Skip to main content
CVE-2019-14750 MEDIUM POC PATCH THREAT This Month

An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.7%.

XSS PHP Osticket
NVD GitHub Exploit-DB VulDB
CVSS 3.0
6.1
EPSS
11.7%
CVE-2019-14743 MEDIUM POC This Month

In Valve Steam Client for Windows through 2019-08-07, HKLM\SOFTWARE\Wow6432Node\Valve\Steam has explicit "Full control" for the Users group, which allows local users to gain NT AUTHORITY\SYSTEM. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Steam Client
NVD GitHub
CVSS 3.0
6.6
EPSS
0.6%
CVE-2019-14747 MEDIUM POC This Month

DWSurvey through 2019-07-22 has stored XSS via the design/my-survey-design!copySurvey.action surveyName parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dwsurvey
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-14748 MEDIUM POC PATCH This Month

An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Osticket
NVD GitHub Exploit-DB VulDB
CVSS 3.0
5.4
EPSS
2.7%
CVE-2019-14731 MEDIUM POC This Month

An issue was discovered in ZenTao 11.5.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zentao
NVD GitHub
CVSS 3.0
5.4
EPSS
0.6%
CVE-2019-10387 MEDIUM This Month

A missing permission check in Jenkins XL TestView Plugin 1.2.0 and earlier in XLTestView.XLTestDescriptor#doTestConnection allows users with Overall/Read access to connect to an attacker-specified. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Xl Testview
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2019-10385 MEDIUM This Month

Jenkins eggPlant Plugin 2.2 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Eggplant
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2019-10382 MEDIUM This Month

Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier disables SSL/TLS and hostname verification globally for the Jenkins master JVM. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Jenkins VMware Information Disclosure Vmware Lab Manager Slaves
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2019-10379 MEDIUM This Month

Jenkins Google Cloud Messaging Notification Plugin 1.0 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Jenkins Information Disclosure Cloud Messaging Notification
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2019-10375 MEDIUM This Month

An arbitrary file read vulnerability in Jenkins File System SCM Plugin 2.1 and earlier allows attackers able to configure jobs in Jenkins to obtain the contents of any file on the Jenkins master. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure File System Scm
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2019-10370 MEDIUM PATCH This Month

Jenkins Mask Passwords Plugin 2.12.0 and earlier transmits globally configured passwords in plain text as part of the configuration form, potentially resulting in their exposure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Mask Passwords
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2019-10369 MEDIUM PATCH This Month

A missing permission check in Jenkins JClouds Plugin 2.14 and earlier in BlobStoreProfile.DescriptorImpl#doTestConnection and JCloudsCloud.DescriptorImpl#doTestConnection allowed users with. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Jclouds
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2019-10376 MEDIUM This Month

A reflected cross-site scripting vulnerability in Jenkins Wall Display Plugin 0.6.34 and earlier allows attackers to inject arbitrary HTML and JavaScript into web pages provided by this plugin. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Jenkins Wall Display
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-10372 MEDIUM PATCH This Month

An open redirect vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows attackers to redirect users to a URL outside Jenkins after successful login. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Jenkins Open Redirect Gitlab Gitlab Oauth
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2019-14763 MEDIUM PATCH This Month

In the Linux kernel before 4.16.4, a double-locking error in drivers/usb/dwc3/gadget.c may potentially cause a deadlock with f_hid. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel Ubuntu Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-10367 MEDIUM PATCH This Month

Due to an incomplete fix of CVE-2019-10343, Jenkins Configuration as Code Plugin 1.26 and earlier did not properly apply masking to some values expected to be hidden when logging the configuration. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Configuration As Code
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2019-11653 MEDIUM This Month

Remote Access Control Bypass in Micro Focus Content Manager. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Content Manager
NVD
CVSS 3.0
5.4
EPSS
0.8%
CVE-2019-10374 MEDIUM This Month

A stored cross-site scripting vulnerability in Jenkins PegDown Formatter Plugin 1.3 and earlier allows attackers able to edit descriptions and other fields rendered using the configured markup. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Pegdown Formatter
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-10373 MEDIUM This Month

A stored cross-site scripting vulnerability in Jenkins Build Pipeline Plugin 1.5.8 and earlier allows attackers able to edit the build pipeline description to inject arbitrary HTML and JavaScript in. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Build Pipeline
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-10378 MEDIUM This Month

Jenkins TestLink Plugin 3.16 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Testlink
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2019-10389 MEDIUM This Month

A missing permission check in Jenkins Relution Enterprise Appstore Publisher Plugin 1.24 and earlier allows attackers to have Jenkins initiate an HTTP connection to an attacker-specified server. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Relution Enterprise Appstore Publisher
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2019-10388 MEDIUM This Month

A cross-site request forgery vulnerability in Jenkins Relution Enterprise Appstore Publisher Plugin 1.24 and earlier allows attackers to have Jenkins initiate an HTTP connection to an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Relution Enterprise Appstore Publisher
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2019-10377 MEDIUM This Month

A missing permission check in Jenkins Avatar Plugin 1.2 and earlier allows attackers with Overall/Read access to change the avatar of any user of Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Avatar
NVD
CVSS 3.1
4.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy