|
258481
|
7.8 |
HIGH
Local
|
jenkins
|
build-publisher
|
Jenkins Build-Publisher plugin version 1.21 and earlier stores credentials to other Jenkins instances in the file hudson.plugins.build_publisher.BuildPublisher.xml in the Jenkins master home director…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2017-1000387
|
2024-11-21 12:04 |
2018-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258482
|
5.4 |
MEDIUM
Network
|
jenkins
|
active_choices
|
Jenkins Active Choices plugin version 1.5.3 and earlier allowed users with Job/Configure permission to provide arbitrary HTML to be shown on the 'Build With Parameters' page through the 'Active Choic…
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000386
|
2024-11-21 12:04 |
2018-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258483
|
6.5 |
MEDIUM
Network
|
jenkins
|
script_security
|
In Jenkins Script Security Plugin version 1.36 and earlier, users with the ability to configure sandboxed Groovy scripts are able to use a type coercion feature in Groovy to create new `File` objects…
|
CWE-200
Information Exposure
|
CVE-2017-1000505
|
2024-11-21 12:04 |
2018-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258484
|
7.5 |
HIGH
Network
|
impulseadventure
|
jpegsnoop
|
ImpulseAdventure JPEGsnoop version 1.7.5 is vulnerable to a division by zero in the JFIF decode handling resulting denial of service.
|
CWE-369
Divide By Zero
|
CVE-2017-1000414
|
2024-11-21 12:04 |
2018-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258485
|
8.1 |
HIGH
Network
|
jenkins
|
jenkins
|
A race condition during Jenkins 2.94 and earlier; 2.89.1 and earlier startup could result in the wrong order of execution of commands during initialization. There is a very short window of time after…
|
CWE-352
Origin Validation Error
|
CVE-2017-1000504
|
2024-11-21 12:04 |
2018-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258486
|
8.1 |
HIGH
Network
|
jenkins
|
jenkins
|
A race condition during Jenkins 2.81 through 2.94 (inclusive); 2.89.1 startup could result in the wrong order of execution of commands during initialization. This could in rare cases result in failur…
|
CWE-362
Race Condition
|
CVE-2017-1000503
|
2024-11-21 12:04 |
2018-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258487
|
8.8 |
HIGH
Network
|
jenkins
|
ec2
|
Users with permission to create or configure agents in Jenkins 1.37 and earlier could configure an EC2 agent to run arbitrary shell commands on the master node whenever the agent was supposed to be l…
|
CWE-78
OS Command
|
CVE-2017-1000502
|
2024-11-21 12:04 |
2018-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258488
|
9.8 |
CRITICAL
Network
|
vehicle_sales_management_system_project
|
vehicle_sales_management_system
|
Soyket Chowdhury Vehicle Sales Management System version 2017-07-30 is vulnerable to multiple SQL Injecting in login/vehicle.php, login/profile.php, login/Actions.php, login/manage_employee.php, and …
|
CWE-89
SQL Injection
|
CVE-2017-1000474
|
2024-11-21 12:04 |
2018-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258489
|
7.8 |
HIGH
Local
|
freesshd
|
freesshd
|
FreeSSHd 1.3.1 version is vulnerable to an Unquoted Path Service allowing local users to launch processes with elevated privileges.
|
CWE-428
Unquoted Search Path or Element
|
CVE-2017-1000475
|
2024-11-21 12:04 |
2018-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258490
|
5.3 |
MEDIUM
Network
|
matrixssl
|
matrixssl
|
MatrixSSL version 3.7.2 adopts a collision-prone OID comparison logic resulting in possible spoofing of OIDs (e.g. in ExtKeyUsage extension) on X.509 certificates.
|
CWE-295
Improper Certificate Validation
|
CVE-2017-1000417
|
2024-11-21 12:04 |
2018-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
