Security Bulletin: Vulnerability in SSLv3 affects IBM UrbanCode Deploy (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in IBM UrbanCode Deploy. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follo...

Security Bulletin: Exposed Keystores in IBM UrbanCode Deploy

Summary The 6.1.0.2 release of IBM UrbanCode Deploy may expose secret keystores to a user with access to the correct page. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow this link for more information requires login with...

Security Bulletin: Apache Tomcat Vulnerabilities in IBM UrbanCode Deploy (CVE-2014-0075,CVE-2014-0095,CVE-2014-0096,CVE-2014-0099,CVE-2014-0119)

Summary Previous releases of IBM UrbanCode Deploy are affected by vulnerabilities in Apache Tomcat that may allow remote attackers to influence the availability of the server or obtain sensitive information. Vulnerability Details | Subscribe to My Notifications to be notified of important product...

Security Bulletin: Apache Tomcat and FileUpload Vulnerabilities in IBM UrbanCode Deploy (CVE-2014-0050, CVE-2013-4286, CVE-2014-0033, CVE-2013-4322, CVE-2013-4590)

Summary Previous releases of IBM UrbanCode Deploy are affected by vulnerabilities in Apache Tomcat and FileUpload that may allow remote attackers to influence the availability of the server or obtain sensitive information. Vulnerability Details | Subscribe to My Notifications to be notified of...

Octopus Deploy Information Disclosure Vulnerability (CNVD-2018-11359)

Octopus Deploy is an automation tool for the development and deployment of .NET, Java and other applications from Octopus Deploy Australia. A security vulnerability exists in Octopus Deploy versions 2018.5.1 through 2018.5.7. An attacker could use the vulnerability to view passwords...

Design/Logic Flaw

In Octopus Deploy version 2018.5.1 to 2018.5.7, a user with Task View is able to view a password for a Service Fabric Cluster, when the Service Fabric Cluster target is configured in Azure Active Directory security mode and a deployment is executed with OctopusPrintVariables set to True. This is...

CVE-2018-12089

In Octopus Deploy version 2018.5.1 to 2018.5.7, a user with Task View is able to view a password for a Service Fabric Cluster, when the Service Fabric Cluster target is configured in Azure Active Directory security mode and a deployment is executed with OctopusPrintVariables set to True. This is...

CVE-2018-12089

In Octopus Deploy version 2018.5.1 to 2018.5.7, a user with Task View is able to view a password for a Service Fabric Cluster, when the Service Fabric Cluster target is configured in Azure Active Directory security mode and a deployment is executed with OctopusPrintVariables set to True. This is...

CVE-2018-12089

In Octopus Deploy versions 2018.5.1–2018.5.7 , a user with Task View could view a Service Fabric Cluster password when the cluster target is configured in Azure Active Directory security mode and a deployment is executed with OctopusPrintVariables set to True. Root cause: potential disclosure due...

Arbitrary Code Execution Through Object Deserialization

kubernetes-deploy is vulnerable to arbitrary code execution through object deserialization. The vulnerability exists due to the usage of the unsafe YAML.loadfile to read yaml files, allowing object deserialization to occur causing the code execution flaw...

CVE-2018-18850

creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/octopusdeploydeploy.rb 2025-10-23 21:12:58+00:00| seen| MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7...

IBM UrbanCode Deploy Information Disclosure Vulnerability (CNVD-2018-10455)

IBM UrbanCode Deploy UCD is a set of application automation deployment tools from IBM in the United States. The tool is based on an application deployment automation management information model, and through remote agent technology, to realize the complex application in different environments, su...

Gitlab -- multiple vulnerabilities

GitLab reports: Removing public deploy keys regression Users can update their password without entering current password Persistent XSS - Selecting users as allowed merge request approvers Persistent XSS - Multiple locations of user selection drop downs include directive in .gitlab-ci.yml allows...

CVE-2017-1752

IBM UrbanCode Deploy 6.1 and 6.2 could allow an authenticated privileged user to obtain highly sensitive information. IBM X-Force ID: 135547...

Code injection

IBM UrbanCode Deploy 6.1 and 6.2 could allow an authenticated privileged user to obtain highly sensitive information. IBM X-Force ID: 135547...

CVE-2017-1752

IBM UrbanCode Deploy 6.1 and 6.2 could allow an authenticated privileged user to obtain highly sensitive information. IBM X-Force ID: 135547...

CVE-2017-1752

IBM UrbanCode Deploy 6.1 and 6.2 could allow an authenticated privileged user to obtain highly sensitive information. IBM X-Force ID: 135547...

CVE-2017-1752

CVE-2017-1752 affects IBM UrbanCode Deploy 6.1 (up to 6.1.3.8) and 6.2 (up to 6.2.7.0). The issue allows an authenticated privileged user to obtain highly sensitive information due to improper access controls in the deployment tool. Affected versions: IBM UrbanCode Deploy 6.1.x and 6.2.x. The rem...

Octopus Deploy Information Disclosure Vulnerability (CNVD-2018-10600)

Octopus Deploy is an automation tool from Octopus Deploy Australia for development and deployment of . A security vulnerability exists in Octopus Deploy versions 2018.4.4 through 2018.5.1, which stems from the program's failure to obfuscate sensitive Octopus variables in the deployment log. An...

CVE-2018-11320

In Octopus Deploy 2018.4.4 through 2018.5.1, Octopus variables that are sourced from the target do not have sensitive values obfuscated in the deployment logs...