|
247831
|
8.8 |
HIGH
Network
|
jenkins
|
jira
|
An improper authorization vulnerability exists in Jenkins Jira Plugin 3.0.1 and earlier in JiraSite.java that allows attackers with Overall/Read access to have Jenkins connect to an attacker-specifie…
|
CWE-863
Incorrect Authorization
|
CVE-2018-1000412
|
2024-11-21 12:40 |
2019-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247832
|
6.5 |
MEDIUM
Network
|
jenkins
|
junit
|
A cross-site request forgery vulnerability exists in Jenkins JUnit Plugin 1.25 and earlier in TestObject.java that allows setting the description of a test result.
|
CWE-352
Origin Validation Error
|
CVE-2018-1000411
|
2024-11-21 12:40 |
2019-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247833
|
7.8 |
HIGH
Local
|
jenkins
|
jenkins
|
An information exposure vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier, and the Stapler framework used by these releases, in core/src/main/java/org/kohsuke/stapler/Request…
|
CWE-200
Information Exposure
|
CVE-2018-1000410
|
2024-11-21 12:40 |
2019-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247834
|
5.4 |
MEDIUM
Network
|
jenkins
|
jenkins
|
A session fixation vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java that prevented Jenkins from invalid…
|
CWE-384
Session Fixation
|
CVE-2018-1000409
|
2024-11-21 12:40 |
2019-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247835
|
6.5 |
MEDIUM
Network
|
jenkins
|
jenkins
|
A denial of service vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java that allows attackers without Over…
|
NVD-CWE-noinfo
|
CVE-2018-1000408
|
2024-11-21 12:40 |
2019-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247836
|
6.1 |
MEDIUM
Network
|
jenkins
|
jenkins
|
A cross-site scripting vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/model/Api.java that allows attackers to specify URLs to Jenkins that res…
|
CWE-79
Cross-site Scripting
|
CVE-2018-1000407
|
2024-11-21 12:40 |
2019-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247837
|
7.5 |
HIGH
Network
|
frontaccounting
|
frontaccounting
|
FrontAccounting 2.4.5 contains a Time Based Blind SQL Injection vulnerability in the parameter "filterType" in /attachments.php that can allow the attacker to grab the entire database of the applicat…
|
CWE-89
SQL Injection
|
CVE-2018-1000890
|
2024-11-21 12:40 |
2018-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247838
|
8.8 |
HIGH
Network
|
logisim-evolution_project
|
logisim-evolution
|
Logisim Evolution version 2.14.3 and earlier contains an XML External Entity (XXE) vulnerability in Circuit file loading functionality (loadXmlFrom in src/com/cburch/logisim/file/XmlReader.java) that…
|
CWE-611
XXE
|
CVE-2018-1000889
|
2024-11-21 12:40 |
2018-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247839
|
4.8 |
MEDIUM
Network
|
peel
|
peel_shopping
|
Peel shopping peel-shopping_9_1_0 version contains a Cross Site Scripting (XSS) vulnerability that can result in an authenticated user injecting java script code in the "Site Name EN" parameter. This…
|
CWE-79
Cross-site Scripting
|
CVE-2018-1000887
|
2024-11-21 12:40 |
2018-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247840
|
9.8 |
CRITICAL
Network
|
battelle
|
v2i_hub
|
Battelle V2I Hub 3.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the tmx/TmxCtl/src/lib/PluginStatus.cpp and TmxControl::user_info() function, whi…
|
CWE-89
SQL Injection
|
CVE-2018-1000631
|
2024-11-21 12:40 |
2018-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
