Skip to main content
CVE-2017-1000100 MEDIUM PATCH This Month

When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2017-1000099 MEDIUM PATCH This Month

When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Libcurl
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2017-1000101 MEDIUM This Month

curl supports "globbing" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2017-12258 MEDIUM This Month

A vulnerability in the web-based UI of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Unified Communications Manager
NVD
CVSS 3.0
6.1
EPSS
2.6%
CVE-2017-12256 MEDIUM This Month

A vulnerability in the Akamai Connect feature of Cisco Wide Area Application Services (WAAS) Appliances could allow an unauthenticated, remote attacker to cause a denial-of-service (DoS) condition on. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Wide Area Application Services
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-1000085 MEDIUM PATCH This Month

Subversion Plugin connects to a user-specified Subversion repository as part of form validation (e.g. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Jenkins Subversion
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-12268 MEDIUM This Month

A vulnerability in the Network Access Manager (NAM) of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to enable multiple network adapters, aka a Dual-Homed. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Anyconnect Secure Mobility Client
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-1000095 MEDIUM PATCH This Month

The default whitelist included the following unsafe entries: DefaultGroovyMethods.putAt(Object, String, Object); DefaultGroovyMethods.getAt(Object, String). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure Script Security
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-1000094 MEDIUM PATCH This Month

Docker Commons Plugin provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use to authenticate with a Docker Registry. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Docker Information Disclosure Docker Commons
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-1000084 MEDIUM PATCH This Month

Parameterized Trigger Plugin fails to check Item/Build permission: The Parameterized Trigger Plugin did not check the build authentication it was running as and allowed triggering any other project. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Jenkins Privilege Escalation Parameterized Trigger
NVD
CVSS 3.0
6.5
EPSS
0.0%
CVE-2017-1000104 MEDIUM PATCH This Month

The Config File Provider Plugin is used to centrally manage configuration files that often include secrets, such as passwords. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Jenkins Privilege Escalation Config File Provider
NVD
CVSS 3.0
6.5
EPSS
0.0%
CVE-2017-1000091 MEDIUM PATCH This Month

GitHub Branch Source Plugin connects to a user-specified GitHub API URL (e.g. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Jenkins Github Branch Source
NVD
CVSS 3.0
6.3
EPSS
0.1%
CVE-2017-14354 MEDIUM This Month

A remote cross-site scripting vulnerability in HP UCMDB Foundation Software versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, and 10.33 could be remotely exploited to allow cross-site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS HP Ucmdb Foundation Software
NVD
CVSS 3.0
6.1
EPSS
0.5%
CVE-2017-13994 MEDIUM This Month

A Cross-site Scripting issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Lvis 3Me Firmware
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-12265 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Adaptive Security Appliance
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-12257 MEDIUM This Month

A vulnerability in the web framework of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Webex Meetings Server
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-1000109 MEDIUM PATCH This Month

The custom Details view of the Static Analysis Utilities based OWASP Dependency-Check Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Owasp Dependency Check
NVD
CVSS 3.0
6.1
EPSS
0.1%
CVE-2017-15042 MEDIUM PATCH This Month

An unintended cleartext issue exists in Go before 1.8.4 and 1.9.x before 1.9.1. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Go
NVD GitHub
CVSS 3.0
5.9
EPSS
0.2%
CVE-2017-15023 MEDIUM PATCH This Month

read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not properly validate the format count, which allows remote. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Binutils
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2017-15024 MEDIUM PATCH This Month

find_abstract_instance_name in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Binutils
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2017-15025 MEDIUM PATCH This Month

decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (divide-by-zero error. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Binutils
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-15022 MEDIUM PATCH This Month

dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the DW_AT_name data type, which allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Binutils
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-15021 MEDIUM PATCH This Month

bfd_get_debug_link_info_1 in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (heap-based. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Binutils
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-1301 MEDIUM PATCH This Month

IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launch a symlink attack. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Information Disclosure Tivoli Storage Manager
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-1000113 MEDIUM PATCH This Month

The Deploy to container Plugin stored passwords unencrypted as part of its configuration. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Jenkins Information Disclosure Deploy
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2017-12264 MEDIUM This Month

A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Meeting Server
NVD
CVSS 3.0
5.3
EPSS
1.0%
CVE-2017-12269 MEDIUM This Month

A vulnerability in the web UI of Cisco Spark Messaging Software could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Spark
NVD
CVSS 3.0
5.4
EPSS
0.4%
CVE-2017-1522 MEDIUM This Month

IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Content Navigator
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-1000088 MEDIUM PATCH This Month

The Sidebar Link plugin allows users able to configure jobs, views, and agents to add entries to the sidebar of these objects. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Sidebar Link
NVD
CVSS 3.0
5.4
EPSS
0.1%
CVE-2017-1000103 MEDIUM PATCH This Month

The custom Details view of the Static Analysis Utilities based DRY Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Dry
NVD
CVSS 3.0
5.4
EPSS
0.0%
CVE-2017-1000102 MEDIUM PATCH This Month

The Details view of some Static Analysis Utilities based plugins, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to these plugins, for. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Static Analysis Utilities
NVD
CVSS 3.0
5.4
EPSS
0.0%
CVE-2017-12267 MEDIUM This Month

A vulnerability in the Independent Computing Architecture (ICA) accelerator feature for the Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause an ICA. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Cisco Virtual Wide Area Application Services Wide Area Application Services
NVD
CVSS 3.0
5.3
EPSS
0.5%
CVE-2017-9628 MEDIUM This Month

An Information Exposure issue was discovered in Saia Burgess Controls PCD Controllers with PCD firmware versions prior to 1.28.16 or 1.24.69. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pcd Controllers Firmware
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2017-1000105 MEDIUM This Month

The optional Run/Artifacts permission can be enabled by setting a Java system property. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Java Blue Ocean
NVD
CVSS 3.0
5.3
EPSS
0.0%
CVE-2017-1000089 MEDIUM PATCH This Month

Builds in Jenkins are associated with an authentication that controls the permissions that the build has to interact with other elements in Jenkins. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Jenkins Privilege Escalation Pipeline
NVD
CVSS 3.0
5.3
EPSS
0.0%
CVE-2017-1339 MEDIUM PATCH This Month

IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) Server uses weak encryption for the password. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Denial Of Service IBM Information Disclosure Tivoli Storage Manager
NVD
CVSS 3.0
4.4
EPSS
0.0%
CVE-2017-1000110 MEDIUM PATCH This Month

Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Jenkins Blue Ocean
NVD
CVSS 3.0
4.3
EPSS
0.0%
CVE-2017-1000087 MEDIUM PATCH This Month

GitHub Branch Source provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Github Branch Source
NVD
CVSS 3.0
4.3
EPSS
0.0%
CVE-2017-12266 MEDIUM This Month

A vulnerability in the routine that loads DLL files in Cisco Meeting App for Windows could allow an authenticated, local attacker to run an executable file with privileges equivalent to those of. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Cisco Privilege Escalation Meeting App
NVD
CVSS 3.0
4.2
EPSS
0.0%
CVE-2017-1000114 LOW PATCH Monitor

The Datadog Plugin stores an API key to access the Datadog service in the global Jenkins configuration. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

XSS Jenkins Information Disclosure Datadog
NVD
CVSS 3.0
3.1
EPSS
0.0%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy