CVE-2020-2186
A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.50.1 and earlier allows attackers to provision instances.
Source: CVE-2020-2186
[월:] 2020년 05월
CVE-2020-2181
CVE-2020-2181
Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets in the build log when the build contains no build steps.
Source: CVE-2020-2181
CVE-2020-6094
CVE-2020-6094
An exploitable code execution vulnerability exists in the TIFF fillinraster function of the igcore19d.dll library of Accusoft ImageGear 19.4, 19.5 and 19.6. A specially crafted TIFF file can cause an out-of-bounds write, resulting in remote code execution. An attacker can provide a malicious file to trigger this vulnerability.
Source: CVE-2020-6094
CVE-2020-2188
CVE-2020-2188
A missing permission check in Jenkins Amazon EC2 Plugin 1.50.1 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.
Source: CVE-2020-2188
CVE-2020-2187
CVE-2020-2187
Jenkins Amazon EC2 Plugin 1.50.1 and earlier unconditionally accepts self-signed certificates and does not perform hostname validation, enabling man-in-the-middle attacks.
Source: CVE-2020-2187
CVE-2020-6076
CVE-2020-6076
An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll ICO icoread parser of the Accusoft ImageGear 19.5.0 library. A specially crafted ICO file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.
Source: CVE-2020-6076
CVE-2020-2182
CVE-2020-2182
Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets containing a `$` character in some circumstances.
Source: CVE-2020-2182
CVE-2019-19169
CVE-2019-19169
Dext5.ocx ActiveX 5.0.0.116 and eariler versions contain a vulnerability, which could allow remote attacker to download arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution.
Source: CVE-2019-19169
CVE-2019-19168
CVE-2019-19168
Dext5.ocx ActiveX 5.0.0.116 and eariler versions contain a vulnerability, which could allow remote attacker to download and execute remote arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution.
Source: CVE-2019-19168
CVE-2019-19166
CVE-2019-19166
Tobesoft XPlatform v9.1, 9.2.0, 9.2.1 and 9.2.2 have a vulnerability that can load unauthorized DLL files. It allows attacker to cause remote code execution.
Source: CVE-2019-19166