Export limit exceeded: 78962 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (78962 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-10284 | 1 Jenkins | 1 Diawi Upload | 2024-11-21 | 8.8 High |
| Jenkins Diawi Upload Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | ||||
| CVE-2019-10283 | 1 Jenkins | 1 Mabl | 2024-11-21 | 8.8 High |
| Jenkins mabl Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | ||||
| CVE-2019-10282 | 1 Jenkins | 1 Klaros-testmanagement | 2024-11-21 | 8.8 High |
| Jenkins Klaros-Testmanagement Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | ||||
| CVE-2019-10281 | 1 Jenkins | 1 Relution Enterprise Appstore Publisher | 2024-11-21 | 8.8 High |
| Jenkins Relution Enterprise Appstore Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | ||||
| CVE-2019-10280 | 1 Jenkins | 1 Assembla Auth | 2024-11-21 | 8.8 High |
| Jenkins Assembla Auth Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | ||||
| CVE-2019-10277 | 1 Jenkins | 1 Starteam | 2024-11-21 | 8.8 High |
| Jenkins StarTeam Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | ||||
| CVE-2019-10270 | 1 Ultimatemember | 1 Ultimate Member | 2024-11-21 | 8.8 High |
| An arbitrary password reset issue was discovered in the Ultimate Member plugin 2.39 for WordPress. It is possible (due to lack of verification and correlation between the reset password key sent by mail and the user_id parameter) to reset the password of another user. One only needs to know the user_id, which is publicly available. One just has to intercept the password modification request and modify user_id. It is possible to modify the passwords for any users or admin WordPress Ultimate Members. This could lead to account compromise and privilege escalation. | ||||
| CVE-2019-10249 | 1 Eclipse | 2 Xtend, Xtext | 2024-11-21 | 8.1 High |
| All Xtext & Xtend versions prior to 2.18.0 were built using HTTP instead of HTTPS file transfer and thus the built artifacts may have been compromised. | ||||
| CVE-2019-10245 | 2 Eclipse, Redhat | 8 Openj9, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2024-11-21 | 7.5 High |
| In Eclipse OpenJ9 prior to the 0.14.0 release, the Java bytecode verifier incorrectly allows a method to execute past the end of bytecode array causing crashes. Eclipse OpenJ9 v0.14.0 correctly detects this case and rejects the attempted class load. | ||||
| CVE-2019-10240 | 1 Eclipse | 1 Hawkbit | 2024-11-21 | 8.1 High |
| Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifacts for the Vaadin based UI over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of hawkBit might be infected. | ||||
| CVE-2019-10233 | 1 Glpi-project | 1 Glpi | 2024-11-21 | 8.1 High |
| Teclib GLPI before 9.4.1.1 is affected by a timing attack associated with a cookie. | ||||
| CVE-2019-10229 | 1 Mailstore | 2 Mailstore, Mailstore Server | 2024-11-21 | 8.8 High |
| An issue was discovered in MailStore Server (and Service Provider Edition) 9.x through 11.x before 11.2.2. When the directory service (for synchronizing and authenticating users) is set to Generic LDAP, an attacker is able to login as an existing user with an arbitrary password on the second login attempt. | ||||
| CVE-2019-10220 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-11-21 | 8.8 High |
| Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists. | ||||
| CVE-2019-10216 | 2 Artifex, Redhat | 10 Ghostscript, 3scale Amp, 3scale Api Management and 7 more | 2024-11-21 | 7.8 High |
| In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas. | ||||
| CVE-2019-10210 | 2 Microsoft, Postgresql | 2 Windows, Postgresql | 2024-11-21 | 7.0 High |
| Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via superuser writing password to unprotected temporary file. | ||||
| CVE-2019-10208 | 2 Postgresql, Redhat | 5 Postgresql, Enterprise Linux, Rhel E4s and 2 more | 2024-11-21 | 8.8 High |
| A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function. | ||||
| CVE-2019-10201 | 1 Redhat | 4 Jboss Single Sign On, Keycloak, Openshift Application Runtimes and 1 more | 2024-11-21 | 8.1 High |
| It was found that Keycloak's SAML broker, versions up to 6.0.1, did not verify missing message signatures. If an attacker modifies the SAML Response and removes the <Signature> sections, the message is still accepted, and the message can be modified. An attacker could use this flaw to impersonate other users and gain access to sensitive information. | ||||
| CVE-2019-10200 | 1 Redhat | 1 Openshift Container Platform | 2024-11-21 | 7.2 High |
| A flaw was discovered in OpenShift Container Platform 4 where, by default, users with access to create pods also have the ability to schedule workloads on master nodes. Pods with permission to access the host network, running on master nodes, can retrieve security credentials for the master AWS IAM role, allowing management access to AWS resources. With access to the security credentials, the user then has access to the entire infrastructure. Impact to data and system availability is high. | ||||
| CVE-2019-10199 | 1 Redhat | 3 Jboss Single Sign On, Keycloak, Openshift Application Runtimes | 2024-11-21 | 8.8 High |
| It was found that Keycloak's account console, up to 6.0.1, did not perform adequate header checks in some requests. An attacker could use this flaw to trick an authenticated user into performing operations via request from an untrusted domain. | ||||
| CVE-2019-10193 | 5 Canonical, Debian, Oracle and 2 more | 10 Ubuntu Linux, Debian Linux, Communications Operations Monitor and 7 more | 2024-11-21 | 7.2 High |
| A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By corrupting a hyperloglog using the SETRANGE command, an attacker could cause Redis to perform controlled increments of up to 12 bytes past the end of a stack-allocated buffer. | ||||