|
250181
|
9.1 |
CRITICAL
Network
|
haxx
debian
canonical
|
libcurl
debian_linux
ubuntu_linux
|
libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported (https://github.com/curl/curl/pull/2231) that reading an HTTP/2 trailer could mess…
|
CWE-125
Out-of-bounds Read
|
CVE-2018-1000005
|
2024-11-21 12:39 |
2018-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250182
|
7.8 |
HIGH
Local
|
ovirt
|
ovirt-hosted-engine-setup
|
An information disclosure in ovirt-hosted-engine-setup prior to 2.2.7 reveals the root user's password in the log file.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2018-1000018
|
2024-11-21 12:39 |
2018-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250183
|
4.8 |
MEDIUM
Network
|
jenkins
|
pipeline_nodes_and_processes
|
On Jenkins instances with Authorize Project plugin, the authentication associated with a build may lack the Computer/Build permission on some agents. This did not prevent the execution of Pipeline `n…
|
CWE-862
Missing Authorization
|
CVE-2018-1000015
|
2024-11-21 12:39 |
2018-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250184
|
8.8 |
HIGH
Network
|
jenkins
|
translation_assistance
|
Jenkins Translation Assistance Plugin 1.15 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to override localized strings di…
|
CWE-352
Origin Validation Error
|
CVE-2018-1000014
|
2024-11-21 12:39 |
2018-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250185
|
8.8 |
HIGH
Network
|
jenkins
|
release
|
Jenkins Release Plugin 2.9 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to trigger release builds.
|
CWE-352
Origin Validation Error
|
CVE-2018-1000013
|
2024-11-21 12:39 |
2018-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250186
|
8.8 |
HIGH
Network
|
jenkins
|
warnings
|
Jenkins Warnings Plugin 4.64 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from t…
|
CWE-611
XXE
|
CVE-2018-1000012
|
2024-11-21 12:39 |
2018-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250187
|
8.8 |
HIGH
Network
|
jenkins
|
findbugs
|
Jenkins FindBugs Plugin 4.71 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from t…
|
CWE-611
XXE
|
CVE-2018-1000011
|
2024-11-21 12:39 |
2018-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250188
|
8.8 |
HIGH
Network
|
jenkins
|
dry
|
Jenkins DRY Plugin 2.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Je…
|
CWE-611
XXE
|
CVE-2018-1000010
|
2024-11-21 12:39 |
2018-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250189
|
8.8 |
HIGH
Network
|
jenkins
|
checkstyle
|
Jenkins Checkstyle Plugin 3.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from…
|
CWE-611
XXE
|
CVE-2018-1000009
|
2024-11-21 12:39 |
2018-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250190
|
8.8 |
HIGH
Network
|
jenkins
|
pmd
|
Jenkins PMD Plugin 3.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Je…
|
CWE-611
XXE
|
CVE-2018-1000008
|
2024-11-21 12:39 |
2018-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
