CVE-2020-2137
Jenkins Timestamper Plugin 1.11.1 and earlier does not sanitize HTML formatting of its output, resulting in a stored XSS vulnerability exploitable by attackers with Overall/Administer permission.
Source: CVE-2020-2137
[월:] 2020년 03월
CVE-2020-2138
CVE-2020-2138
Jenkins Cobertura Plugin 1.15 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
Source: CVE-2020-2138
CVE-2020-10236
CVE-2020-10236
An issue was discovered in Froxlor before 0.10.14. It created files with static names in /tmp during installation if the installation directory was not writable. This allowed local attackers to cause DoS or disclose information out of the config files, because of _createUserdataConf in install/lib/class.FroxlorInstall.php.
Source: CVE-2020-10236
CVE-2019-20226
CVE-2019-20226
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
Source: CVE-2019-20226
CVE-2019-10806
CVE-2019-10806
vega-util prior to 1.13.1 allows manipulation of object prototype. The ‘vega.mergeConfig’ method within vega-util could be tricked into adding or modifying properties of the Object.prototype.
Source: CVE-2019-10806
CVE-2020-10175
CVE-2020-10175
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Source: CVE-2020-10175
CVE-2020-4217
CVE-2020-4217
The IBM Spectrum Scale 4.2 and 5.0 file system component is affected by a denial of service security vulnerability. An attacker can force the Spectrum Scale mmfsd/mmsdrserv daemons to unexpectedly exit, impacting the functionality of the Spectrum Scale cluster and the availability of file systems managed by Spectrum Scale. IBM X-Force ID: 175067.
Source: CVE-2020-4217
CVE-2020-9282
CVE-2020-9282
In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before 19.10.2, certain personal information is discoverable inspecting network responses on the ‘Edit access’ screen when sharing portfolios.
Source: CVE-2020-9282
CVE-2015-7968
CVE-2015-7968
nwbc_ext2int in SAP NetWeaver Application Server before Security Note 2183189 allows XXE attacks for local file inclusion via the sap/bc/ui2/nwbc/nwbc_ext2int/ URI.
Source: CVE-2015-7968
CVE-2015-7344
CVE-2015-7344
HikaShop Joomla Component before 2.6.0 has XSS via an injected payload[/caption].
Source: CVE-2015-7344