CyberSecurityBoard
Sponsor Register Login

CVE-2025-0142

Medium Zoom Plugin 1.3 and earlier stores Zoom integration tokens unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These tokens can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. Zoom Plugin 1.4 stores Zoom integration tokens encrypted once job configurations are saved again.

This Cyber News was published on www.tenable.com. Publication date: Wed, 22 Jan 2025 22:56:02 +0000


Cyber News related to CVE-2025-0142

CISA Releases 20 ICS Advisories Detailing Vulnerabilities & Exploits - Vulnerabilities in the SIPROTEC 5 series include Cleartext storage of sensitive information (CVE-2024-53651), which has a CVSS v3 base score of 4.6. Mitigation involves firmware updates and restricting network access. This SCADA management software ...
1 week ago Cybersecuritynews.com
Palo Alto Networks tags new firewall bug as exploited in attacks - Palo Alto Networks warns that a file read vulnerability (CVE-2025-0111) is now being chained in attacks with two other flaws (CVE-2025-0108 with CVE-2024-9474) to breach PAN-OS firewalls in active attacks. "Palo Alto Networks has observed exploit ...
4 days ago Bleepingcomputer.com
Palo Alto Networks Warns Hackers Combining Vulnerabilities to Compromise Firewalls - Palo Alto Networks has issued urgent warnings as cybersecurity researchers observe threat actors exploiting a combination of vulnerabilities in PAN-OS, the operating system powering its next-generation firewalls. By combining these vulnerabilities, ...
4 days ago Cybersecuritynews.com
Microsoft fixes bug causing Windows Server 2025 boot errors - In November, Redmond addressed another series of bugs that were triggering install, upgrade, and Blue Screen of Death (BSOD) issues on Windows Server 2025 devices with a high core count, and one month later, a known issue causing boot failures on ...
1 week ago Bleepingcomputer.com
CVE-2025-0142 - Medium Zoom Plugin 1.3 and earlier stores Zoom integration tokens unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These tokens can be viewed by users with Item/Extended Read permission or access to the ...
1 month ago Tenable.com
PostgreSQL flaw exploited as zero-day in BeyondTrust breach - Rapid7 security researchers have also identified a method to exploit CVE-2025-1094 for remote code execution in vulnerable BeyondTrust Remote Support (RS) systems independently of the CVE-2024-12356 argument injection vulnerability. Rapid7's tests ...
1 week ago Bleepingcomputer.com
CISA flags Craft CMS code injection flaw as exploited in attacks - The CVE-2025-23209 vulnerability only becomes an issue if an attacker has already obtained this security key, which opens the way to decrypt sensitive data, generate fake authentication tokens, or inject and execute malicious code remotely. The flaw ...
2 days ago Bleepingcomputer.com
Google Released PoC Exploit for Palo Alto Firewall Command Injection Vulnerability - Google’s Project Zero and Mandiant cybersecurity teams have jointly published a proof-of-concept (PoC) exploit for a high-severity command injection vulnerability in Palo Alto Networks’ PAN-OS OpenConfig plugin. Tracked as CVE-2025-0110, the flaw ...
2 days ago Cybersecuritynews.com
CVE-2008-0142 - Multiple SQL injection vulnerabilities in WebPortal CMS 0.6-beta allow remote attackers to execute arbitrary SQL commands via the user_name parameter to actions.php, and unspecified other vectors. ...
7 years ago
CVE-2001-0142 - squid 2.3 and earlier allows local users to overwrite arbitrary files via a symlink attack in some configurations. ...
7 years ago
CVE-2005-0142 - Firefox 0.9, Thunderbird 0.6 and other versions before 0.9, and Mozilla 1.7 before 1.7.5 save temporary files with world-readable permissions, which allows local users to read certain web content or attachments that belong to other users, e.g. ...
7 years ago
CVE-2012-0142 - Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2008 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute ...
6 years ago
CVE-2016-0142 - Video Control in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8.1, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to execute arbitrary code via a crafted web page, aka "Microsoft Video Control Remote Code ...
6 years ago
CVE-2007-0142 - SQL injection vulnerability in orange.asp in ShopStoreNow E-commerce Shopping Cart allows remote attackers to execute arbitrary SQL commands via the CatID parameter. ...
6 years ago
CVE-2020-0142 - In rw_i93_sm_format of rw_i93.c, there is a possible information disclosure due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for ...
3 years ago
CVE-2003-0142 - Adobe Acrobat Reader (acroread) 6, under certain circumstances when running with the "Certified plug-ins only" option disabled, loads plug-ins with signatures used for older versions of Acrobat, which can allow attackers to cause Acrobat to ...
16 years ago
CVE-2010-0142 - MeetingTime in Cisco Unified MeetingPlace 6 before MR5, and possibly 5, allows remote authenticated users to gain privileges via a modified authentication sequence, aka Bug ID CSCsv66530. Per: ...
15 years ago
CVE-2009-0142 - Race condition in AFP Server in Apple Mac OS X 10.5.6 allows local users to cause a denial of service (infinite loop) via unspecified vectors related to "file enumeration logic." ...
13 years ago
CVE-2013-0142 - QNAP VioStor NVR devices with firmware 4.0.3, and the Surveillance Station Pro component in QNAP NAS, have a hardcoded guest account, which allows remote attackers to obtain web-server login access via unspecified vectors. ...
11 years ago
CVE-2019-0142 - Insufficient access control in ilp60x64.sys driver for Intel(R) Ethernet 700 Series Controllers before version 1.33.0.0 may allow a privileged user to potentially enable escalation of privilege via local access. ...
3 years ago
CVE-2022-0142 - The Visual Form Builder WordPress plugin before 3.0.8 is vulnerable to CSV injection allowing a user with low level or no privileges to inject a command that will be included in the exported CSV file, leading to possible code execution. ...
2 years ago
CVE-1999-0142 - The Java Applet Security Manager implementation in Netscape Navigator 2.0 and Java Developer's Kit 1.0 allows an applet to connect to arbitrary hosts. ...
2 years ago
CVE-2000-0142 - The authentication protocol in Timbuktu Pro 2.0b650 allows remote attackers to cause a denial of service via connections to port 407 and 1417. ...
2 years ago
CVE-2014-0142 - QEMU, possibly before 2.0.0, allows local users to cause a denial of service (divide-by-zero error and crash) via a zero value in the (1) tracks field to the seek_to_sector function in block/parallels.c or (2) extent_size field in the bochs function ...
1 year ago
CVE-2004-0142 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2004. Notes: none ...
55 years ago Tenable.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)