by unmasking certain secure values in documents. IBM X-Force ID: 171248...

chellow (>=2050.0.0 <=2243.0.0), dcicsnovault (>=2.0.0b0 <=2.0.0b11) +11 more potentially affected by CVE-2020-5236 via waitress (>=0.8.10 <=1.4.2)

waitress PYPI version =0.8.10, =2050.0.0, =2.0.0b0, =1.4.0, =17.4.0, =1.1.0.dev20170908, =1.3.7, =0.9.1, =1.0.3, =1.0.5 Source cves: CVE-2020-5236 Source advisory: OSV:PYSEC-2020-155...

Fedora: Security Advisory for ocsinventory-agent (FEDORA-2020-4c8a066b83)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

chellow (>=2050.0.0 <=2230.0.0), dcicsnovault (>=2.0.0b0 <=2.0.0b11) +11 more potentially affected by CVE-2019-16792 via waitress (>=0.8.10 <=1.3.1)

waitress PYPI version =0.8.10, =2050.0.0, =2.0.0b0, =1.4.0, =17.4.0, =1.1.0.dev20170908, =1.3.7, =0.9.1, =1.0.3, =1.0.4 Source cves: CVE-2019-16792 Source advisory: OSV:PYSEC-2020-178...

chellow (>=2050.0.0 <=2233.0.0), dcicsnovault (>=2.0.0b0 <=2.0.0b11) +11 more potentially affected by CVE-2019-16789 via waitress (>=0.8.10 <=1.4.1)

waitress PYPI version =0.8.10, =2050.0.0, =2.0.0b0, =1.4.0, =17.4.0, =1.1.0.dev20170908, =1.3.7, =0.9.1, =1.0.3, =1.0.5 Source cves: CVE-2019-16789 Source advisory: OSV:GHSA-968F-66R5-5V74...

chellow (>=2050.0.0 <=2231.0.0), dcicsnovault (>=2.0.0b0 <=2.0.0b11) +11 more potentially affected by unknown CVE via waitress (>=0.8.10 <=1.4.0)

waitress PYPI version =0.8.10, =2050.0.0, =2.0.0b0, =1.4.0, =17.4.0, =1.1.0.dev20170908, =1.3.7, =0.9.1, =1.0.3, =1.0.5 Source cves: unknown CVE Source advisory: OSV:GHSA-M5FF-3WJ3-8PH4...

chellow (>=2050.0.0 <=2230.0.0), dcicsnovault (>=2.0.0b0 <=2.0.0b11) +11 more potentially affected by CVE-2019-16786 via waitress (>=0.8.10 <=1.3.1)

waitress PYPI version =0.8.10, =2050.0.0, =2.0.0b0, =1.4.0, =17.4.0, =1.1.0.dev20170908, =1.3.7, =0.9.1, =1.0.3, =1.0.4 Source cves: CVE-2019-16786 Source advisory: OSV:GHSA-G2XC-35JW-C63P...

Security Bulletin: CSV Injection (CVE-2019-4490)

Summary Maliciously crafted data in UCD could generate a malicious csv download file, when opened with certain unpactched 3rd party tools. Vulnerability Details CVEID: CVE-2019-4490 DESCRIPTION: CVSS Base score: 7.8 CVSS Temporal Score: See:...