CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2018-1000188 A server-side request forgery vulnerability exists in Jenkins CAS Plugin 1.4.1 and older in CasSecurityRealm.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request ... | N/A | NONE | — | 0 |
| CVE-2018-1000190 A exposure of sensitive information vulnerability exists in Jenkins Black Duck Hub Plugin 4.0.0 and older in PostBuildScanDescriptor.java that allows attackers with Overall/Read access to connect to a... | N/A | NONE | — | 0 |
| CVE-2018-1000191 A exposure of sensitive information vulnerability exists in Jenkins Black Duck Detect Plugin 1.4.0 and older in DetectPostBuildStepDescriptor.java that allows attackers with Overall/Read access to con... | N/A | NONE | — | 0 |
| CVE-2018-10597 IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Mater... | 8.3 | HIGH | — | 0 |
| CVE-2018-10599 IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Mater... | N/A | NONE | — | 0 |
| CVE-2018-10601 IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Mater... | 8.2 | HIGH | — | 0 |
| CVE-2017-7635 QNAP NAS application Proxy Server through version 1.2.0 does not utilize CSRF protections. | N/A | NONE | — | 0 |
| CVE-2017-7636 Cross-site scripting (XSS) vulnerability in QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to inject arbitrary web script or HTML. | N/A | NONE | — | 0 |
| CVE-2017-7637 QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to run arbitrary OS commands against the system with root privileges. | N/A | NONE | — | 0 |
| CVE-2017-7639 QNAP NAS application Proxy Server through version 1.2.0 does not authenticate requests properly. Successful exploitation can lead to change of the settings of Proxy Server. | N/A | NONE | — | 0 |
| CVE-2018-1000192 A information exposure vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in AboutJenkins.java, ListPluginsCommand.java that allows users with Overall/Read access to enumerate all ... | 4.3 | MEDIUM | — | 0 |
| CVE-2018-1000193 A improper neutralization of control sequences vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in HudsonPrivateSecurityRealm.java that allows users to sign up using user names c... | 4.3 | MEDIUM | — | 0 |
| CVE-2018-1000194 A path traversal vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in FilePath.java, SoloFilePathFilter.java that allows malicious agents to read and write arbitrary files on the ... | 8.1 | HIGH | — | 0 |
| CVE-2018-1000195 A server-side request forgery vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in ZipExtractionInstaller.java that allows users with Overall/Read permission to have Jenkins submi... | 4.3 | MEDIUM | — | 0 |
| CVE-2017-16064 node-openssl was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | N/A | NONE | — | 0 |
| CVE-2018-1000196 A exposure of sensitive information vulnerability exists in Jenkins Gitlab Hook Plugin 1.4.2 and older in gitlab_notifier.rb, views/gitlab_notifier/global.erb that allows attackers with local Jenkins ... | N/A | NONE | — | 0 |
| CVE-2018-1000197 An improper authorization vulnerability exists in Jenkins Black Duck Hub Plugin 3.0.3 and older in PostBuildScanDescriptor.java that allows users with Overall/Read permission to read and write the Bla... | N/A | NONE | — | 0 |
| CVE-2018-1000198 A XML external entity processing vulnerability exists in Jenkins Black Duck Hub Plugin 3.1.0 and older in PostBuildScanDescriptor.java that allows attackers with Overall/Read permission to make Jenkin... | N/A | NONE | — | 0 |
| CVE-2018-1000202 A persisted cross-site scripting vulnerability exists in Jenkins Groovy Postbuild Plugin 2.3.1 and older in various Jelly files that allows attackers able to control build badge content to define Java... | N/A | NONE | — | 0 |
| CVE-2018-10057 The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to write the miner configuration file to arbitrary locations on the server due to missing b... | N/A | NONE | — | 0 |
| CVE-2018-10058 The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to execute arbitrary code due to a stack-based buffer overflow in the addpool, failover-onl... | N/A | NONE | — | 0 |
| CVE-2018-11586 XML external entity (XXE) vulnerability in api/rest/status in SearchBlox 8.6.7 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a c... | N/A | NONE | — | 0 |
| CVE-2017-16065 openssl.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | N/A | NONE | — | 0 |
| CVE-2018-3691 Some implementations in Intel Integrated Performance Primitives Cryptography Library before version 2018 U3.1 do not properly ensure constant execution time. | N/A | NONE | — | 0 |
| CVE-2018-7884 An issue was discovered in DisplayLink Core Software Cleaner Application 8.2.1956. When the drivers are updated to a newer version, the product launches a process as SYSTEM to uninstall the old versio... | N/A | NONE | — | 0 |
| CVE-2018-11553 SGIN.CN xiangyun platform V9.4.10 has XSS via the login_url parameter to /login.php. | N/A | NONE | — | 0 |
| CVE-2018-11808 Incorrect Access Control in CustomFieldsFeedServlet in Zoho ManageEngine Applications Manager Version 13 before build 13740 allows an attacker to delete any file and read certain files on the server i... | N/A | NONE | — | 0 |
| CVE-2018-11813 libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF. | N/A | NONE | — | 0 |
| CVE-2017-1474 IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 discloses sensitive information to unauthorized users. The information can be used to mount further attack... | N/A | NONE | — | 0 |
| CVE-2017-1476 IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HT... | N/A | NONE | — | 0 |
| CVE-2017-1480 IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 stores potentially sensitive information in log files that could be read by a remote user. IBM X-Force ID: 128617... | N/A | NONE | — | 0 |
| CVE-2018-1456 IBM Rhapsody DM 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to ex... | N/A | NONE | — | 0 |
| CVE-2018-1000203 Soar Labs Soar Coin version up to and including git commit 4a2aa71ee21014e2880a3f7aad11091ed6ad434f (latest release as of Sept 2017) contains an intentional backdoor vulnerability in the function zero... | N/A | NONE | — | 0 |
| CVE-2017-7906 In ABB IP GATEWAY 3.39 and prior, the web server does not sufficiently verify that a request was performed by the authenticated user, which may allow an attacker to launch a request impersonating that... | N/A | NONE | — | 0 |
| CVE-2017-7931 In ABB IP GATEWAY 3.39 and prior, by accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access the configuration files and application pages without aut... | N/A | NONE | — | 0 |
| CVE-2017-7933 In ABB IP GATEWAY 3.39 and prior, some configuration files contain passwords stored in plain-text, which may allow an attacker to gain unauthorized access. | N/A | NONE | — | 0 |
| CVE-2018-10198 An issue was discovered in OTRS 6.0.x before 6.0.7. An attacker who is logged into OTRS as a customer can use the ticket overview screen to disclose internal article information of their customer tick... | N/A | NONE | — | 0 |
| CVE-2018-1265 Cloud Foundry Diego, release versions prior to 2.8.0, does not properly sanitize file paths in tar and zip files headers. A remote attacker with CF admin privileges can upload a malicious buildpack th... | N/A | NONE | — | 0 |
| CVE-2018-1268 Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x prior to 96.1 or 99.x prior to 99.1 or 101.x prior to 101.9 or 102.x prior to 102.2, does not validate app GUID structure in requests. A ... | 6.8 | MEDIUM | — | 0 |
| CVE-2018-1269 Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x prior to 96.1 or 99.x prior to 99.1 or 101.x prior to 101.9 or 102.x prior to 102.2, does not handle errors thrown while constructing cer... | N/A | NONE | — | 0 |
| CVE-2018-7510 In the web application in BeaconMedaes TotalAlert Scroll Medical Air Systems running software versions prior to 4107600010.23, passwords are presented in plaintext in a file that is accessible without... | N/A | NONE | — | 0 |
| CVE-2017-18154 A crafted binder request can cause an arbitrary unmap in MediaServer in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. | N/A | NONE | — | 0 |
| CVE-2018-3562 Buffer over -read can occur while processing a FILS authentication frame in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. | N/A | NONE | — | 0 |
| CVE-2018-3565 While sending a probe request indication in lim_send_sme_probe_req_ind() in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, a buffer overflow c... | N/A | NONE | — | 0 |
| CVE-2018-3578 Type mismatch for ie_len can cause the WLAN driver to allocate less memory on the heap due to implicit casting leading to a heap buffer overflow in all Android releases from CAF (Android for MSM, Fire... | N/A | NONE | — | 0 |
| CVE-2018-3580 Stack-based buffer overflow can occur In the WLAN driver if the pmkid_count value is larger than the PMKIDCache size in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android)... | N/A | NONE | — | 0 |
| CVE-2018-3852 An exploitable denial of service vulnerability exists in the Ocularis Recorder functionality of Ocularis 5.5.0.242. A specially crafted TCP packet can cause a process to terminate resulting in denial ... | 7.5 | HIGH | — | 0 |
| CVE-2018-5840 Buffer Copy without Checking Size of Input can occur during the DRM SDE driver initialization sequence in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Lin... | N/A | NONE | — | 0 |
| CVE-2018-5841 dcc_curr_list is initialized with a default invalid value that is expected to be programmed by the user through a sysfs node which could lead to an invalid access in all Android releases from CAF (And... | N/A | NONE | — | 0 |
| CVE-2018-5845 A race condition in drm_atomic_nonblocking_commit() in the display driver can potentially lead to a Use After Free scenario in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD A... | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.