Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-26 | CVE-2017-1000393 | OS Command Injection vulnerability in Jenkins Jenkins 2.73.1 and earlier, 2.83 and earlier users with permission to create or configure agents in Jenkins could configure a launch method called 'Launch agent via execution of command on master'. | 8.8 |
| 2018-01-26 | CVE-2017-1000391 | Improper Input Validation vulnerability in Jenkins Jenkins versions 2.88 and earlier and 2.73.2 and earlier stores metadata related to 'people', which encompasses actual user accounts, as well as users appearing in SCM, in directories corresponding to the user ID on disk. | 7.3 |
| 2018-01-26 | CVE-2017-1000387 | Insufficiently Protected Credentials vulnerability in Jenkins Build-Publisher Jenkins Build-Publisher plugin version 1.21 and earlier stores credentials to other Jenkins instances in the file hudson.plugins.build_publisher.BuildPublisher.xml in the Jenkins master home directory. | 7.8 |
| 2018-01-26 | CVE-2017-3762 | Use of Hard-coded Credentials vulnerability in Lenovo Fingerprint Manager PRO 8.01.86 Sensitive data stored by Lenovo Fingerprint Manager Pro, version 8.01.86 and earlier, including users' Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system in which it is installed. | 7.8 |
| 2018-01-25 | CVE-2016-10710 | Improper Input Validation vulnerability in Biscom Secure File Transfer 5.0.1000/5.0.1048 Biscom Secure File Transfer (SFT) 5.0.1000 through 5.0.1048 does not validate the dataFieldId value, and uses sequential numbers, which allows remote authenticated users to overwrite or read files via crafted requests. | 8.1 |
| 2018-01-25 | CVE-2018-6315 | Integer Overflow or Wraparound vulnerability in multiple products The outputSWF_TEXT_RECORD function (util/outputscript.c) in libming through 0.4.8 is vulnerable to an integer overflow and resultant out-of-bounds read, which may allow attackers to cause a denial of service or unspecified other impact via a crafted SWF file. | 8.8 |
| 2018-01-25 | CVE-2018-1051 | Deserialization of Untrusted Data vulnerability in Redhat Resteasy 3.0.22/3.1.2 It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possible via `Yaml.load()` in YamlProvider. | 8.1 |
| 2018-01-25 | CVE-2017-15132 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. | 7.5 |
| 2018-01-25 | CVE-2018-5954 | Resource Exhaustion vulnerability in PHPfreechat phpFreeChat 1.7 and earlier allows remote attackers to cause a denial of service by sending a large number of connect commands. | 7.5 |
| 2018-01-25 | CVE-2018-5748 | Resource Exhaustion vulnerability in multiple products qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply. | 7.5 |