Last 20 Scored Vulnerability IDs & Summaries
CVSS Severity
-
CVE-2019-17672 —
WordPress before 5.2.4 is vulnerable to a stored XSS attack to inject JavaScript into STYLE elements.
Published: October 17, 2019; 09:15:11 AM -04:00
-
CVE-2019-17673 —
WordPress before 5.2.4 is vulnerable to poisoning of the cache of JSON GET requests because certain requests lack a Vary: Origin header.
Published: October 17, 2019; 09:15:11 AM -04:00
-
CVE-2019-17674 —
WordPress before 5.2.4 is vulnerable to stored XSS (cross-site scripting) via the Customizer.
Published: October 17, 2019; 09:15:11 AM -04:00
-
CVE-2019-17675 —
WordPress before 5.2.4 does not properly consider type confusion during validation of the referer in the admin pages, possibly leading to CSRF.
Published: October 17, 2019; 09:15:11 AM -04:00
-
CVE-2019-0073 —
The PKI keys exported using the command "run request security pki key-pair export" on Junos OS may have insecure file permissions. This may allow another user on the Junos OS device with shell access to read them. This issue affects: Juniper Networks... read CVE-2019-0073
Published: October 09, 2019; 04:15:18 PM -04:00
-
CVE-2019-10447 —
Jenkins Sofy.AI Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
Published: October 16, 2019; 10:15:12 AM -04:00
-
CVE-2019-17546 —
tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition.
Published: October 13, 2019; 10:15:11 PM -04:00
-
CVE-2019-16522 —
The eu-cookie-law plugin through 3.0.6 for WordPress (aka EU Cookie Law (GDPR)) is susceptible to Stored XSS due to improper encoding of several configuration options in the admin area and the displayed cookie consent message. This affects Font Color... read CVE-2019-16522
Published: October 16, 2019; 11:15:15 AM -04:00
-
CVE-2019-15258 —
A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to impr... read CVE-2019-15258
Published: October 16, 2019; 03:15:13 PM -04:00
-
CVE-2019-2946 —
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via... read CVE-2019-2946
Published: October 16, 2019; 02:15:29 PM -04:00
-
CVE-2019-10449 —
Jenkins Fortify on Demand Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
Published: October 16, 2019; 10:15:12 AM -04:00
-
CVE-2019-2884 —
Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Segment). The supported version that is affected is 17.0. Difficult to exploit vulnerability allows unauthenticated a... read CVE-2019-2884
Published: October 16, 2019; 02:15:26 PM -04:00
-
CVE-2019-2935 —
Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: EAI). Supported versions that are affected are 19.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromi... read CVE-2019-2935
Published: October 16, 2019; 02:15:29 PM -04:00
-
CVE-2019-10450 —
Jenkins ElasticBox CI Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Published: October 16, 2019; 10:15:12 AM -04:00
-
CVE-2019-2923 —
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.6.45 and prior and 5.7.27 and prior. Easily exploitable vulnerability allows unauthenticated attacker with... read CVE-2019-2923
Published: October 16, 2019; 02:15:28 PM -04:00
-
CVE-2019-10452 —
Jenkins View26 Test-Reporting Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
Published: October 16, 2019; 10:15:13 AM -04:00
-
CVE-2019-10453 —
Jenkins Delphix Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Published: October 16, 2019; 10:15:13 AM -04:00
-
CVE-2019-10446 —
Jenkins Cadence vManager Plugin 2.7.0 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM.
Published: October 16, 2019; 10:15:12 AM -04:00
-
CVE-2019-10445 —
A missing permission check in Jenkins Google Kubernetes Engine Plugin 0.7.0 and earlier allowed attackers with Overall/Read permission to obtain limited information about the scope of a credential with an attacker-specified credentials ID.
Published: October 16, 2019; 10:15:12 AM -04:00
-
CVE-2019-10448 —
Jenkins Extensive Testing Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
Published: October 16, 2019; 10:15:12 AM -04:00