National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 124,374 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2019-6334

HP LaserJet, PageWide, OfficeJet Enterprise, and LaserJet Managed Printers have a solution to check application signature that may allow potential execution of arbitrary code.

Published: October 16, 2019; 11:15:15 AM -04:00
(not available)
CVE-2019-16523

The events-manager plugin through 5.9.5 for WordPress (aka Events Manager) is susceptible to Stored XSS due to improper encoding and insertion of data provided to the attribute map_style of shortcodes (locations_map and events_map) provided by the plugin.

Published: October 16, 2019; 11:15:15 AM -04:00
(not available)
CVE-2019-16522

The eu-cookie-law plugin through 3.0.6 for WordPress (aka EU Cookie Law (GDPR)) is susceptible to Stored XSS due to improper encoding of several configuration options in the admin area and the displayed cookie consent message. This affects Font Color, Background Color, and the Disable Cookie text. An attacker with high privileges can attack other users.

Published: October 16, 2019; 11:15:15 AM -04:00
(not available)
CVE-2019-16521

The broken-link-checker plugin through 1.11.8 for WordPress (aka Broken Link Checker) is susceptible to Reflected XSS due to improper encoding and insertion of an HTTP GET parameter into HTML. The filter function on the page listing all detected broken links can be exploited by providing an XSS payload in the s_filter GET parameter in a filter_id=search request. NOTE: this is an end-of-life product.

Published: October 16, 2019; 11:15:15 AM -04:00
(not available)
CVE-2019-17630

CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "News > Add Article" screen.

Published: October 16, 2019; 10:15:14 AM -04:00
(not available)
CVE-2019-17629

CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "file manager > upload images" screen.

Published: October 16, 2019; 10:15:14 AM -04:00
(not available)
CVE-2019-16520

The all-in-one-seo-pack plugin before 3.2.7 for WordPress (aka All in One SEO Pack) is susceptible to Stored XSS due to improper encoding of the SEO-specific description for posts provided by the plugin via unsafe placeholder replacement.

Published: October 16, 2019; 10:15:13 AM -04:00
(not available)
CVE-2019-15893

Sonatype Nexus Repository Manager 2.x before 2.14.15 allows Remote Code Execution.

Published: October 16, 2019; 10:15:13 AM -04:00
(not available)
CVE-2019-10458

Jenkins Puppet Enterprise Pipeline 1.3.1 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code.

Published: October 16, 2019; 10:15:13 AM -04:00
(not available)
CVE-2019-10457

A missing permission check in Jenkins Oracle Cloud Infrastructure Compute Classic Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.

Published: October 16, 2019; 10:15:13 AM -04:00
(not available)
CVE-2019-10456

A cross-site request forgery vulnerability in Jenkins Oracle Cloud Infrastructure Compute Classic Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials.

Published: October 16, 2019; 10:15:13 AM -04:00
(not available)
CVE-2019-10455

A missing permission check in Jenkins Rundeck Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.

Published: October 16, 2019; 10:15:13 AM -04:00
(not available)
CVE-2019-10454

A cross-site request forgery vulnerability in Jenkins Rundeck Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials.

Published: October 16, 2019; 10:15:13 AM -04:00
(not available)
CVE-2019-10453

Jenkins Delphix Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

Published: October 16, 2019; 10:15:13 AM -04:00
(not available)
CVE-2019-10452

Jenkins View26 Test-Reporting Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

Published: October 16, 2019; 10:15:13 AM -04:00
(not available)
CVE-2019-10451

Jenkins SOASTA CloudTest Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

Published: October 16, 2019; 10:15:13 AM -04:00
(not available)
CVE-2019-10450

Jenkins ElasticBox CI Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

Published: October 16, 2019; 10:15:12 AM -04:00
(not available)
CVE-2019-10449

Jenkins Fortify on Demand Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

Published: October 16, 2019; 10:15:12 AM -04:00
(not available)
CVE-2019-10448

Jenkins Extensive Testing Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

Published: October 16, 2019; 10:15:12 AM -04:00
(not available)
CVE-2019-10447

Jenkins Sofy.AI Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

Published: October 16, 2019; 10:15:12 AM -04:00
(not available)