Vulnerabilidades CVE

A missing permission check in Jenkins Libvirt Slaves Plugin in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.

In JetBrains Space through 2020-04-22, the password authentication implementation was insecure.

A missing permission check in Jenkins Global Post Script Plugin in allowed users with Overall/Read access to list the scripts available to the plugin stored on the Jenkins master file system.

A reflected cross-site scripting vulnerability in Jenkins build-metrics Plugin allows attackers to inject arbitrary HTML and JavaScript into web pages provided by this plugin.

Jenkins Zulip Plugin 1.1.0 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.

Sitemagic CMS 4.4.1 is affected by a Cross-Site-Scripting (XSS) vulnerability, as it fails to validate user input. The affected components (index.php, upgrade.php) allow for JavaScript injection withi...

Sitemagic CMS 4.4.1 is affected by a Cross-Site-Request-Forgery (CSRF) issue as it doesn't implement any method to validate incoming requests, allowing the execution of critical functionalities via sp...

A flaw was found in HAProxy before 2.0.6. In legacy mode, messages featuring a transfer-encoding header missing the "chunked" value were not being correctly rejected. The impact was limited but if com...

When executing VideoLAN VLC media player 3.0.8 with libqt on Windows, Data from a Faulting Address controls Code Flow starting at libqt_plugin!vlc_entry_license__3_0_0f+0x00000000003b9aba. NOTE: the V...

Sourcecodester Online Grading System 1.0 is affected by a Cross Site Request Forgery vulnerability due to a lack of CSRF protection. This could lead to an attacker tricking the administrator into exec...

In FusionPBX up to 4.5.7, the file app\destinations\destination_imports.php uses an unsanitized "query_string" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS.

An out-of-bounds memory access in the generateDirectionalRuns() function in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows attackers to cause a denial of service by crashing an ap...

Sourcecodester Online Grading System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the student, instructor, department, room, ...

Cloud Foundry UAA, versions prior to v74.3.0, contains an endpoint that is vulnerable to SCIM injection attack. A remote authenticated malicious user with scim.invite scope can craft a request with ma...

LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vulnerable to arbitrary file creation by unauthorized users

Cloud Foundry SMB Volume, versions prior to v2.0.3, accidentally outputs sensitive information to the logs. A remote user with access to the SMB Volume logs can discover the username and password for ...

A heap buffer overflow bug in libpl_droidsonroids_gif before 1.2.19, as used in WhatsApp for Android before version 2.19.291 could allow remote attackers to execute arbitrary code or cause a denial of...

In FusionPBX up to 4.5.7, the file app\contacts\contact_notes.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS.

A vulnerability in version 0.90 of the Open Floodlight SDN controller software could allow an attacker with access to the OpenFlow control network to selectively disconnect individual switches from th...

The Auberge theme before 1.4.5 for WordPress has XSS via the genericons/example.html anchor identifier.

The Modern theme before 1.4.2 for WordPress has XSS via the genericons/example.html anchor identifier.

The weeklynews theme before 2.2.9 for WordPress has XSS via the s parameter.

In FusionPBX up to 4.5.7, the file app\extensions\extension_imports.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS.

An issue was discovered in Avast antivirus before 19.8 and AVG antivirus before 19.8. A DLL Preloading vulnerability allows an attacker to implant %WINDIR%\system32\wbemcomn.dll, which is loaded into ...

The Post editor functionality in the hexo-admin plugin versions 2.3.0 and earlier for Node.js is vulnerable to stored XSS via the content of a post.

An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the firs...

Integer overflow in the new[] operator in gcc before 4.8.0 allows attackers to have unspecified impacts.

A vulnerability in version 0.90 of the Open Floodlight SDN controller software could result in a denial of service attack and crashing of the controller service. This effect is the result of a flaw in...

In Ant Design Pro 4.0.0, reflected XSS in the user/login redirect GET parameter affects the authorization component, leading to execution of JavaScript code in the login after-action script.

Darktrace Enterprise Immune System before 3.1 allows CSRF via the /whitelisteddomains endpoint.

Darktrace Enterprise Immune System before 3.1 allows CSRF via the /config endpoint.

In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local files...

A buffer over-read was discovered in ReadMP3APETag in apetag.c in MP3Gain 1.6.2. The vulnerability causes an application crash, which leads to remote denial of service.

PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a directory traversal vulnerability.

An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. The backup file is in tar.gz format. After uploading, the application uses the tar zxf command to decompress, so one can co...

An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. There is a directory traversal vulnerability to read arbitrary files via a misconfigured NGINX alias, as demonstrated by ap...

An issue was discovered on AVStar PE204 3.10.70 IP camera devices. A denial of service can occur on open TCP port 23456. After a TELNET connection, no TCP ports are open.

An issue was discovered on TerraMaster FS-210 4.0.19 devices. One can download backup files remotely from terramaster_TNAS-00E43A_config_backup.bin without permission.

An issue was discovered on TerraMaster FS-210 4.0.19 devices. An authenticated remote non-administrative user can read unauthorized shared files, as demonstrated by the filename=*public*%25252Fadmin_O...

An issue was discovered on TerraMaster FS-210 4.0.19 devices. An unauthenticated attacker can download log files via the include/makecvs.php?Event= substring.

Creative Cloud Desktop Application version 4.6.1 and earlier versions have Security Bypass vulnerability. Successful exploitation could lead to Privilege Escalation in the context of the current user.

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and ear...

Adobe Acrobat and Reader versions 2019.010.20100 and earlier; 2019.010.20099 and earlier versions; 2017.011.30140 and earlier version; 2017.011.30138 and earlier version; 2015.006.30495 and earlier ve...

XMLLanguageService.java in XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products, allows a remote a...

XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products, allows XXE via a crafted XML document, with ...

Sourcecodester Hotel and Lodge Management System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the id parameter to the edit pa...

A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests.

IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 stores sensitive information in URL parameters. This may lead to information disclosure if unau...

IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 could allow a local user to obtain sensitive information from SessionManagement cookies. IBM X-...

IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaS...