21 matches found
CVE-2022-28944
Certain EMCO Software products are affected by: CWE-494: Download of Code Without Integrity Check. This affects MSI Package Builder for Windows 9.1.4 and Remote Installer for Windows 6.0.13 and Ping Monitor for Windows 8.0.18 and Remote Shutdown for Windows 7.2.2 and WakeOnLan 2.0.8 and Network...
Malicious code in tachyon-package-builder (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ae18148f1b8cced6389ea598fe00fb1d3c44c754a460765e64c6e02c5c1a0c18 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-6408 Malicious code in tachyon-package-builder (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ae18148f1b8cced6389ea598fe00fb1d3c44c754a460765e64c6e02c5c1a0c18 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
GHSA-64JR-GGW8-H9JC Credentials stored in plain text by debian-package-builder Plugin
debian-package-builder Plugin 1.6.11 and earlier stores a GPG passphrase unencrypted in its global configuration file ru.yandex.jenkins.plugins.debuilder.DebianPackageBuilder.xml on the Jenkins controller. This credential can be viewed by users with access to the Jenkins controller file system...
Credentials stored in plain text by debian-package-builder Plugin
debian-package-builder Plugin 1.6.11 and earlier stores a GPG passphrase unencrypted in its global configuration file ru.yandex.jenkins.plugins.debuilder.DebianPackageBuilder.xml on the Jenkins controller. This credential can be viewed by users with access to the Jenkins controller file system...
CVE-2022-28944
Certain EMCO Software products are affected by: CWE-494: Download of Code Without Integrity Check. This affects MSI Package Builder for Windows 9.1.4 and Remote Installer for Windows 6.0.13 and Ping Monitor for Windows 8.0.18 and Remote Shutdown for Windows 7.2.2 and WakeOnLan 2.0.8 and Network...
Remote code execution
Certain EMCO Software products are affected by: CWE-494: Download of Code Without Integrity Check. This affects MSI Package Builder for Windows 9.1.4 and Remote Installer for Windows 6.0.13 and Ping Monitor for Windows 8.0.18 and Remote Shutdown for Windows 7.2.2 and WakeOnLan 2.0.8 and Network...
多款EMCO Software产品安全漏洞
EMCO Software EMCO MSI Package Builder for Windows is a product of EMCO Software Iceland. EMCO Software EMCO MSI Package Builder for Windows is a software tool for creating Windows Installer packages. EMCO Software EMCO MSI Package Builder for Windows is a software tool for creating Windows...
Exploit for Download of Code Without Integrity Check in Emcosoftware Msi_Package_Builder
CVE-2022-28944 EMCO Software Multiple Products Unauthenticat...
Jenkins Enterprise and Operations Center < 2.277.43.0.5 / 2.319.2.5 Multiple Vulnerabilities (CloudBees Security Advisory 2022-01-12)
The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.277.x prior to 2.277.43.0.5, or 2.x prior to 2.319.2.5. It is, therefore, affected by a multiple vulnerabilities, including the following: - Jenkins Docker Commons Plugin 1.17 and earlier does not...
CVE-2022-23118
Jenkins Debian Package Builder Plugin 1.6.11 and earlier implements functionality that allows agents to invoke command-line git at an attacker-specified path on the controller, allowing attackers able to control agent processes to invoke arbitrary OS commands on the controller...
CVE-2022-23118
Jenkins Debian Package Builder Plugin 1.6.11 and earlier implements functionality that allows agents to invoke command-line git at an attacker-specified path on the controller, allowing attackers able to control agent processes to invoke arbitrary OS commands on the controller...
Command injection
Jenkins Debian Package Builder Plugin 1.6.11 and earlier implements functionality that allows agents to invoke command-line git at an attacker-specified path on the controller, allowing attackers able to control agent processes to invoke arbitrary OS commands on the controller...
CVE-2022-23118
Jenkins Debian Package Builder Plugin 1.6.11 and earlier implements functionality that allows agents to invoke command-line git at an attacker-specified path on the controller, allowing attackers able to control agent processes to invoke arbitrary OS commands on the controller...
CVE-2022-23118
CVE-2022-23118 affects the Jenkins Debian Package Builder Plugin, version 1.6.11 and earlier. The vulnerability arises because the plugin allows agents to invoke the command-line git at an attacker-specified path on the Jenkins controller, enabling attackers who control agent processes to execute...
Jenkins Debian Package Builder Plugin 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
Unspecified Vulnerability in CloudBees Jenkins Debian Package Builder Plugin
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . A security vulnerability exists in the CloudBees Jenkins Debian Package Builder plugin, which can be exploited by an attacker to gain access to the user view of t...
CVE-2020-2125
Jenkins Debian Package Builder Plugin 1.6.11 and earlier stores a GPG passphrase unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system...
CVE-2020-2125
The CVE-2020-2125 issue affects Jenkins Debian Package Builder Plugin versions 1.6.11 and earlier. The vulnerability is that the plugin stores a GPG passphrase unencrypted in its global configuration file on the Jenkins master/controller, specifically ru.yandex.jenkins.plugins.debuilder.DebianPac...
PT-2020-15333 · Jenkins · Jenkins Debian Package Builder Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Debian Package Builder Plugin versions 1.6.11 and earlier Description: The issue concerns the storage of a GPG passphrase in an unencrypted manner within the global configuration file on the Jenkins master or controller. This file can...