34 matches found
EUVD-2013-1469
Malware in sbrugna...
EUVD-2022-3556
Malicious code in bioql PyPI...
CVE-2019-10288
Jenkins Jabber Server Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
SUSE CVE-2015-2058
c2s/c2s.c in Jabber Open Source Server 2.3.2 and earlier truncates data without ensuring it remains valid UTF-8, which allows remote authenticated users to read system memory or possibly have other unspecified impact via a crafted JID...
Jenkins Jabber Server Plugin stores credentials in plain text
Jenkins Jabber Server Plugin stores credentials unencrypted in its global configuration file de.enexus.jabber.JabberBuilder.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system...
GHSA-CC7J-XX7Q-FR34 Jenkins Jabber Server Plugin stores credentials in plain text
Jenkins Jabber Server Plugin stores credentials unencrypted in its global configuration file de.enexus.jabber.JabberBuilder.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system...
CloudBees Jenkins Jabber Server Plugin Trust Management Issue Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version of the release/testing project and some timed tasks . Jabber Server Plugin is used in one of...
CVE-2019-10288
Jenkins Jabber Server Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
Design/Logic Flaw
Jenkins Jabber Server Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
CVE-2019-10288
Affected software: Jenkins Jabber Server Plugin. Vulnerability: Credentials are stored unencrypted in the plugin’s global configuration file on the Jenkins master/controller (e.g., de.e_nexus.jabber.JabberBuilder.xml), which can be read by anyone with file-system access to the Jenkins controller....
CVE-2019-10288
Jenkins Jabber Server Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
CVE-2019-10288
Jenkins Jabber Server Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
PT-2019-11690 · Jenkins · Jenkins Jabber Server Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins Jabber Server Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within the global configuration file on the Jenkins master or controller. Specifically, credentia...
Prosody Denial of Service Vulnerability (CNVD-2018-09317)
Prosody is a set of Jabber/XMPP communication server software written in Lua. A security vulnerability exists in Prosody versions prior to 0.10.0. A remote attacker could exploit this vulnerability to cause a denial of service crash...
CVE-2015-2058
c2s/c2s.c in Jabber Open Source Server 2.3.2 and earlier truncates data without ensuring it remains valid UTF-8, which allows remote authenticated users to read system memory or possibly have other unspecified impact via a crafted JID...
[SECURITY] [DLA 277-1] libidn security update
Package : libidn Version : 1.15-2+deb6u1 CVE ID : CVE-2015-2059 Thijs Alkemade discovered that the Jabber server may pass an invalid UTF-8 string to libidn, the GNU library for Internationalized Domain Names IDNs. In the case of the Jabber server, this results in information disclosure, and it is...
DLA-277-1 libidn - security update
Bulletin has no description...
Jabber Server 2.0 - Multiple Remote Buffer Overflow Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/11741/info Multiple remote buffer overflow vulnerabilities affect the Jabber Server. These issues are due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into...
CVE-2013-1431
The Wocky module in Telepathy Gabble before 0.16.6 and 0.17.x before 0.17.4, when connecting to a "legacy Jabber server," does not properly enforce the WockyConnector:tls-required flag, which allows remote attackers to bypass TLS verification and perform a man-in-the-middle attacks...
Mac OS X 10.8 < 10.8.3 Multiple Vulnerabilities (Security Update 2013-001)
Binary data 6717.prm...