Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2018-01-23 CVE-2017-2742 Unspecified vulnerability in HP web Jetadmin
A potential security vulnerability has been identified with HP Web Jetadmin before 10.4 SR2.
network
low complexity
hp
7.5
2018-01-23 CVE-2017-2740 Unspecified vulnerability in HP Thinpro
A potential security vulnerability has been identified with the command line shell of the HP ThinPro operating system 6.1, 5.2.1, 5.2, 5.1, 5.0, and 4.4.
local
low complexity
hp
7.8
2018-01-23 CVE-2017-15107 Unspecified vulnerability in Thekelleys Dnsmasq
A vulnerability was found in the implementation of DNSSEC in Dnsmasq up to and including 2.78.
network
low complexity
thekelleys
7.5
2018-01-23 CVE-2017-15091 Improperly Implemented Security Check for Standard vulnerability in Powerdns Authoritative
An issue has been found in the API component of PowerDNS Authoritative 4.x up to and including 4.0.4 and 3.x up to and including 3.4.11, where some operations that have an impact on the state of the server are still allowed even though the API has been configured as read-only via the api-readonly keyword.
network
low complexity
powerdns CWE-358
7.1
2018-01-23 CVE-2018-1000014 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Translation Assistance
Jenkins Translation Assistance Plugin 1.15 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to override localized strings displayed to all users on the current Jenkins instance if the victim is a Jenkins administrator.
network
low complexity
jenkins CWE-352
8.8
2018-01-23 CVE-2018-1000013 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Release
Jenkins Release Plugin 2.9 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to trigger release builds.
network
low complexity
jenkins CWE-352
8.8
2018-01-23 CVE-2018-1000012 XXE vulnerability in Jenkins Warnings
Jenkins Warnings Plugin 4.64 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.
network
low complexity
jenkins CWE-611
8.8
2018-01-23 CVE-2018-1000011 XXE vulnerability in Jenkins Findbugs
Jenkins FindBugs Plugin 4.71 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.
network
low complexity
jenkins CWE-611
8.8
2018-01-23 CVE-2018-1000010 XXE vulnerability in Jenkins DRY
Jenkins DRY Plugin 2.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.
network
low complexity
jenkins CWE-611
8.8
2018-01-23 CVE-2018-1000009 XXE vulnerability in Jenkins Checkstyle
Jenkins Checkstyle Plugin 3.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.
network
low complexity
jenkins CWE-611
8.8