CVE-2018-12188

CVE-2018-12188: In Intel CSME (and related TXE/AMS components) there is insufficient input validation prior to specific firmware versions (CSME <11.8.60/11.11.60/11.22.60/12.0.20; TXE

PHP Uninitialized Read Vulnerability

PHP is a general-purpose open source scripting language. The syntax absorbs the characteristics of the C language , Java and Perl , easy to learn , widely used , mainly in the field of Web development . An uninitialized read vulnerability exists in exifprocessIFDinTIFF in the EXIF component of PH...

Design/Logic Flaw

A data modification vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgent.java that allows attackers with Overall/Read permission to attach a public IP address to an Azure VM agent...

CVE-2019-1003036

A data modification vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgent.java that allows attackers with Overall/Read permission to attach a public IP address to an Azure VM agent...

CVE-2019-1003036

A data modification vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgent.java that allows attackers with Overall/Read permission to attach a public IP address to an Azure VM agent...

CVE-2019-1003036

A data modification vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgent.java that allows attackers with Overall/Read permission to attach a public IP address to an Azure VM agent...

CVE-2019-1003036

The vulnerability CVE-2019-1003036 affects Jenkins with the Azure VM Agents Plugin ≤ 0.8.0, where a flaw in AzureVMAgent.java allows attackers holding Overall/Read permission to attach a public IP to an Azure VM agent. Root cause: missing permission check in the plugin code. Impact is described a...

PT-2019-11329 · Jenkins · Jenkins Azure Vm Agents Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Azure VM Agents Plugin versions 0.8.0 and earlier Description: A data modification issue exists that allows attackers with Overall/Read permission to attach a public IP address to an Azure VM agent. This is related to the...

CVE-2019-9201

Multiple Phoenix Contact devices allow remote attackers to establish TCP sessions to port 1962 and obtain sensitive information or make changes, as demonstrated by using the Create Backup feature to traverse all directories...

WordPress Plugin Snax SQL Injection Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in the WordPress plugin Snax. The vulnerability is due to the program failing to...

WordPress Plugin Advanced Custom Fields Pro SQL Injection Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. WordPress plugin Advanced Custom Fields Pro SQL injection vulnerability. The vulnerability is caused due to the program faili...

GNU Binutils Excessive Memory Allocation Attempt Vulnerability (CNVD-2019-22421)

GNU Binutils is a set of programming tools for creating and managing binary programs, object files, libraries, profile data and assembly source code. An excessive memory allocation attempt vulnerability exists in bfdelfslurpversiontables in elf.c in the Binary File Descriptor BFD library i.e...

The vulnerability of the SQL Extensions sub-component of the Oracle Applications Manager component in the Oracle E-Business Suite allows a perpetrator to modify protected data.

The vulnerability of the SQL Extensions component of the Oracle Applications Manager, a business automation system within the Oracle E-Business Suite, is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to modify,...

The vulnerability of the Stylesheet component in the Oracle PeopleSoft Enterprise PeopleTools business application package allows a hacker to modify protected data.

The vulnerability of the Stylesheet component in the Oracle PeopleSoft Enterprise PeopleTools business application suite is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to modify, add, or delete protected data...

The vulnerability of the Oracle Hospitality Reporting and Analytics component in the Oracle Food and Beverage Applications software package allows a perpetrator to gain read-only access to data or modify data.

The vulnerability of the Oracle Hospitality Reporting and Analytics component in the Oracle Food and Beverage Applications suite is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain read access to data or to modify, add, or delete data...

The vulnerability of the WLS component – the deployment server of Oracle WebLogic Server – allows a perpetrator to modify protected data.

The vulnerability of the WLS component – the deployment of Oracle WebLogic Server applications – is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to remotely gain access to modify, add, or delete protected data through HTTP requests...

The vulnerability of the Solaris operating system’s kernel, which allows a hacker to modify data or cause service interruptions.

The vulnerability of the Solaris operating system’s kernel is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to modify, add, or delete data, or cause service failures...

jenkins-plugin-blueocean: Blue Ocean did not require CSRF tokens (SECURITY-1201)

A data modification vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-core-js/src/js/bundleStartup.js, blueocean-core-js/src/js/fetch.ts, blueocean-core-js/src/js/i18n/i18n.js, blueocean-core-js/src/js/urlconfig.js,...

Insecure Data Modification

Jenkins Job Import Plugin is vulnerable to unauthorized data modification. An attacker is able to copy jobs from another preconfigured Jenkins instance to install additional plugins and load the imported job's configurations...

Design/Logic Flaw

A data modification vulnerability exists in Jenkins Job Import Plugin 3.0 and earlier in JobImportAction.java that allows attackers to copy jobs from a preconfigured other Jenkins instance, potentially installing additional plugins necessary to load the imported job's configuration...