|
251541
|
7.8 |
HIGH
Local
|
ovirt
|
ovirt-hosted-engine-setup
|
An information disclosure in ovirt-hosted-engine-setup prior to 2.2.7 reveals the root user's password in the log file.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2018-1000018
|
2024-11-21 12:39 |
2018-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251542
|
4.8 |
MEDIUM
Network
|
jenkins
|
pipeline_nodes_and_processes
|
On Jenkins instances with Authorize Project plugin, the authentication associated with a build may lack the Computer/Build permission on some agents. This did not prevent the execution of Pipeline `n…
|
CWE-862
Missing Authorization
|
CVE-2018-1000015
|
2024-11-21 12:39 |
2018-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251543
|
8.8 |
HIGH
Network
|
jenkins
|
translation_assistance
|
Jenkins Translation Assistance Plugin 1.15 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to override localized strings di…
|
CWE-352
Origin Validation Error
|
CVE-2018-1000014
|
2024-11-21 12:39 |
2018-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251544
|
8.8 |
HIGH
Network
|
jenkins
|
release
|
Jenkins Release Plugin 2.9 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to trigger release builds.
|
CWE-352
Origin Validation Error
|
CVE-2018-1000013
|
2024-11-21 12:39 |
2018-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251545
|
8.8 |
HIGH
Network
|
jenkins
|
warnings
|
Jenkins Warnings Plugin 4.64 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from t…
|
CWE-611
XXE
|
CVE-2018-1000012
|
2024-11-21 12:39 |
2018-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251546
|
8.8 |
HIGH
Network
|
jenkins
|
findbugs
|
Jenkins FindBugs Plugin 4.71 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from t…
|
CWE-611
XXE
|
CVE-2018-1000011
|
2024-11-21 12:39 |
2018-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251547
|
8.8 |
HIGH
Network
|
jenkins
|
dry
|
Jenkins DRY Plugin 2.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Je…
|
CWE-611
XXE
|
CVE-2018-1000010
|
2024-11-21 12:39 |
2018-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251548
|
8.8 |
HIGH
Network
|
jenkins
|
checkstyle
|
Jenkins Checkstyle Plugin 3.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from…
|
CWE-611
XXE
|
CVE-2018-1000009
|
2024-11-21 12:39 |
2018-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251549
|
8.8 |
HIGH
Network
|
jenkins
|
pmd
|
Jenkins PMD Plugin 3.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Je…
|
CWE-611
XXE
|
CVE-2018-1000008
|
2024-11-21 12:39 |
2018-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251550
|
8.8 |
HIGH
Network
|
microsoft
|
word
office
office_compatibility_pack
|
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way ob…
|
NVD-CWE-noinfo
|
CVE-2018-0862
|
2024-11-21 12:39 |
2018-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
