Jenkins OpenID Connect Provider Plugin Incorrectly Validates Crafted Build ID Tokens

In Jenkins OpenID Connect Provider Plugin 96.vee8ed882ec4d and earlier the generation of build ID Tokens uses potentially overridden values of environment variables, in conjunction with certain other plugins allowing attackers able to configure jobs to craft a build ID Token that impersonates a...

Design/Logic Flaw

Multiple untrusted search path vulnerabilities in Cisco Unified Communications Manager CUCM 7.1x through 9.11a allow local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCuh73454...

CVE-2013-3434

Untrusted search path vulnerability in Cisco Unified Communications Manager CUCM 7.1x through 9.11a allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCui02242...