|
248161
|
7.5 |
HIGH
Network
|
dovecot
debian
|
dovecot
debian_linux
|
Dovecot before version 2.2.29 is vulnerable to a denial of service. When 'dict' passdb and userdb were used for user authentication, the username sent by the IMAP/POP3 client was sent through var_exp…
|
CWE-20
Improper Input Validation
|
CVE-2017-2669
|
2024-11-21 12:23 |
2018-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248162
|
4.3 |
MEDIUM
Network
|
jenkins
|
jenkins
|
Jenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secrets vulnerable to unnecessary risks (SECURITY-304).
|
CWE-326
Inadequate Encryption Strength
|
CVE-2017-2598
|
2024-11-21 12:23 |
2018-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248163
|
7.8 |
HIGH
Local
|
hawt.io
|
hawtio
|
hawtio before version 1.5.5 is vulnerable to remote code execution via file upload. An attacker could use this vulnerability to upload a crafted file which could be executed on a target machine where…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2017-2617
|
2024-11-21 12:23 |
2018-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248164
|
4.3 |
MEDIUM
Network
|
jenkins
|
jenkins
|
jenkins before versions 2.44, 2.32.2 is vulnerable to an information disclosure vulnerability in search suggestions (SECURITY-385). The autocomplete feature on the search box discloses the names of t…
|
CWE-200
Information Exposure
|
CVE-2017-2609
|
2024-11-21 12:23 |
2018-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248165
|
5.4 |
MEDIUM
Network
|
jenkins
|
jenkins
|
jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting vulnerability in console notes (SECURITY-382). Jenkins allows plugins to annotate build logs, adding new content…
|
CWE-79
Cross-site Scripting
|
CVE-2017-2607
|
2024-11-21 12:23 |
2018-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248166
|
5.4 |
MEDIUM
Network
|
jenkins
|
jenkins
|
jenkins before versions 2.44, 2.32.2 is vulnerable to a user creation CSRF using GET by admins. While this user record was only retained until restart in most cases, administrators' web browsers coul…
|
CWE-352
Origin Validation Error
|
CVE-2017-2613
|
2024-11-21 12:23 |
2018-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248167
|
5.4 |
MEDIUM
Network
|
jenkins
|
jenkins
|
jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in search suggestions due to improperly escaping users with less-than and greater-than characters in their names…
|
CWE-79
Cross-site Scripting
|
CVE-2017-2610
|
2024-11-21 12:23 |
2018-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248168
|
4.3 |
MEDIUM
Network
|
jenkins
|
jenkins
|
In Jenkins before versions 2.44, 2.32.2 low privilege users were able to act on administrative monitors due to them not being consistently protected by permission checks (SECURITY-371).
|
CWE-287
Improper Authentication
|
CVE-2017-2604
|
2024-11-21 12:23 |
2018-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248169
|
3.5 |
LOW
Network
|
jenkins
|
jenkins
|
Jenkins before versions 2.44, 2.32.2 is vulnerable to a user data leak in disconnected agents' config.xml API. This could leak sensitive data such as API tokens (SECURITY-362).
|
CWE-200
Information Exposure
|
CVE-2017-2603
|
2024-11-21 12:23 |
2018-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248170
|
4.3 |
MEDIUM
Network
|
jenkins
|
jenkins
|
jenkins before versions 2.44, 2.32.2 is vulnerable to an improper blacklisting of the Pipeline metadata files in the agent-to-master security subsystem. This could allow metadata files to be written …
|
NVD-CWE-noinfo
|
CVE-2017-2602
|
2024-11-21 12:23 |
2018-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
