Skip to main content
CVE-2019-3410 HIGH This Week

All versions up to UKBB_WF820+_1.0.0B06 of ZTE WF820+ LTE Outdoor CPE product are impacted by Cross-Site Request Forgery vulnerability,which stems from the fact that WEB applications do not. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte CSRF Wf820 Lte Outdoor Cpe Firmware
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2019-3409 HIGH This Week

All versions up to UKBB_WF820+_1.0.0B06 of ZTE WF820+ LTE Outdoor CPE product are impacted by command injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zte Command Injection Wf820 Lte Outdoor Cpe Firmware
NVD
CVSS 3.0
8.8
EPSS
1.9%
CVE-2019-10339 HIGH PATCH This Week

A missing permission check in Jenkins JX Resources Plugin 1.0.36 and earlier in GlobalPluginConfiguration#doValidateClient allowed users with Overall/Read access to have Jenkins connect to an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Kubernetes Jx Resources
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2019-10338 HIGH PATCH This Week

A cross-site request forgery vulnerability in Jenkins JX Resources Plugin 1.0.36 and earlier in GlobalPluginConfiguration#doValidateClient allowed attackers to have Jenkins connect to an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Kubernetes CSRF Jx Resources
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2019-12795 HIGH PATCH This Week

daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Gvfs
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2019-12145 HIGH This Week

A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Ws Ftp Server
NVD
CVSS 3.0
7.5
EPSS
4.7%
CVE-2019-3411 HIGH This Week

All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by information leak vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zte Mf920 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-10337 HIGH PATCH This Week

An XML external entities (XXE) vulnerability in Jenkins Token Macro Plugin 2.7 and earlier allowed attackers able to control a the content of the input file for the "XML" macro to have Jenkins. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE SSRF Jenkins Token Macro
NVD
CVSS 3.0
7.5
EPSS
2.0%
CVE-2019-12749 HIGH This Week

dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Ubuntu Canonical Dbus Ubuntu Linux
NVD
CVSS 3.1
7.1
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy