|
248451
|
7.5 |
HIGH
Network
|
roundcube
|
webmail
|
roundcube version 1.3.4 and earlier contains an Insecure Permissions vulnerability in enigma plugin that can result in exfiltration of gpg private key. This attack appear to be exploitable via networ…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-1000071
|
2024-11-21 12:39 |
2018-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248452
|
5.5 |
MEDIUM
Local
|
freeplane
debian
|
freeplane
debian_linux
|
FreePlane version 1.5.9 and earlier contains a XML External Entity (XXE) vulnerability in XML Parser in mindmap loader that can result in stealing data from victim's machine. This attack appears to r…
|
CWE-611
XXE
|
CVE-2018-1000069
|
2024-11-21 12:39 |
2018-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248453
|
8.8 |
HIGH
Network
|
bitmessage
|
pybitmessage
|
Bitmessage PyBitmessage version v0.6.2 (and introduced in or after commit 8ce72d8d2d25973b7064b1cf76a6b0b3d62f0ba0) contains a Eval injection vulnerability in main program, file src/messagetypes/__in…
|
CWE-94
Code Injection
|
CVE-2018-1000070
|
2024-11-21 12:39 |
2018-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248454
|
4.3 |
MEDIUM
Network
|
jenkins
|
promoted_builds
|
An improper authorization vulnerability exists in Jenkins Promoted Builds Plugin 2.31.1 and earlier in Status.java and ManualCondition.java that allow an attacker with read access to jobs to perform …
|
CWE-863
Incorrect Authorization
|
CVE-2018-1000114
|
2024-11-21 12:39 |
2018-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248455
|
5.4 |
MEDIUM
Network
|
jenkins
|
testlink
|
A cross-site scripting vulnerability exists in Jenkins TestLink Plugin 2.12 and earlier in TestLinkBuildAction/summary.jelly and others that allow an attacker who can control e.g. TestLink report nam…
|
CWE-79
Cross-site Scripting
|
CVE-2018-1000113
|
2024-11-21 12:39 |
2018-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248456
|
5.3 |
MEDIUM
Network
|
jenkins
|
mercurial
|
An improper authorization vulnerability exists in Jenkins Mercurial Plugin version 2.2 and earlier in MercurialStatus.java that allows an attacker with network access to obtain a list of nodes and us…
|
CWE-863
Incorrect Authorization
|
CVE-2018-1000112
|
2024-11-21 12:39 |
2018-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248457
|
5.3 |
MEDIUM
Network
|
jenkins
|
subversion
|
An improper authorization vulnerability exists in Jenkins Subversion Plugin version 2.10.2 and earlier in SubversionStatus.java and SubversionRepositoryStatus.java that allows an attacker with networ…
|
CWE-863
Incorrect Authorization
|
CVE-2018-1000111
|
2024-11-21 12:39 |
2018-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248458
|
5.3 |
MEDIUM
Network
|
jenkins
|
git
|
An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users.
|
CWE-863
Incorrect Authorization
|
CVE-2018-1000110
|
2024-11-21 12:39 |
2018-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248459
|
4.3 |
MEDIUM
Network
|
jenkins
|
google-play-android-publisher
|
An improper authorization vulnerability exists in Jenkins Google Play Android Publisher Plugin version 1.6 and earlier in GooglePlayBuildStepDescriptor.java that allow an attacker to obtain credentia…
|
CWE-863
Incorrect Authorization
|
CVE-2018-1000109
|
2024-11-21 12:39 |
2018-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248460
|
6.1 |
MEDIUM
Network
|
jenkins
|
cppncss
|
A cross-site scripting vulnerability exists in Jenkins CppNCSS Plugin 1.1 and earlier in AbstractProjectAction/index.jelly that allow an attacker to craft links to Jenkins URLs that run arbitrary Jav…
|
CWE-79
Cross-site Scripting
|
CVE-2018-1000108
|
2024-11-21 12:39 |
2018-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
