A vulnerability in how Cisco Firepower Threat Defense (FTD) Software handles session timeouts for management connections could allow an unauthenticated, remote attacker to cause a buildup of remote management connections to an affected device,...
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and obtain...
A vulnerability in the management access list configuration of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured management interface access list on an affected system. The...
A vulnerability in the generic routing encapsulation (GRE) tunnel decapsulation feature of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an...
Multiple vulnerabilities in the web-based GUI of Cisco AsyncOS Software for Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerabilities...
A vulnerability in the Kerberos authentication feature of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to impersonate the Kerberos key distribution center (KDC) and bypass authentication on an affected...
Jenkins SCM Filter Jervis Plugin 0.2.1 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. Date published : 2020-05-06 https://jenkins.io/security/advisory/2020-05-06/#SECURITY-1826 http://www.openwall.com/lists/oss-security/2020/05/06/3
A missing permission check in Jenkins Amazon EC2 Plugin 1.50.1 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. Date published : 2020-05-06 https://jenkins.io/security/advisory/2020-05-06/#SECURITY-1844...
Jenkins Amazon EC2 Plugin 1.50.1 and earlier unconditionally accepts self-signed certificates and does not perform hostname validation, enabling man-in-the-middle attacks. Date published : 2020-05-06 https://jenkins.io/security/advisory/2020-05-06/#SECURITY-1528 http://www.openwall.com/lists/oss-security/2020/05/06/3
A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.50.1 and earlier allows attackers to provision instances. Date published : 2020-05-06 https://jenkins.io/security/advisory/2020-05-06/#SECURITY-1408 http://www.openwall.com/lists/oss-security/2020/05/06/3
Jenkins Amazon EC2 Plugin 1.50.1 and earlier does not validate SSH host keys when connecting agents, enabling man-in-the-middle attacks. Date published : 2020-05-06 https://jenkins.io/security/advisory/2020-05-06/#SECURITY-381 http://www.openwall.com/lists/oss-security/2020/05/06/3
A cross-site request forgery vulnerability in Jenkins CVS Plugin 2.15 and earlier allows attackers to create and manipulate tags, and to connect to an attacker-specified URL. Date published : 2020-05-06 https://jenkins.io/security/advisory/2020-05-06/#SECURITY-1094 http://www.openwall.com/lists/oss-security/2020/05/06/3
Jenkins Copy Artifact Plugin 1.43.1 and earlier performs improper permission checks, allowing attackers to copy artifacts from jobs they have no permission to access. Date published : 2020-05-06 https://jenkins.io/security/advisory/2020-05-06/#SECURITY-988 http://www.openwall.com/lists/oss-security/2020/05/06/3
Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets containing a `$` character in some circumstances. Date published : 2020-05-06 https://jenkins.io/security/advisory/2020-05-06/#SECURITY-1835 http://www.openwall.com/lists/oss-security/2020/05/06/3