CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
201 CVE-2018-1000417 CSRF 2019-01-09 2019-01-14
0.0
None ??? ??? ??? ??? ??? ???
A cross-site request forgery vulnerability exists in Jenkins Email Extension Template Plugin 1.0 and earlier in ExtEmailTemplateManagement.java that allows creating or removing templates.
202 CVE-2018-1000415 XSS 2019-01-09 2019-01-14
0.0
None ??? ??? ??? ??? ??? ???
A cross-site scripting vulnerability exists in Jenkins Rebuilder Plugin 1.28 and earlier in RebuildAction/BooleanParameterValue.jelly, RebuildAction/ExtendedChoiceParameterValue.jelly, RebuildAction/FileParameterValue.jelly, RebuildAction/LabelParameterValue.jelly, RebuildAction/ListSubversionTagsParameterValue.jelly, RebuildAction/MavenMetadataParameterValue.jelly, RebuildAction/NodeParameterValue.jelly, RebuildAction/PasswordParameterValue.jelly, RebuildAction/RandomStringParameterValue.jelly, RebuildAction/RunParameterValue.jelly, RebuildAction/StringParameterValue.jelly, RebuildAction/TextParameterValue.jelly, RebuildAction/ValidatingStringParameterValue.jelly that allows users with Job/Configuration permission to insert arbitrary HTML into rebuild forms.
203 CVE-2018-1000414 CSRF 2019-01-09 2019-01-14
0.0
None ??? ??? ??? ??? ??? ???
A cross-site request forgery vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in ConfigFilesManagement.java, FolderConfigFileAction.java that allows creating and editing configuration file definitions.
204 CVE-2018-1000412 2019-01-09 2019-01-14
0.0
None ??? ??? ??? ??? ??? ???
An improper authorization vulnerability exists in Jenkins Jira Plugin 3.0.1 and earlier in JiraSite.java that allows attackers with Overall/Read access to have Jenkins connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
205 CVE-2018-1000411 CSRF 2019-01-09 2019-01-14
0.0
None ??? ??? ??? ??? ??? ???
A cross-site request forgery vulnerability exists in Jenkins JUnit Plugin 1.25 and earlier in TestObject.java that allows setting the description of a test result.
206 CVE-2018-1000410 +Info 2019-01-09 2019-01-14
0.0
None ??? ??? ??? ??? ??? ???
An information exposure vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier, and the Stapler framework used by these releases, in core/src/main/java/org/kohsuke/stapler/RequestImpl.java, core/src/main/java/hudson/model/Descriptor.java that allows attackers with Overall/Administer permission or access to the local file system to obtain credentials entered by users if the form submission could not be successfully processed.
207 CVE-2018-1000409 2019-01-09 2019-01-14
0.0
None ??? ??? ??? ??? ??? ???
A session fixation vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java that prevented Jenkins from invalidating the existing session and creating a new one when a user signed up for a new user account.
208 CVE-2018-1000408 DoS 2019-01-09 2019-01-14
0.0
None ??? ??? ??? ??? ??? ???
A denial of service vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java that allows attackers without Overall/Read permission to access a specific URL on instances using the built-in Jenkins user database security realm that results in the creation of an ephemeral user record in memory.
209 CVE-2018-1000407 XSS 2019-01-09 2019-01-14
0.0
None ??? ??? ??? ??? ??? ???
A cross-site scripting vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/model/Api.java that allows attackers to specify URLs to Jenkins that result in rendering arbitrary attacker-controlled HTML by Jenkins.
210 CVE-2018-1000406 Dir. Trav. 2019-01-09 2019-01-14
0.0
None ??? ??? ??? ??? ??? ???
A path traversal vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java that allows attackers with Job/Configure permission to define a file parameter with a file name outside the intended directory, resulting in an arbitrary file write on the Jenkins master when scheduling a build.
211 CVE-2018-1000128 Exec Code Overflow 2018-03-13 2018-03-13
0.0
None ??? ??? ??? ??? ??? ???
GPAC MP4Box version prior to commit 90dc7f853d31b0a4e9441cba97feccf36d8b69a4 contains a Buffer Overflow vulnerability in src/media_tools/av_parsers.c, lines 2387-2388: https://github.com/gpac/gpac/blob/84c4e606a1f906cd4b07ad94d19cea2b668f64ad/src/media_tools/av_parsers.c#L2387-L2388 that can result in may allow an attacker to achieve remote code execution. This attack appear to be exploitable via The victim must open a specially crafted MP4 file. This vulnerability appears to have been fixed in after commit 90dc7f853d31b0a4e9441cba97feccf36d8b69a4.
212 CVE-2018-1000016 XSS 2018-01-23 2018-01-23
0.0
None ??? ??? ??? ??? ??? ???
Jenkins Ant Plugin 1.7 and earlier failed to escape tool names it shows on job configuration screens, resulting in a cross-site scripting vulnerability that is exploitable only by Jenkins administrators.
213 CVE-2018-20735 2019-01-17 2019-01-17
0.0
None ??? ??? ??? ??? ??? ???
** DISPUTED ** An issue was discovered in BMC PATROL Agent through 11.3.01. It was found that the PatrolCli application can allow for lateral movement and escalation of privilege inside a Windows Active Directory environment. It was found that by default the PatrolCli / PATROL Agent application only verifies if the password provided for the given username is correct; it does not verify the permissions of the user on the network. This means if you have PATROL Agent installed on a high value target (domain controller), you can use a low privileged domain user to authenticate with PatrolCli and then connect to the domain controller and run commands as SYSTEM. This means any user on a domain can escalate to domain admin through PATROL Agent. NOTE: the vendor disputes this because they believe it is adequate to prevent this escalation by means of a custom, non-default configuration.
214 CVE-2018-20733 2019-01-16 2019-01-16
0.0
None ??? ??? ??? ??? ??? ???
BI Web Services in SAS Web Infrastructure Platform before 9.4M6 allows XXE.
215 CVE-2018-20732 Exec Code 2019-01-16 2019-01-16
0.0
None ??? ??? ??? ??? ??? ???
SAS Web Infrastructure Platform before 9.4M6 allows remote attackers to execute arbitrary code via a Java deserialization variant.
216 CVE-2018-20731 XSS 2019-01-16 2019-01-16
0.0
None ??? ??? ??? ??? ??? ???
A stored cross site scripting (XSS) vulnerability in NeDi before 1.7Cp3 allows remote attackers to inject arbitrary web script or HTML via User-Chat.php.
217 CVE-2018-20730 Exec Code Sql 2019-01-16 2019-01-16
0.0
None ??? ??? ??? ??? ??? ???
A SQL injection vulnerability in NeDi before 1.7Cp3 allows any user to execute arbitrary SQL read commands via the query.php component.
218 CVE-2018-20729 XSS 2019-01-16 2019-01-16
0.0
None ??? ??? ??? ??? ??? ???
A reflected cross site scripting (XSS) vulnerability in NeDi before 1.7Cp3 allows remote attackers to inject arbitrary web script or HTML via the reg parameter in mh.php.
219 CVE-2018-20728 CSRF 2019-01-16 2019-01-16
0.0
None ??? ??? ??? ??? ??? ???
A cross site request forgery (CSRF) vulnerability in NeDi before 1.7Cp3 allows remote attackers to escalate privileges via User-Management.php.
220 CVE-2018-20727 Exec Code 2019-01-16 2019-01-16
0.0
None ??? ??? ??? ??? ??? ???
Multiple command injection vulnerabilities in NeDi before 1.7Cp3 allow authenticated users to execute code on the server side via the flt parameter to Nodes-Traffic.php, the dv parameter to Devices-Graph.php, or the tit parameter to drawmap.php.
221 CVE-2018-20721 2019-01-16 2019-01-16
0.0
None ??? ??? ??? ??? ??? ???
URI_FUNC() in UriParse.c in uriparser before 0.9.1 has an out-of-bounds read (in uriParse*Ex* functions) for an incomplete URI with an IPv6 address containing an embedded IPv4 address, such as a "//[::44.1" address.
222 CVE-2018-20720 DoS 2019-01-15 2019-01-18
0.0
None ??? ??? ??? ??? ??? ???
ABB Relion 630 devices 1.1 before 1.1.0.C0, 1.2 before 1.2.0.B3, and 1.3 before 1.3.0.A6 allow remote attackers to cause a denial of service (reboot) via a reboot command in an SPA message.
223 CVE-2018-20718 2019-01-15 2019-01-15
0.0
None ??? ??? ??? ??? ??? ???
In Pydio before 8.2.2, an attack is possible via PHP Object Injection because a user is allowed to use the $phpserial$a:0:{} syntax to store a preference. An attacker either needs a "public link" of a file, or access to any unprivileged user account for creation of such a link.
224 CVE-2018-20717 Exec Code +Priv 2019-01-15 2019-01-15
0.0
None ??? ??? ??? ??? ??? ???
In the orders section of PrestaShop before 1.7.2.5, an attack is possible after gaining access to a target store with a user role with the rights of at least a Salesman or higher privileges. The attacker can then inject arbitrary PHP objects into the process and abuse an object chain in order to gain Remote Code Execution. This occurs because protection against serialized objects looks for a 0: followed by an integer, but does not consider 0:+ followed by an integer.
225 CVE-2018-20716 Sql 2019-01-15 2019-01-15
0.0
None ??? ??? ??? ??? ??? ???
CubeCart before 6.1.13 has SQL Injection via the validate[] parameter of the "I forgot my Password!" feature.
226 CVE-2018-20715 Sql 2019-01-15 2019-01-15
0.0
None ??? ??? ??? ??? ??? ???
The DB abstraction layer of OXID eSales 4.10.6 is vulnerable to SQL injection via the oxid or synchoxid parameter to the oxConfig::getRequestParameter() method in core/oxconfig.php.
227 CVE-2018-20714 2019-01-15 2019-01-15
0.0
None ??? ??? ??? ??? ??? ???
The logging system of the Automattic WooCommerce plugin before 3.4.6 for WordPress is vulnerable to a File Deletion vulnerability. This allows deletion of woocommerce.php, which leads to certain privilege checks not being in place, and therefore a shop manager can escalate privileges to admin.
228 CVE-2018-20712 2019-01-14 2019-01-16
0.0
None ??? ??? ??? ??? ??? ???
A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt.
229 CVE-2018-20699 DoS 2019-01-11 2019-01-11
0.0
None ??? ??? ??? ??? ??? ???
Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption) via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go.
230 CVE-2018-20685 Bypass 2019-01-10 2019-01-12
0.0
None ??? ??? ??? ??? ??? ???
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename.
231 CVE-2018-20684 2019-01-10 2019-01-12
0.0
None ??? ??? ??? ??? ??? ???
In WinSCP before 5.14 beta, due to missing validation, the scp implementation would accept arbitrary files sent by the server, potentially overwriting unrelated files. This affects TSCPFileSystem::SCPSink in core/ScpFileSystem.cpp.
232 CVE-2018-20683 2019-01-09 2019-01-09
0.0
None ??? ??? ??? ??? ??? ???
commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsync, mishandles the rsync command line, which allows attackers to have a "bad" impact by triggering use of an option other than -v, -n, -q, or -P.
233 CVE-2018-20682 XSS 2019-01-09 2019-01-09
0.0
None ??? ??? ??? ??? ??? ???
Fork CMS 5.0.6 allows stored XSS via the private/en/settings facebook_admin_ids parameter (aka "Admin ids" input in the Facebook section).
234 CVE-2018-20681 2019-01-09 2019-01-09
0.0
None ??? ??? ??? ??? ??? ???
mate-screensaver before 1.20.2 in MATE Desktop Environment allows physically proximate attackers to view screen content and possibly control applications. By unplugging and re-plugging or power-cycling external output devices (such as additionally attached graphical outputs via HDMI, VGA, DVI, etc.) the content of a screensaver-locked session can be revealed. In some scenarios, the attacker can execute applications, such as by clicking with a mouse.
235 CVE-2018-20675 Bypass 2019-01-08 2019-01-08
0.0
None ??? ??? ??? ??? ??? ???
D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authentication bypass.
236 CVE-2018-20674 Exec Code 2019-01-08 2019-01-08
0.0
None ??? ??? ??? ??? ??? ???
D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authenticated remote command execution.
237 CVE-2018-20659 2019-01-02 2019-01-02
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in Bento4 1.5.1-627. The AP4_StcoAtom class in Core/Ap4StcoAtom.cpp has an attempted excessive memory allocation when called from AP4_AtomFactory::CreateAtomFromStream in Core/Ap4AtomFactory.cpp, as demonstrated by mp42hls.
238 CVE-2018-20658 DoS 2019-01-02 2019-01-02
0.0
None ??? ??? ??? ??? ??? ???
The server in Core FTP 2.0 build 653 on 32-bit platforms allows remote attackers to cause a denial of service (daemon crash) via a crafted XRMD command.
239 CVE-2018-20657 DoS 2019-01-02 2019-01-04
0.0
None ??? ??? ??? ??? ??? ???
The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.
240 CVE-2018-20614 2018-12-30 2018-12-30
0.0
None ??? ??? ??? ??? ??? ???
public\install\install.php in CIM 0.9.3 allows remote attackers to reload the product via the public/install/#/step3 URI.
241 CVE-2018-20596 2018-12-30 2018-12-30
0.0
None ??? ??? ??? ??? ??? ???
Jspxcms v9.0.0 allows SSRF.
242 CVE-2018-20578 2018-12-28 2018-12-28
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in NuttX before 7.27. The function netlib_parsehttpurl() in apps/netutils/netlib/netlib_parsehttpurl.c mishandles URLs longer than hostlen bytes (in the webclient, this is set by default to 40), leading to an Infinite Loop. The attack vector is the Location header of an HTTP 3xx response.
243 CVE-2018-20577 CSRF 2018-12-28 2018-12-28
0.0
None ??? ??? ??? ??? ??? ???
Orange Livebox 00.96.320S devices allow cgi-bin/restore.exe, cgi-bin/firewall_SPI.exe, cgi-bin/setup_remote_mgmt.exe, cgi-bin/setup_pass.exe, and cgi-bin/upgradep.exe CSRF. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2.
244 CVE-2018-20576 CSRF 2018-12-28 2018-12-28
0.0
None ??? ??? ??? ??? ??? ???
Orange Livebox 00.96.320S devices allow cgi-bin/autodialing.exe and cgi-bin/phone_test.exe CSRF, leading to arbitrary outbound telephone calls to an attacker-specified telephone number. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2.
245 CVE-2018-20575 2018-12-28 2018-12-28
0.0
None ??? ??? ??? ??? ??? ???
Orange Livebox 00.96.320S devices have an undocumented /system_firmwarel.stm URI for manual firmware update. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2.
246 CVE-2018-20568 Sql Bypass 2018-12-28 2018-12-28
0.0
None ??? ??? ??? ??? ??? ???
Administrator/index.php in Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 allows SQL injection for authentication bypass.
247 CVE-2018-20519 2018-12-27 2018-12-27
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in 74cms v4.2.111. It allows remote authenticated users to read or modify arbitrary resumes by changing a job-search intention, as demonstrated by the index.php?c=Personal&a=ajax_save_basic pid parameter.
248 CVE-2018-20511 +Info 2018-12-27 2018-12-29
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in the Linux kernel before 4.18.11. The ipddp_ioctl function in drivers/net/appletalk/ipddp.c allows local users to obtain sensitive kernel address information by leveraging CAP_NET_ADMIN to read the ipddp_route dev and next fields via an SIOCFINDIPDDPRT ioctl call.
249 CVE-2018-20502 2018-12-26 2018-12-26
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in Bento4 1.5.1-627. There is an attempt at excessive memory allocation in the AP4_DataBuffer class when called from AP4_HvccAtom::Create in Core/Ap4HvccAtom.cpp.
250 CVE-2018-20483 +Info 2018-12-26 2019-01-01
0.0
None ??? ??? ??? ??? ??? ???
set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on the behavior of fwrite_xattr in tool_xattr.c in curl.
Total number of vulnerabilities : 1203   Page : 1 2 3 4 5 (This Page)6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.