Export limit exceeded: 359583 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 359583 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 359583 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359583 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-10288 | 1 Jenkins | 1 Jabber Server | 2024-11-21 | 8.8 High |
| Jenkins Jabber Server Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | ||||
| CVE-2019-10287 | 1 Jenkins | 1 Youtrack-plugin | 2024-11-21 | 8.8 High |
| Jenkins youtrack-plugin Plugin 0.7.1 and older stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | ||||
| CVE-2019-10286 | 1 Jenkins | 1 Deployhub | 2024-11-21 | 8.8 High |
| Jenkins DeployHub Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | ||||
| CVE-2019-10285 | 1 Jenkins | 1 Minio Storage | 2024-11-21 | 8.8 High |
| Jenkins Minio Storage Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | ||||
| CVE-2019-10284 | 1 Jenkins | 1 Diawi Upload | 2024-11-21 | 8.8 High |
| Jenkins Diawi Upload Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | ||||
| CVE-2019-10283 | 1 Jenkins | 1 Mabl | 2024-11-21 | 8.8 High |
| Jenkins mabl Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | ||||
| CVE-2019-10282 | 1 Jenkins | 1 Klaros-testmanagement | 2024-11-21 | 8.8 High |
| Jenkins Klaros-Testmanagement Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | ||||
| CVE-2019-10281 | 1 Jenkins | 1 Relution Enterprise Appstore Publisher | 2024-11-21 | 8.8 High |
| Jenkins Relution Enterprise Appstore Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | ||||
| CVE-2019-10280 | 1 Jenkins | 1 Assembla Auth | 2024-11-21 | 8.8 High |
| Jenkins Assembla Auth Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | ||||
| CVE-2019-10279 | 1 Jenkins | 1 Jenkins-reviewbot | 2024-11-21 | 6.5 Medium |
| A missing permission check in Jenkins jenkins-reviewbot Plugin in the ReviewboardDescriptor#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | ||||
| CVE-2019-10278 | 1 Jenkins | 1 Jenkins-reviewbot | 2024-11-21 | N/A |
| A cross-site request forgery vulnerability in Jenkins jenkins-reviewbot Plugin in the ReviewboardDescriptor#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server. | ||||
| CVE-2019-10277 | 1 Jenkins | 1 Starteam | 2024-11-21 | 8.8 High |
| Jenkins StarTeam Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | ||||
| CVE-2019-10276 | 1 Cobub | 1 Razor | 2024-11-21 | N/A |
| Western Bridge Cobub Razor 0.8.0 has a file upload vulnerability via the web/assets/swf/uploadify.php URI, as demonstrated by a .php file with the image/jpeg content type. | ||||
| CVE-2019-10273 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2024-11-21 | N/A |
| Information leakage vulnerability in the /mc login page in ManageEngine ServiceDesk Plus 9.3 software allows authenticated users to enumerate active users. Due to a flaw within the way the authentication is handled, an attacker is able to login and verify any active account. | ||||
| CVE-2019-10272 | 1 Weaver | 1 E-cology | 2024-11-21 | N/A |
| An issue was discovered in Weaver e-cology 9.0. There is a CRLF Injection vulnerability via the /workflow/request/ViewRequestForwardSPA.jsp isintervenor parameter, as demonstrated by the %0aSet-cookie: substring. | ||||
| CVE-2019-10271 | 1 Ultimatemember | 1 Ultimate Member | 2024-11-21 | 4.3 Medium |
| An issue was discovered in the Ultimate Member plugin 2.39 for WordPress. It allows unauthorized profile and cover picture modification. It is possible to modify the profile and cover picture of any user once one is connected. One can also modify the profiles and cover pictures of privileged users. To perform such a modification, one first needs to (for example) intercept an upload-picture request and modify the user_id parameter. | ||||
| CVE-2019-10270 | 1 Ultimatemember | 1 Ultimate Member | 2024-11-21 | 8.8 High |
| An arbitrary password reset issue was discovered in the Ultimate Member plugin 2.39 for WordPress. It is possible (due to lack of verification and correlation between the reset password key sent by mail and the user_id parameter) to reset the password of another user. One only needs to know the user_id, which is publicly available. One just has to intercept the password modification request and modify user_id. It is possible to modify the passwords for any users or admin WordPress Ultimate Members. This could lead to account compromise and privilege escalation. | ||||
| CVE-2019-10269 | 2 Burrow-wheeler Aligner Project, Canonical | 2 Burrow-wheeler Aligner, Ubuntu Linux | 2024-11-21 | 9.8 Critical |
| BWA (aka Burrow-Wheeler Aligner) before 2019-01-23 has a stack-based buffer overflow in the bns_restore function in bntseq.c via a long sequence name in a .alt file. | ||||
| CVE-2019-10267 | 1 Ahsay | 1 Cloud Backup Suite | 2024-11-21 | N/A |
| An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.1.0.50. It is possible to upload a file into any directory of the server. One can insert a JSP shell into the web server's directory and execute it. This leads to full access to the system, as the configured user (e.g., Administrator). | ||||
| CVE-2019-10266 | 1 Ahsay | 1 Cloud Backup Suite | 2024-11-21 | N/A |
| An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. When sending an out-of-bounds XML document to a URL, it is possible to read the file structure and even the content of files without authentication. | ||||