Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-09 | CVE-2018-1000056 | Server-Side Request Forgery (SSRF) vulnerability in Jenkins Junit Jenkins JUnit Plugin 1.23 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks. | 8.3 |
| 2018-02-09 | CVE-2018-1000055 | Server-Side Request Forgery (SSRF) vulnerability in Jenkins Android Lint Jenkins Android Lint Plugin 2.5 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks. | 8.3 |
| 2018-02-09 | CVE-2018-1000054 | Server-Side Request Forgery (SSRF) vulnerability in Jenkins CCM Jenkins CCM Plugin 3.1 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks. | 8.3 |
| 2018-02-09 | CVE-2018-1000053 | Cross-Site Request Forgery (CSRF) vulnerability in Limesurvey 3.0.0 LimeSurvey version 3.0.0-beta.3+17110 contains a Cross ite Request Forgery (CSRF) vulnerability in Theme Uninstallation that can result in CSRF causing LimeSurvey admins to delete all their themes, rendering the website unusable. | 8.8 |
| 2018-02-09 | CVE-2018-1000052 | Use of Externally-Controlled Format String vulnerability in FMT fmtlib version prior to version 4.1.0 (before commit 0555cea5fc0bf890afe0071a558e44625a34ba85) contains a Memory corruption (SIGSEGV), CWE-134 vulnerability in fmt::print() library function that can result in Denial of Service. | 7.5 |
| 2018-02-09 | CVE-2018-1000051 | Use After Free vulnerability in multiple products Artifex Mupdf version 1.12.0 contains a Use After Free vulnerability in fz_keep_key_storable that can result in DOS / Possible code execution. | 7.8 |
| 2018-02-09 | CVE-2018-1000050 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in STB Vorbis Project STB Vorbis Sean Barrett stb_vorbis version 1.12 and earlier contains a Buffer Overflow vulnerability in All vorbis decoding paths. | 8.8 |
| 2018-02-09 | CVE-2018-1000049 | Improper Input Validation vulnerability in Nanopool Claymore Dual Miner Nanopool Claymore Dual Miner version 7.3 and earlier contains a remote code execution vulnerability by abusing the miner API. | 7.5 |
| 2018-02-09 | CVE-2018-1000048 | Deserialization of Untrusted Data vulnerability in Nasa Rtretrievalframework 1.0 NASA RtRetrievalFramework version v1.0 contains a CWE-502 vulnerability in Data retrieval functionality of RtRetrieval framework that can result in remote code execution. | 8.8 |
| 2018-02-09 | CVE-2018-1000047 | Deserialization of Untrusted Data vulnerability in Nasa Kodiak 1.0 NASA Kodiak version v1.0 contains a CWE-502 vulnerability in Kodiak library's data processing function that can result in remote code execution. | 8.8 |