Some scripts may have failed to execute as expected and other scripts may have been executed unexpectedly. Note that the behaviour of the CGI servlet has remained unchanged in this regard. It is only the documentation of the behaviour that was wrong and has been corrected.
Simditor allows XSS via crafted use of svg/onload=alert in a TEXTAREA element.
Apache POI is vulnerable to Denial of Service Attacks through infinite loops while parsing crafted WMF, EMF, MSG and macros or Out of Memory Exceptions while parsing crafted DOC, PPT and XLS.
index.js in brace-expansion before 1.1.7 is vulnerable to Regular Expression Denial of Service (ReDoS) attacks, as demonstrated by an expand argument containing many comma characters.
The login command available in the remoting-based CLI stores the encrypted user name of the successfully authenticated user in a cache file used to authenticate further commands. Users with sufficient permission to create secrets in Jenkins, and download their encrypted values, were able to impersonate any other Jenkins user on the same instance.
Jenkins is vulnerable to a deserialization vulnerability.
An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java SignedObject object to the Jenkins CLI, that would be deserialized using a new ObjectInputStream, bypassing the existing denylist-based protection mechanism.
Jenkins is vulnerable to an issue in the Jenkins user database authentication realm.
In strategy.rb in OmniAuth, the authenticity_token value is improperly protected because POST (in addition to GET) parameters are stored in the session and become available in the environment of the callback phase.
Users with permission to create or configure agents in Jenkins could configure a launch method called "Launch agent via execution of command on master". This allowed them to run arbitrary shell commands on the master node whenever the agent was supposed to be launched. Configuration of this launch method now requires the Run Scripts permission typically only granted to administrators.
Jenkins Build-Publisher stores credentials to other Jenkins instances in the file hudson.plugins.build_publisher.BuildPublisher.xml in the Jenkins master home directory. These credentials were stored unencrypted, allowing anyone with local file system access to access them. Additionally, the credentials were also transmitted in plain text as part of the configuration form. This could result in exposure of the credentials through browser extensions, cross-site scripting vulnerabilities, and similar situations.
The remote API in Jenkins shows information about tasks (typically builds) currently running on that agent. This included information about tasks that the current user otherwise has no access to, e.g., due to lack of Item/Read permission.
Jenkins provides information about Jenkins user accounts which is generally available to anyone with Overall/Read permissions via the /user/(username)/api remote API. This included Jenkins users' email addresses if the Mailer Plugin is installed.
The Jenkins remote API at /queue/item/(ID)/api showed information about tasks in the queue (typically builds waiting to start). This included information about tasks that the current user otherwise has no access.
Jenkins Multijob plugin does not check permissions in the Resume Build action, allowing anyone with Job/Read permission to resume the build.
The Jenkins remote API at /job/(job-name)/api contained information about upstream and downstream projects. This included information about tasks that the current user otherwise has no access to.
Jenkins Swarm Plugin bundles a version of the commons-httpclient library that incorrectly verifies SSL certificates, making it susceptible to man-in-the-middle attacks.
The Jenkins default form control for passwords and other secrets, <f:password/>, supports form validation. The form validation AJAX requests were sent via GET, which could result in secrets being logged to an HTTP access log in non-default configurations of Jenkins, and made available to users with access to these log files.
Jenkins bundles a version of the commons-fileupload library with a denial-of-service vulnerability.
Jenkins stores metadata related to people, which encompasses actual user accounts, as well as users appearing in SCM, in directories corresponding to the user ID on disk. These directories used the user ID for their name without additional escaping, potentially resulting in problems like overwriting of unrelated configuration files.
Jenkins bundled a version of the commons-httpclient library that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks.
Autocompletion suggestions for text fields were not escaped, resulting in a persisted cross-site scripting vulnerability if the source for the suggestions allowed specifying text that includes HTML metacharacters like less-than and greater-than characters.
Jenkins Active Choices plugin allowed users with "Job/Configure" permission to provide arbitrary HTML to be shown on the "Build With Parameters" page through the "Active Choices Reactive Reference Parameter" type. This could include, for example, arbitrary JavaScript. Active Choices now sanitizes the HTML inserted on the "Build With Parameters" page if and only if the script is executed in a sandbox. As unsandboxed scripts are subject to administrator approval, it …
Some URLs provided by Jenkins global-build-stats plugin returned a JSON response that contained request parameters. These responses had the Content Type: text/html, so could have been interpreted as HTML by clients, resulting in a potential reflected cross-site scripting vulnerability. Additionally, some URLs provided by global-build-stats plugin that modify data did not require POST requests to be sent, resulting in a potential cross-site request forgery vulnerability.
The Jenkins Delivery Pipeline Plugin uses the unescaped content of the query parameter "fullscreen" in its JavaScript, resulting in a cross-site scripting vulnerability through specially crafted URLs.
Users with the ability to configure sandboxed Groovy scripts are able to use a type coercion feature in Groovy to create new File objects from strings. This allowed reading arbitrary files on the Jenkins master file system. Such a type coercion is now subject to sandbox protection and considered to be a call to the new File(String) constructor for the purpose of in-process script approval.
Any authenticated user (valid client certificate but without ACL permissions) could upload a template which contained malicious code and caused a denial of service via Java deserialization attack.
Resteasy allows Yaml unmarshalling via Yaml.load() in YamlProvider.
GitHub Electron has a vulnerability in the protocol handler.
Next.js has Directory Traversal in the /_next request namespace.
The AJP connector in undertow does not use the ALLOW_ENCODED_SLASH option and thus allow the the slash / anti-slash characters encoded in the url which may lead to path traversal and result in the information disclosure of arbitrary local files.
The YARN NodeManager in Apache Hadoop can leak the password for credential store provider used by the NodeManager to YARN Applications.
The YARN NodeManager can leak the password for credential store provider used by the NodeManager to YARN Applications.
The YARN NodeManager can leak the password for the credential store provider used by the NodeManager to YARN Applications.
A race condition during Jenkins startup could result in the wrong order of execution of commands during initialization. There is a very short window of time after startup during which Jenkins may no longer show the "Please wait while Jenkins is getting ready to work" message but Cross-Site Request Forgery (CSRF) protection may not yet be effective.
A race condition during Jenkins startup could result in the wrong order of execution of commands during initialization. This could in rare cases result in failure to initialize the setup wizard on the first startup. This resulted in multiple security-related settings not being set to their usual strict default.
Malicious input in the highlighterId parameter of the clipboard.swf component can be leveraged in a reflected XSS on hosts serving Redis Commander. Mitigating factors: Flash must be installed/enabled for this to work.
In the CSV export feature of SilverStripe, it is possible for the output to contain macros and scripts, which may be executed if imported without sanitization into common software.
Jenkins FindBugs Plugin processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.
A malicious X-ProxyContextPath or X-Forwarded-Context header containing external resources or embedded code could cause remote code execution.
A malicious host header in an incoming HTTP request could cause NiFi to load resources from an external server.
yjmyjmyjm is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.
A crafted GET request can be leveraged to traverse the directory structure of a host using the augustine web server package, and request arbitrary files outside of the specified web root. This allows for a remote attacker to gain access to arbitrary files on the filesystem that the process has access to read. Mitigating factors: Only files that the user running augustine has permission to read will be accessible via …
A crafted GET request can be leveraged to traverse the directory structure of a host using the lactate web server package, and request arbitrary files outside of the specified web root. This allows for a remote attacker to gain access to arbitrary files on the filesystem that the process has access to read. Mitigating factors: Only files that the user running lactate has permission to read will be accessible via …
jQuery 3.0.0-rc.1 is vulnerable to Denial of Service (DoS) due to removing a logic that lowercased attribute names. Any attribute getter using a mixed-cased name for boolean attributes goes into an infinite recursion, exceeding the stack call limit.
jQuery 3.0.0-rc.1 is vulnerable to Denial of Service (DoS) due to removing a logic that lowercased attribute names. Any attribute getter using a mixed-cased name for boolean attributes goes into an infinite recursion, exceeding the stack call limit.
jQuery 3.0.0-rc.1 is vulnerable to Denial of Service (DoS) due to removing a logic that lowercased attribute names. Any attribute getter using a mixed-cased name for boolean attributes goes into an infinite recursion, exceeding the stack call limit.
jQuery 3.0.0-rc.1 is vulnerable to Denial of Service (DoS) due to removing a logic that lowercased attribute names. Any attribute getter using a mixed-cased name for boolean attributes goes into an infinite recursion, exceeding the stack call limit.
Zenario is vulnerable to SQL injection via the Name parameter.
Moodle has Server Side Request Forgery in the filepicker.
Shopware is affected by two non-persistent Cross-site Scripting (XSS) vulnerabilities in the frontend.
The setting for blocked hosts list can be bypassed with multiple A record hostnames.
In Yii Framework, remote attackers could obtain potentially sensitive information from exception messages, or exploit reflected XSS on the error handler page in non-debug mode. Related to base/ErrorHandler.php, log/Dispatcher.php, and views/errorHandler/exception.php.
In Moodle, the quiz web services allow students to see quiz results when it is prohibited in the settings.
Remote attackers can obtain potentially sensitive information from exception messages printed by the error handler in non-debug mode.
Remote attackers can obtain potentially sensitive information from exception messages printed by the error handler in non-debug mode.
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
FasterXML jackson-databind allows unauthenticated remote code execution. This is exploitable via two different gadgets that bypass a denylist.
The switchIdentity() function in web/User.php did not regenerate the CSRF token upon a change of identity.
The switchIdentity() function in web/User.php did not regenerate the CSRF token upon a change of identity.
Moodle is vulnerable to XSS via a calendar event name.
Non-Persistent XSS in shopware.
In Yii Framework, the switchIdentity function in web/User.php does not regenerate the CSRF token upon a change of identity.
keycloak-httpd-client-install allow users to insecurely pass password through command line, leaking it via command history and process info to other local users.
keycloak-httpd-client-install insecurely creates temporary file allowing local attackers to overwrite other files via symbolic link.
Vulnerability in Apache Hadoop allows a cluster user to expose private files owned by the user running the MapReduce job history server process. The malicious user can construct a configuration file containing XML directives that reference sensitive files on the MapReduce job history server host.
An exploitable cross site scripting (XSS) vulnerability exists in the filter functionality of the delayed_job_web rails gem. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript in the victim's browser. An attacker can phish an authenticated user to trigger this vulnerability.
An exploitable cross site scripting (XSS) vulnerability exists in the "add filter" functionality of the rails_admin rails gem. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attacker can phish an authenticated user to trigger this vulnerability.
The vulnerability is in the "unsubscribe" module of the newsletter extension and can easily be exploited by anyone in the front end. If you are not using the newsletter extension or the "unsubscribe" module, your installation is not affected by the vulnerability.
There's a XSS vulnerability is in the "unsubscribe" module of the newsletter extension and it can easily be exploited by anyone in the front end. If you are not using the newsletter extension or the "unsubscribe" module, your installation is not affected by the vulnerability.
The jQuery library, which is included in rdoc, is vulnerable to Cross-site Scripting (XSS) attacks. jQuery only deems the input to be HTML if it explicitly starts with the < character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.
The jQuery library, which is included in rdoc, is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
A race condition in Guacamole's terminal emulator could allow writes of blocks of printed data to overlap. Such overlapping writes could cause packet data to be misread as the packet length, resulting in the remaining data being written beyond the end of a statically-allocated buffer.
libp2p-secio is not correctly checking the that the PeerId of the DstPeer matched the PeerId that the peer learns through the Crypto Handshake creating a high severity vulnerability as the purpose of SECIO is to authenticate the other Peer.
The featurebook is vulnerable to a Directory Traversal attack. This may allow attackers to access confidential resources that exist outside of the intended web root of the service. This is mitigated significantly by the fact that featurebook is clearly not intended to be run in production code nor to be exposed to an untrusted network.
mobile-icon-resizer has a code execution vulnerability via the image resizing configuration: the parameters ratio and baseRatio are passed directly to eval(), thus allowing dynamic javascript payloads to be executed.
serve-here is vulnerable to a directory traversal attack. This means that files on the local file system which exist outside of the web root may be disclosed to an attacker. This might include confidential files. Mitigating Factors: if the node process is run as a user with very limited filesystem permissions, there is significantly less risk of exposing confidential/private information.
The WPGlobus plug for WordPress is vulnerable to CSRF via wp-admin/options.php.
The WPGlobus plug for WordPress has a XSS in wp-admin/options.php.
The WPGlobus plug for WordPress has an XSS in wp-admin/options.php.
The WPGlobus plug for WordPress has an XSS in wp-admin/options.php.
The WPGlobus plug for WordPress has an XSS in wp-admin/options.php.
The WPGlobus plug for WordPress has an XSS in wp-admin/options.php.
The WPGlobus plug for WordPress has an XSS in wp-admin/options.php.
An attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue().
ASP.NET Core allow an elevation of privilege vulnerability due to the ASP.NET Core project templates, aka "ASP.NET Core Elevation Of Privilege Vulnerability". This CVE is unique from CVE-2018-0808.
The program exposes password information in plaintext in the process list. This may allow a local attacker to gain access to password information.
A flaw in /lib/lawn.rb is causing the application to expose password information in plaintext in the process table. This may allow a local attacker to gain access to password information.
The application is exposing credential information in plaintext in the process table due to a flaw in /lib/commands/setup.rb. This may allow a local attacker to gain access to credential information.
Invalid characters are allowed in query strings and path parameters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own.
lib/vlad/dba/mysql.rb in the VladTheEnterprising gem for Ruby allows local users to write to arbitrary files via a symlink attack on /tmp/my.cnf.#{target_host}.
There is s a flaw in /dataset/lib/dataset/database/postgresql.rb that is triggered as the program exposes the MySQL or PostgreSQL password in the process list. This may allow a local attacker to gain access to password information.
(1) lib/backup/cli/utility.rb in the backup-agoddard gem and (2) lib/backup/cli/utility.rb in the backup_checksum gem for Ruby place credentials on the openssl command line, which allows local users to obtain sensitive information by listing the process.
FasterXML jackson-databind allows unauthenticated remote code execution. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a denylist that is ineffective if the Spring libraries are available in the classpath.
A flaw in the way URLs are escaped and encoded in the org.apache.sling.xss.impl.XSSAPIImpl#getValidHref and org.apache.sling.xss.impl.XSSFilterImpl#isValidHref allows special crafted URLs to pass as valid, although they carry XSS payloads.
ASP.NET Core allow a cross site request forgery vulnerability due to the ASP.NET Core project templates, aka "ASP.NET Core Cross Site Request Forgery Vulnerability".
It exposes the password to the process table, and is vulnerable to command injection if used in the context of a RoR application. The #{@username} and #{@password} variables aren't properly sanitized before being passed to the command line.
VladTheEnterprising Gem for Ruby contains a flaw as the program creates temporary files insecurely. It is possible for a local attacker to use a symlink attack against the /tmp/my.cnf.#{target_host} file they can overwrite arbitrary files, gain access to the MySQL root password, or inject arbitrary commands.
If this Gem is used in the context of a RoR app a malicious user may inject commands via #{imagefile} and #{tmpfile} using shell meta characters like ; and sending an escaped " if the raw option is not set.
User supplied input is not properly sanitized for #{user} and #{password} in the create_user helper method. This can lead to command injection if this gem is used in the context of a RoR application. The password is also exposed to the process table listing and its hash is also going to have the same salt every time.
If it is used in the context of a RoR application, since the user input isn't properly sanitized, the method decrypt in /lib/backup/cli/utility.rb is vulnerable to command injection.
It contains a flaw in /lib/ksymfony1.rb that is triggered when handling metacharacters. This may allow a remote attacker to execute arbitrary commands.
It contains a flaw as default.rb creates temporary files insecurely. It is possible for a local attacker to use a symlink attack against the /tmp/perlbrew-installer file to overwrite the contents with their own code executing it as the ciborg process owner.
The script /test/tc_database.rb exposes MySQL password information in plaintext in the process table. If this Gem is used in the context of a RoR application a remote attacker might be able to inject commands via the #{user} and #{password} variables as they are not sanitized before being passed to the shell.
The file /lib/lynx/pipe/get.rb does not properly sanitize user input before sending to command line. It may allow a remote attacker to execute arbitrary commands.
Microsoft ChakraCore allows an attacker to bypass Control Flow Guard (CFG) in conjunction with another vulnerability to run arbitrary code on a target system, due to how the Chakra scripting engine handles accessing memory, aka "Scripting Engine Security Feature Bypass".
A malicious user with read access to specific regions within a Geode cluster may execute OQL queries that allow read and write access to objects within unauthorized regions. In addition a user could invoke methods that allow remote code execution.
A malicious user with read access to specific regions within a Geode cluster may execute OQL queries containing a region name as a bind parameter that allow read access to objects within unauthorized regions.
When an authenticated user connects to a Geode cluster using the gfsh tool with HTTP, the user is able to obtain status information and control cluster members even without CLUSTER:MANAGE privileges.
The implementation used this package to check that the server hostname matches the domain name in the subject's CN field was flawed. This can be exploited by a Man-in-the-middle (MITM) attack, where the attacker can spoof a valid certificate using a specially crafted subject.
The implementation used this package to check that the server hostname matches the domain name in the subject's CN field was flawed. This can be exploited by a Man-in-the-middle (MITM) attack, where the attacker can spoof a valid certificate using a specially crafted subject.
Magento Community Edition and Enterprise Edition have CSRF resulting in deletion of a customer address from an address book, aka APPSEC-1433.
Malicious PATCH requests submitted to servers using Spring Data REST backed HTTP resources can use specially crafted JSON data to run arbitrary Java code.
Malicious PATCH requests submitted to servers using Spring Data REST backed HTTP resources can use specially crafted JSON data to run arbitrary Java code.
Microsoft Edge in Windows Gold, and Windows Server allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.
Microsoft Edge in Windows allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, and CVE-2018-0781.
Microsoft Edge in Windows Gold, and Windows Server allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.
Microsoft Edge in Windows Gold, and Windows Server allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.
Microsoft Edge in Windows allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.
Microsoft Edge in Windows allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.
Microsoft Edge in Windows Gold, and Windows Server allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, and CVE-2018-0778.
Internet Explorer in Microsoft Windows 7 SP1, Windows Server and R2 SP1, Windows and Windows RT, Windows Server and R2, and Internet Explorer and Microsoft Edge in Windows Gold, and Windows Server allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, …
Internet Explorer in Microsoft Windows 7 SP1, Windows Server and R2 SP1, Windows and Windows RT, Windows Server and R2, and Internet Explorer and Microsoft Edge in Windows Gold, and Windows Server allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0768, …
Microsoft Edge in Windows Gold, and Windows Server allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.
Microsoft Edge in Windows allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.
Microsoft Edge in Windows Gold, and Windows Server allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0778, and CVE-2018-0781.
Microsoft Edge in Windows allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.
Microsoft Edge in Microsoft Windows Gold, and Windows Server allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0767 and CVE-2018-0800.
Microsoft Edge in Microsoft Windows, and Windows Server allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0780 and CVE-2018-0800.
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
A vulnerability in the Cisco node-jose open source library could allow an unauthenticated, remote attacker to re-sign tokens using a key that is embedded within the token. The vulnerability is due to node-jose following the JSON Web Signature (JWS) standard for JSON Web Tokens (JWTs). This standard specifies that a JSON Web Key (JWK) representing a public key can be embedded within the header of a JWS. This public key …
Microsoft Edge in Microsoft Windows allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0767 and CVE-2018-0780.
Radiant CMS has XSS via crafted Markdown input in the part_body_content parameter to an admin/pages/*/edit resource.
Apache DeltaSpike-JSF has an XSS injection leak in the windowId handling. The default size of the windowId gets cut off characters (by default), so the impact might be limited.
Any authorized Mautic user could use the Filemanager to download any file from the server that the web user has access to.
XMLBundle is vulnerable to XXE attacks which can result in denial of service attacks.
Mautic allows a disabled user to still login using email address.
Mautic is vulnerable to an inline JS XSS attack when using Mautic forms on a Mautic landing page using GET parameters to pre-populate the form.
QuickApps CMS is vulnerable to Stored Cross-site Scripting in the user's real name field resulting in denial of service and performing unauthorised actions with an administrator user's account.
Shiba markdown live preview is vulnerable to XSS which leads to code execution due to enabled node integration.
LavaLite is vulnerable to stored cross-site scripting vulnerability, within the blog creation page, which can result in disruption of service and execution of javascript code.
phpMyAdmin versions is vulnerable to a CSRF weakness. By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping or truncating tables etc.
Smarty 3 is vulnerable to a PHP code injection when calling fetch() or display() functions on custom resources that does not sanitize template name.
There's a Cross-Site Scripting (XSS) vulnerability in the content/search module in eZ Publish legacy, which allows javascript to be injected.
An XML Signature Wrapping vulnerability exists in Samlify which could allow attackers to impersonate arbitrary users.
phpBB is vulnerable to SSRF in the Remote Avatar function resulting allowing an attacker to perform port scanning, requesting internal content and potentially attacking such internal services via the web application.
marked is vulnerable to an XSS attack in the data: URI parser.
marked is vulnerable to an XSS attack in the data: URI parser.
fs-git is an API for git that relies on child_process.exec. The buildCommand method used to construct exec strings does not properly sanitize data and is vulnerable to command injection across all methods that use it and call exec.
Github Electron is vulnerable to a URL Spoofing problem when opening PDFs in PDFium resulting loading arbitrary PDFs that a hacker can control.
Craft CMS allows remote attackers to execute arbitrary PHP code by using the Assets->Upload files screen and then the Replace it option, because this allows a .jpg file to have embedded PHP code, and then be renamed to a .php extension.