| Page(s) : 1 ... 6 7 8 9 10 11 12 13 14 15 [16] 17 18 19 20 21 22 23 24 25 26 ... | Result(s) : 148964 |
Alerts
| Date | Name | Categories | Detail | |
|---|---|---|---|---|
| 4 | 2019-07-11 | CVE-2019-10347 | cve | Jenkins Mashup Portlets Plugin stored credentials unencrypted on the Jenkins master where they can be viewed by users with access to the master file system. |
| 4.3 | 2019-07-11 | CVE-2019-10346 | cve | A reflected cross site scripting vulnerability in Jenkins Embeddable Build Status Plugin 2.0.1 and earlier allowed attackers inject arbitrary HTML and JavaScript into the respon... |
| N/A | 2019-07-11 | CVE-2019-10342 | cve | A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in various 'fillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate c... |
| 4 | 2019-07-11 | CVE-2019-10341 | cve | A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attack... |
| 6.8 | 2019-07-11 | CVE-2019-10340 | cve | A cross-site request forgery vulnerability in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpl#doTestConnection allowed users with Overall/Read access to conn... |
| N/A | 2019-07-11 | CVE-2018-11744 | cve | Cloudera Manager through 5.15 has Incorrect Access Control. |
| 4.3 | 2019-07-11 | CVE-2019-13505 | cve | The Appointment Hour Booking plugin 1.1.44 for WordPress allows XSS via the E-mail field, as demonstrated by email_1. |
| N/A | 2019-07-11 | CVE-2019-12838 | cve | SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL Injection. |
| 3.5 | 2019-07-11 | CVE-2019-1010003 | cve | Leanote prior to version 2.6 is affected by: Cross Site Scripting (XSS). |
| 4.3 | 2019-07-10 | CVE-2019-13504 | cve | There is an out-of-bounds read in Exiv2::MrwImage::readMetadata in mrwimage.cpp in Exiv2 through 0.27.2. |
| 5 | 2019-07-10 | CVE-2019-13503 | cve | mq_parse_http in mongoose.c in Mongoose 6.15 has a heap-based buffer over-read. |
| 9 | 2019-07-10 | CVE-2019-5446 | cve | Command Injection in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to execute commands as root. |
| 4 | 2019-07-10 | CVE-2019-5445 | cve | DoS in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to Crash the SSH CLI interface by using crafted commands. |
| 5 | 2019-07-10 | CVE-2019-5444 | cve | Path traversal vulnerability in version up to v1.1.3 in serve-here.js npm module allows attackers to list any file in arbitrary folder. |
| 7.5 | 2019-07-10 | CVE-2019-13489 | cve | Trape through 2019-05-08 has SQL injection via the data[2] variable in core/db.py, as demonstrated by the /bs t parameter. |
| 4.3 | 2019-07-10 | CVE-2019-13488 | cve | A cross-site scripting (XSS) vulnerability in static/js/trape.js in Trape through 2019-05-08 allows remote attackers to inject arbitrary web script or HTML via the country, quer... |
| 10 | 2019-07-10 | CVE-2019-13482 | cve | An issue was discovered on D-Link DIR-818LW devices with firmware 2.06betab01. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters i... |
| 9 | 2019-07-10 | CVE-2019-13481 | cve | An issue was discovered on D-Link DIR-818LW devices with firmware 2.06betab01. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters i... |
| N/A | 2019-07-10 | CVE-2019-13381 | cve | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. ... |
| N/A | 2019-07-10 | CVE-2019-12804 | cve | In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, due to the lack of update file integrity checking in the upgrade process, an attacker can craft malicious file an... |
| Page(s) : 1 ... 6 7 8 9 10 11 12 13 14 15 [16] 17 18 19 20 21 22 23 24 25 26 ... | Result(s) : 148964 |
