Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2018-01-23 CVE-2018-1000014 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Translation Assistance
Jenkins Translation Assistance Plugin 1.15 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to override localized strings displayed to all users on the current Jenkins instance if the victim is a Jenkins administrator.
network
low complexity
jenkins CWE-352
8.8
8.8
2018-01-23 CVE-2018-1000013 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Release
Jenkins Release Plugin 2.9 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to trigger release builds.
network
low complexity
jenkins CWE-352
8.8
8.8
2018-01-23 CVE-2018-1000012 XXE vulnerability in Jenkins Warnings
Jenkins Warnings Plugin 4.64 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.
network
low complexity
jenkins CWE-611
8.8
8.8
2018-01-23 CVE-2018-1000011 XXE vulnerability in Jenkins Findbugs
Jenkins FindBugs Plugin 4.71 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.
network
low complexity
jenkins CWE-611
8.8
8.8
2018-01-23 CVE-2018-1000010 XXE vulnerability in Jenkins DRY
Jenkins DRY Plugin 2.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.
network
low complexity
jenkins CWE-611
8.8
8.8
2018-01-23 CVE-2018-1000009 XXE vulnerability in Jenkins Checkstyle
Jenkins Checkstyle Plugin 3.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.
network
low complexity
jenkins CWE-611
8.8
8.8
2018-01-23 CVE-2018-1000008 XXE vulnerability in Jenkins PMD
Jenkins PMD Plugin 3.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.
network
low complexity
jenkins CWE-611
8.8
8.8
2018-01-23 CVE-2015-1142857 7PK - Security Features vulnerability in multiple products
On multiple SR-IOV cars it is possible for VF's assigned to guests to send ethernet flow control pause frames via the PF.
network
low complexity
intel linux dpdk CWE-254
8.6
8.6
2018-01-23 CVE-2018-6029 Server-Side Request Forgery (SSRF) vulnerability in 5None Nonecms 1.3.0
The copy function in application/admin/controller/Article.php in NoneCms 1.3.0 allows remote attackers to access the content of internal and external network resources via Server Side Request Forgery (SSRF), because URL validation only considers whether the URL contains the "csdn" substring.
network
low complexity
5none CWE-918
7.5
7.5
2018-01-23 CVE-2017-18048 Unrestricted Upload of File with Dangerous Type vulnerability in Monstra 3.0.4
Monstra CMS 3.0.4 allows users to upload arbitrary files, which leads to remote command execution on the server, for example because .php (lowercase) is blocked but .PHP (uppercase) is not.
network
low complexity
monstra CWE-434
8.8
8.8