Total
6016 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-1010152 | 1 Zzcms | 1 Zzcms | 2024-11-21 | N/A |
| zzcms 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: getshell. The component is: user/manage.php line 31-80. | ||||
| CVE-2019-1010150 | 1 Zzcms | 1 Zzcms | 2024-11-21 | N/A |
| zzcms 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: getshell. The component is: /user/zssave.php. | ||||
| CVE-2019-1010149 | 1 Zzcms | 1 Zzcms | 2024-11-21 | N/A |
| zzcms version 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: zzcms File Delete to Code Execution. The component is: user/licence_save.php. | ||||
| CVE-2019-1010066 | 1 Llnl | 1 Model Specific Registers-safe | 2024-11-21 | N/A |
| Lawrence Livermore National Laboratory msr-safe v1.1.0 is affected by: Incorrect Access Control. The impact is: An attacker could modify model specific registers. The component is: ioctl handling. The attack vector is: An attacker could exploit a bug in ioctl interface whitelist checking, in order to write to model specific registers, normally a function reserved for the root user. The fixed version is: v1.2.0. | ||||
| CVE-2019-1003099 | 1 Jenkins | 1 Openid | 2024-11-21 | 6.5 Medium |
| A missing permission check in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpl#doValidate form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | ||||
| CVE-2019-1003093 | 1 Jenkins | 1 Nomad | 2024-11-21 | 6.5 Medium |
| A missing permission check in Jenkins Nomad Plugin in the NomadCloud.DescriptorImpl#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | ||||
| CVE-2019-1003091 | 1 Jenkins | 1 Soasta Cloudtest | 2024-11-21 | 6.5 Medium |
| A missing permission check in Jenkins SOASTA CloudTest Plugin in the CloudTestServer.DescriptorImpl#doValidate form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | ||||
| CVE-2019-1003087 | 1 Jenkins | 1 Chef Sinatra | 2024-11-21 | 6.5 Medium |
| A missing permission check in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpl#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | ||||
| CVE-2019-1003085 | 1 Jenkins | 1 Zephyr Enterprise Test Management | 2024-11-21 | 6.5 Medium |
| A missing permission check in Jenkins Zephyr Enterprise Test Management Plugin in the ZeeDescriptor#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | ||||
| CVE-2019-1003083 | 1 Jenkins | 1 Gearman | 2024-11-21 | 6.5 Medium |
| A missing permission check in Jenkins Gearman Plugin in the GearmanPluginConfig#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | ||||
| CVE-2019-1003081 | 1 Jenkins | 1 Openshift Deployer | 2024-11-21 | 6.5 Medium |
| A missing permission check in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptor#doCheckLogin form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | ||||
| CVE-2019-1003079 | 1 Jenkins | 1 Vmware Lab Manager Slaves | 2024-11-21 | 6.5 Medium |
| A missing permission check in Jenkins VMware Lab Manager Slaves Plugin in the LabManager.DescriptorImpl#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | ||||
| CVE-2019-1003077 | 1 Jenkins | 1 Audit To Database | 2024-11-21 | 6.5 Medium |
| A missing permission check in Jenkins Audit to Database Plugin in the DbAuditPublisherDescriptorImpl#doTestJdbcConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | ||||
| CVE-2019-1003059 | 1 Jenkins | 1 Ftp Publisher | 2024-11-21 | 6.5 Medium |
| A missing permission check in Jenkins FTP publisher Plugin in the FTPPublisher.DescriptorImpl#doLoginCheck method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | ||||
| CVE-2019-1003047 | 1 Jenkins | 1 Fortify On Demand Uploader | 2024-11-21 | 6.5 Medium |
| A missing permission check in Jenkins Fortify on Demand Uploader Plugin 3.0.10 and earlier allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | ||||
| CVE-2019-1003043 | 1 Jenkins | 1 Slack Notification | 2024-11-21 | 7.5 High |
| A missing permission check in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2019-1003037 | 1 Jenkins | 1 Azure Vm Agents | 2024-11-21 | 6.5 Medium |
| An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMCloud.java that allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | ||||
| CVE-2019-1003036 | 1 Jenkins | 1 Azure Vm Agents | 2024-11-21 | 4.3 Medium |
| A data modification vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgent.java that allows attackers with Overall/Read permission to attach a public IP address to an Azure VM agent. | ||||
| CVE-2019-1003035 | 1 Jenkins | 1 Azure Vm Agents | 2024-11-21 | 4.3 Medium |
| An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgentTemplate.java, src/main/java/com/microsoft/azure/vmagent/AzureVMCloud.java that allows attackers with Overall/Read permission to perform the 'verify configuration' form validation action, thereby obtaining limited information about the Azure configuration. | ||||
| CVE-2019-1003025 | 1 Jenkins | 1 Cloud Foundry | 2024-11-21 | 8.8 High |
| A exposure of sensitive information vulnerability exists in Jenkins Cloud Foundry Plugin 2.3.1 and earlier in AbstractCloudFoundryPushDescriptor.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||