CWE:
 

Sorry. No results for Bugtraq WLB2


CVEMAP Search Results

CVE
Details
Description
2019-08-07
Low
CVE-2019-10389

Vendor: Jenkins
Software: Relution pub...
 

 
A missing permission check in Jenkins Relution Enterprise Appstore Publisher Plugin 1.24 and earlier allows attackers to have Jenkins initiate an HTTP connection to an attacker-specified server.

 
Low
CVE-2019-10387

Vendor: Jenkins
Software: Xl testview
 

 
A missing permission check in Jenkins XL TestView Plugin 1.2.0 and earlier in XLTestView.XLTestDescriptor#doTestConnection allows users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

 
Low
CVE-2019-10377

Vendor: Jenkins
Software: Avatar
 

 
A missing permission check in Jenkins Avatar Plugin 1.2 and earlier allows attackers with Overall/Read access to change the avatar of any user of Jenkins.

 
Low
CVE-2019-10369

Vendor: Jenkins
Software: Jclouds
 

 
A missing permission check in Jenkins JClouds Plugin 2.14 and earlier in BlobStoreProfile.DescriptorImpl#doTestConnection and JCloudsCloud.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

 
2019-08-06
Low
CVE-2019-5687

Vendor: Nvidia
Software: Gpu driver
 

 
NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which an incorrect use of default permissions for an object exposes it to an unintended actor

 
Low
CVE-2016-10796

Vendor: Cpanel
Software: Cpanel
 

 
cPanel before 58.0.4 initially uses weak permissions for Apache HTTP Server log files (SEC-130).

 
2019-08-02
Medium
CVE-2017-18390

Vendor: Cpanel
Software: Cpanel
 

 
cPanel before 68.0.15 allows code execution in the context of the root account because of weak permissions on incremental backups (SEC-322).

 
Low
CVE-2017-18397

Vendor: Cpanel
Software: Cpanel
 

 
cPanel before 68.0.15 does not preserve permissions for local backup transport (SEC-330).

 
Low
CVE-2017-18422

Vendor: Cpanel
Software: Cpanel
 

 
In cPanel before 66.0.2, EasyApache 4 conversion sets weak domlog ownership and permissions (SEC-272).

 
Low
CVE-2017-18425

Vendor: Cpanel
Software: Cpanel
 

 
In cPanel before 66.0.2, the cpdavd_error_log file can be created with weak permissions (SEC-280).

 

 


Copyright 2019, cxsecurity.com

 

Back to Top