CVE-2018-1000068 CVSS:0.0
An improper input validation vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to access plugin resource files in the META-INF and WEB-INF directories that should not be accessible, if the Jenkins home directory is on a case-insensitive file system. (Last Update:2018-02-15) (Publish Update:2018-02-15)
CVE-2018-1000067 CVSS:0.0
An improper authorization vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to have Jenkins submit HTTP GET requests and get limited information about the response. (Last Update:2018-02-15) (Publish Update:2018-02-15)
CVE-2018-1000062 CVSS:0.0
WonderCMS version 2.4.0 contains a Stored Cross-Site Scripting on File Upload through SVG vulnerability in uploadFileAction(), 'svg' => 'image/svg+xml' that can result in An attacker can execute arbitrary script on an unsuspecting user's browser. This attack appear to be exploitable via Crafted SVG File. (Last Update:2018-02-09) (Publish Update:2018-02-09)
CVE-2018-1000061 CVSS:0.0
ARM mbedTLS version development branch, 2.7.0 and earlier contains a CWE-670, Incorrect condition control flow leading to incorrect return, leading to data loss vulnerability in ssl_write_real(), library/ssl_tls.c:7142 that can result in Leads to data loss, can be escalated to DoS and authorization bypass in application protocols. This attack appear to be exploitable via network connectivity. (Last Update:2018-02-09) (Publish Update:2018-02-09)
CVE-2018-1000060 CVSS:0.0
Sensu, Inc. Sensu Core version Before 1.2.0 & before commit 46ff10023e8cbf1b6978838f47c51b20b98fe30b contains a CWE-522 vulnerability in Sensu::Utilities.redact_sensitive() that can result in sensitive configuration data (e.g. passwords) may be logged in clear-text. This attack appear to be exploitable via victims with configuration matching a specific pattern will observe sensitive data outputted in their service log files. This vulnerability appears to have been fixed in 1.2.1 and later, after commit 46ff10023e8cbf1b6978838f47c51b20b98fe30b. (Last Update:2018-02-09) (Publish Update:2018-02-09)
CVE-2018-1000059 CVSS:0.0
ValidFormBuilder version 4.5.4 contains a PHP Object Injection vulnerability in Valid Form unserialize method that can result in Possible to execute unauthorised system commands remotely and disclose file contents in file system. (Last Update:2018-02-09) (Publish Update:2018-02-09)
CVE-2018-1000058 CVSS:0.0
Jenkins Pipeline: Supporting APIs Plugin 2.17 and earlier have an arbitrary code execution due to incomplete sandbox protection: Methods related to Java deserialization like readResolve implemented in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary code. This could be exploited e.g. by regular Jenkins users with the permission to configure Pipelines in Jenkins, or by trusted committers to repositories containing Jenkinsfiles. (Last Update:2018-02-16) (Publish Update:2018-02-09)
CVE-2018-1000057 CVSS:0.0
Jenkins Credentials Binding Plugin 1.14 and earlier masks passwords it provides to build processes in their build logs. Jenkins however transforms provided password values, e.g. replacing environment variable references, which could result in values different from but similar to configured passwords being provided to the build. Those values are not subject to masking, and could allow unauthorized users to recover the original password. (Last Update:2018-02-09) (Publish Update:2018-02-09)
CVE-2018-1000056 CVSS:0.0
Jenkins JUnit Plugin 1.23 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks. (Last Update:2018-02-09) (Publish Update:2018-02-09)
CVE-2018-1000055 CVSS:0.0
Jenkins Android Lint Plugin 2.5 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks. (Last Update:2018-02-09) (Publish Update:2018-02-09)
CVE-2018-1000054 CVSS:0.0
Jenkins CCM Plugin 3.1 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks. (Last Update:2018-02-09) (Publish Update:2018-02-09)
CVE-2018-1000053 CVSS:0.0
LimeSurvey version 3.0.0-beta.3+17110 contains a Cross ite Request Forgery (CSRF) vulnerability in Theme Uninstallation that can result in CSRF causing LimeSurvey admins to delete all their themes, rendering the website unusable. This attack appear to be exploitable via Simple HTML markup can be used to send a GET request to the affected endpoint. (Last Update:2018-02-09) (Publish Update:2018-02-09)
CVE-2018-1000052 CVSS:0.0
fmtlib version prior to version 4.1.0 (before commit 0555cea5fc0bf890afe0071a558e44625a34ba85) contains a Memory corruption (SIGSEGV), CWE-134 vulnerability in fmt::print() library function that can result in Denial of Service. This attack appear to be exploitable via Specifying an invalid format specifier in the fmt::print() function results in a SIGSEGV (memory corruption, invalid write). This vulnerability appears to have been fixed in after commit 8cf30aa2be256eba07bb1cefb998c52326e846e7. (Last Update:2018-02-09) (Publish Update:2018-02-09)
CVE-2018-1000051 CVSS:0.0
Artifex Mupdf version 1.12.0 contains a Use After Free vulnerability in fz_keep_key_storable that can result in DOS / Possible code execution. This attack appear to be exploitable via Victim opens a specially crafted PDF. (Last Update:2018-02-09) (Publish Update:2018-02-09)
CVE-2018-1000050 CVSS:0.0
Sean Barrett stb_vorbis version 1.12 and earlier contains a Buffer Overflow vulnerability in All vorbis decoding paths. that can result in memory corruption, denial of service, comprised execution of host program. This attack appear to be exploitable via Victim must open a specially crafted Ogg Vorbis file. This vulnerability appears to have been fixed in 1.13. (Last Update:2018-02-09) (Publish Update:2018-02-09)
CVE-2018-1000049 CVSS:0.0
nanopool Claymore Dual Miner version 7.3 and earlier contains a Remote Code Execution vulnerability in API that can result in RCE by abusing the remote manager API. This attack appear to be exploitable via The victim must run the miner with read/write mode enabled. (Last Update:2018-02-09) (Publish Update:2018-02-09)
CVE-2018-1000048 CVSS:0.0
NASA RtRetrievalFramework version v1.0 contains a CWE-502 vulnerability in Data retrieval functionality of RtRetrieval framework that can result in remote code execution. This attack appear to be exploitable via Victim tries to retrieve and process a weather data file. (Last Update:2018-02-09) (Publish Update:2018-02-09)
CVE-2018-1000047 CVSS:0.0
NASA Kodiak version v1.0 contains a CWE-502 vulnerability in Kodiak library's data processing function that can result in remote code execution. This attack appear to be exploitable via Victim opens an untrusted file for optimization using Kodiak library. (Last Update:2018-02-09) (Publish Update:2018-02-09)
CVE-2018-1000046 CVSS:0.0
NASA Pyblock version v1.0 - v1.3 contains a CWE-502 vulnerability in Radar data parsing library that can result in remote code execution. This attack appear to be exploitable via Victim opening a specially crafted radar data file. This vulnerability appears to have been fixed in v1.4. (Last Update:2018-02-09) (Publish Update:2018-02-09)
CVE-2018-1000045 CVSS:0.0
NASA Singledop version v1.0 contains a CWE-502 vulnerability in NASA Singledop library (Weather data) that can result in remote code execution. This attack appear to be exploitable via Victim opening a specially crafted radar data file. This vulnerability appears to have been fixed in v1.1. (Last Update:2018-02-09) (Publish Update:2018-02-09)
Click here for a complete list of security vulnerabilities. This vulnerability list widget is provided by www.cvedetails.com