Last 20 Scored Vulnerability IDs & Summaries
CVSS Severity
-
CVE-2019-13277 —
TRENDnet TEW-827DRU with firmware up to and including 2.04B03 allows an unauthenticated attacker to execute setup wizard functionality, giving this attacker the ability to change configuration values, potentially leading to a denial of service. The r... read CVE-2019-13277
Published: July 09, 2019; 05:15:10 PM -04:00
-
CVE-2019-10340 —
A cross-site request forgery vulnerability in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs... read CVE-2019-10340
Published: July 11, 2019; 10:15:10 AM -04:00
-
CVE-2019-12537 —
An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the SearchN.do search field.
Published: July 11, 2019; 10:15:11 AM -04:00
-
CVE-2019-12540 —
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 10.5. There is XSS via the WorkOrder.do search field.
Published: July 11, 2019; 10:15:11 AM -04:00
-
CVE-2019-13280 —
TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains a stack-based buffer overflow while returning an error message to the user about failure to resolve a hostname during a ping or traceroute attempt. This allows an authenticated us... read CVE-2019-13280
Published: July 09, 2019; 03:15:12 PM -04:00
-
CVE-2014-3798 —
The Windows Guest Tools in Citrix XenServer 6.2 SP1 and earlier allows remote attackers to cause a denial of service (guest OS crash) via a crafted Ethernet frame.
Published: July 11, 2019; 04:15:10 PM -04:00
-
CVE-2019-13029 —
Multiple stored Cross-site scripting (XSS) issues in the admin panel and survey system in REDCap 8 before 8.10.20 and 9 before 9.1.2 allow an attacker to inject arbitrary malicious HTML or JavaScript code into a user's web browser.
Published: July 11, 2019; 03:15:13 PM -04:00
-
CVE-2019-13464 —
An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) 3.0.2. Use of X.Filename instead of X_Filename can bypass some PHP Script Uploads rules, because PHP automatically transforms dots into underscores in certain contexts where dots are in... read CVE-2019-13464
Published: July 09, 2019; 03:15:12 PM -04:00
-
CVE-2019-0330 —
The OS Command Plugin in the transaction GPA_ADMIN and the OSCommand Console of SAP Diagnostic Agent (LM-Service), version 7.2, allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior o... read CVE-2019-0330
Published: July 10, 2019; 04:15:12 PM -04:00
-
CVE-2019-13142 —
The RzSurroundVADStreamingService (RzSurroundVADStreamingService.exe) in Razer Surround 1.1.63.0 runs as the SYSTEM user using an executable located in %PROGRAMDATA%\Razer\Synapse\Devices\Razer Surround\Driver\. The DACL on this folder allows any use... read CVE-2019-13142
Published: July 09, 2019; 02:15:11 PM -04:00
-
CVE-2019-10349 —
A stored cross site scripting vulnerability in Jenkins Dependency Graph Viewer Plugin 0.13 and earlier allowed attackers able to configure jobs in Jenkins to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins.
Published: July 11, 2019; 10:15:10 AM -04:00
-
CVE-2018-15738 —
An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains an Arbitrary Write vulnerability due to not validating the output buffer address value from IOCtl 0x8000205F.
Published: July 09, 2019; 09:15:11 AM -04:00
-
CVE-2019-10347 —
Jenkins Mashup Portlets Plugin stored credentials unencrypted on the Jenkins master where they can be viewed by users with access to the master file system.
Published: July 11, 2019; 10:15:10 AM -04:00
-
CVE-2019-10346 —
A reflected cross site scripting vulnerability in Jenkins Embeddable Build Status Plugin 2.0.1 and earlier allowed attackers inject arbitrary HTML and JavaScript into the response of this plugin.
Published: July 11, 2019; 10:15:10 AM -04:00
-
CVE-2017-6900 —
An issue was discovered in Riello NetMan 204 14-2 and 15-2. The issue is with the login script and wrongpass Python script used for authentication. When calling wrongpass, the variables $VAL0 and $VAL1 should be enclosed in quotes to prevent the pote... read CVE-2017-6900
Published: July 03, 2019; 01:15:09 PM -04:00
-
CVE-2019-10348 —
Jenkins Gogs Plugin stored credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
Published: July 11, 2019; 10:15:10 AM -04:00
-
CVE-2019-5602 —
In FreeBSD 12.0-STABLE before r349628, 12.0-RELEASE before 12.0-RELEASE-p7, 11.3-PRERELEASE before r349629, 11.3-RC3 before 11.3-RC3-p1, and 11.2-RELEASE before 11.2-RELEASE-p11, a bug in the cdrom driver allows users with read access to the cdrom de... read CVE-2019-5602
Published: July 03, 2019; 03:15:12 PM -04:00
-
CVE-2019-11062 —
The SUNNET WMPro v5.0 and v5.1 for eLearning system has OS Command Injection via "/teach/course/doajaxfileupload.php". The target server can be exploited without authentication.
Published: July 11, 2019; 03:15:12 PM -04:00
-
CVE-2019-5601 —
In FreeBSD 12.0-STABLE before r347474, 12.0-RELEASE before 12.0-RELEASE-p7, 11.2-STABLE before r347475, and 11.2-RELEASE before 11.2-RELEASE-p11, a bug in the FFS implementation causes up to three bytes of kernel stack memory to be written to disk as... read CVE-2019-5601
Published: July 03, 2019; 03:15:12 PM -04:00
-
CVE-2019-10351 —
Jenkins Caliper CI Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
Published: July 11, 2019; 10:15:11 AM -04:00