Skip to main content
CVE-2018-1000108 MEDIUM PATCH This Month

A cross-site scripting vulnerability exists in Jenkins CppNCSS Plugin 1.1 and earlier in AbstractProjectAction/index.jelly that allow an attacker to craft links to Jenkins URLs that run arbitrary. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XSS Cppncss
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-1000085 MEDIUM PATCH This Month

ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser, function xar_hash_check() that can result in Leaking of memory, may help in developing exploit. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Clamav Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.0
5.5
EPSS
1.7%
CVE-2018-1000079 MEDIUM PATCH This Month

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Rubygems
NVD GitHub
CVSS 3.0
5.5
EPSS
2.9%
CVE-2018-8087 MEDIUM PATCH This Month

Memory leak in the hwsim_new_radio_nl function in drivers/net/wireless/mac80211_hwsim.c in the Linux kernel through 4.15.9 allows local users to cause a denial of service (memory consumption) by. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.0
5.5
EPSS
0.5%
CVE-2018-1000113 MEDIUM PATCH This Month

A cross-site scripting vulnerability exists in Jenkins TestLink Plugin 2.12 and earlier in TestLinkBuildAction/summary.jelly and others that allow an attacker who can control e.g. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Testlink
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1000106 MEDIUM PATCH This Month

An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Authentication Bypass Jenkins Gerrit Trigger
NVD
CVSS 3.0
5.4
EPSS
0.9%
CVE-2018-6296 MEDIUM This Month

An undocumented (hidden) capability for switching the web interface in Hanwha Techwin Smartcams. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Snh V6410Pn Firmware Snh V6410Pnw Firmware
NVD
CVSS 3.0
5.3
EPSS
0.8%
CVE-2018-1000077 MEDIUM PATCH This Month

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Rubygems Debian Linux
NVD GitHub
CVSS 3.0
5.3
EPSS
3.8%
CVE-2018-1000112 MEDIUM PATCH This Month

An improper authorization vulnerability exists in Jenkins Mercurial Plugin version 2.2 and earlier in MercurialStatus.java that allows an attacker with network access to obtain a list of nodes and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Authentication Bypass Jenkins Mercurial
NVD
CVSS 3.0
5.3
EPSS
1.0%
CVE-2018-1000111 MEDIUM PATCH This Month

An improper authorization vulnerability exists in Jenkins Subversion Plugin version 2.10.2 and earlier in SubversionStatus.java and SubversionRepositoryStatus.java that allows an attacker with. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Authentication Bypass Jenkins Subversion
NVD
CVSS 3.0
5.3
EPSS
0.9%
CVE-2018-1000110 MEDIUM PATCH This Month

An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Authentication Bypass Jenkins Git
NVD
CVSS 3.0
5.3
EPSS
4.0%
CVE-2018-1000095 MEDIUM PATCH This Month

oVirt version 4.2.0 to 4.2.2 contains a Cross Site Scripting (XSS) vulnerability in the name/description of VMs portion of the web admin application. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Ovirt Engine
NVD
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-1050 MEDIUM This Month

All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Ubuntu Linux Samba Debian Linux +3
NVD
CVSS 3.1
4.3
EPSS
6.7%
CVE-2018-1000114 MEDIUM PATCH This Month

An improper authorization vulnerability exists in Jenkins Promoted Builds Plugin 2.31.1 and earlier in Status.java and ManualCondition.java that allow an attacker with read access to jobs to perform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Authentication Bypass Jenkins Promoted Builds
NVD
CVSS 3.0
4.3
EPSS
0.6%
CVE-2018-1000109 MEDIUM PATCH This Month

An improper authorization vulnerability exists in Jenkins Google Play Android Publisher Plugin version 1.6 and earlier in GooglePlayBuildStepDescriptor.java that allow an attacker to obtain. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Authentication Bypass Jenkins Java Google Play Android Publisher
NVD
CVSS 3.0
4.3
EPSS
0.7%
CVE-2018-1000105 MEDIUM PATCH This Month

An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Authentication Bypass Jenkins Gerrit Trigger
NVD
CVSS 3.0
4.3
EPSS
0.7%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy