CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

23 matches found

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2014-2107

Malware in sbrugna...

5CVSS6AI score0.00145EPSS

Exploits0References7

SUSE CVE•added 2023/02/15 5:30 a.m.•1 views

SUSE CVE-2014-2060

The Winstone servlet container in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack sessions via unspecified vectors...

5CVSS6.6AI score0.00145EPSS

Exploits0References3

Snyk•added 2022/05/17 3:53 a.m.•0 views

Cross-site Scripting (XSS)

Overview org.jenkins-ci:winstone is a command line wrapper around Jetty. Affected versions of this package are vulnerable to Cross-site Scripting XSS via error messages. An attacker can inject arbitrary web script or HTML by crafting malicious input that triggers these error messages. Details...

3.7CVSS5.3AI score0.00383EPSS

Exploits0References2

OSV•added 2022/05/17 3:53 a.m.•0 views

GHSA-9C26-CF8C-MW43 Jenkins allows Remote Attackers to Hijack Sessions

The Winstone servlet container in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack sessions via unspecified vectors...

6.9CVSS5.9AI score0.00145EPSS

Exploits0References4

Github Security Blog•added 2022/05/17 3:53 a.m.•6 views

Jenkins allows Remote Attackers to Hijack Sessions

The Winstone servlet container in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack sessions via unspecified vectors...

5CVSS6.7AI score0.00145EPSS

Exploits0References4Affected Software1

Snyk•added 2022/05/17 3:53 a.m.•1 views

User Impersonation

Overview org.jenkins-ci:winstone is a command line wrapper around Jetty. Affected versions of this package are vulnerable to User Impersonation. An attacker can hijack user sessions by exploiting unspecified vectors. Remediation Upgrade org.jenkins-ci:winstone to version 0.9.10-jenkins-48 or...

9.3CVSS7.1AI score0.00145EPSS

Exploits0References2

Snyk•added 2022/05/14 2:13 a.m.•1 views

Cross-site Scripting (XSS)

Overview org.jenkins-ci:winstone is a command line wrapper around Jetty. Affected versions of this package are vulnerable to Cross-site Scripting XSS. An attacker with some degree of write access can inject arbitrary web script or HTML into generated pages. Note: This attack can be only mounted...

3.5CVSS5.2AI score0.00105EPSS

Exploits0References2

Tenable Nessus•added 2021/11/18 12:0 a.m.•40 views

Jenkins Enterprise and Operations Center < 2.249.31.0.1 / 2.277.3.1 DoS (CloudBees Security Advisory 2021-04-20)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.249.x prior to 2.249.31.0.1, or 2.x prior to 2.277.3.1. It is, therefore, affected by a denial of service vulnerability due to an issue with Winstone-Jetty. An unauthenticated, remote attacker can...

7.8CVSS7AI score0.13581EPSS

Exploits1References2

The Hacker News•added 2020/08/18 9:55 a.m.•0 views

Critical Jenkins Server Vulnerability Could Leak Sensitive Information

Jenkins—a popular open-source automation server software—published an advisory on Monday concerning a critical vulnerability in the Jetty web server that could result in memory corruption and cause confidential information to be disclosed. Tracked as CVE-2019-17638, the flaw has a CVSS rating of...

9.4CVSS7.5AI score0.30928EPSS

Exploits0

Veracode•added 2019/05/02 4:55 a.m.•24 views

Session Hijacking

jenkins is vulnerable to session hijacking. The vulnerability exists in the winstone servlet container...

5CVSS6.1AI score0.01968EPSS

Exploits7References26Affected Software3

OpenVAS•added 2016/08/04 12:0 a.m.•29 views

Jenkins Winstone Servlet Cross Site Scripting Vulnerability (Nov 2011) - Windows

Jenkins is prone to a cross-site scripting vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:jenkins:jenkins";...

2.6CVSS6AI score0.00383EPSS

Exploits0References2

Exploit DB•added 2016/07/20 12:0 a.m.•38 views

Wowza Streaming Engine 4.5.0 - Remote Privilege Escalation

...

7.4AI score

Exploits0

Exploit DB•added 2016/07/20 12:0 a.m.•41 views

Wowza Streaming Engine 4.5.0 - Multiple Cross-Site Scripting Vulnerabilities

Wowza Streaming Engine 4.5.0 Multiple Cross-Site Scripting Vulnerabilities Vendor: Wowza Media Systems, LLC. Product web page: https://www.wowza.com Affected version: 4.5.0 build 18676 Platform: JSP Summary: Wowza Streaming Engine is robust, customizable, and scalable server software that powers...

7.4AI score

Exploits0

0day.today•added 2016/07/20 12:0 a.m.•63 views

Wowza Streaming Engine 4.5.0 - Multiple Cross-Site Scripting

Exploit for multiple platform in category web applications Wowza Streaming Engine 4.5.0 Multiple Cross-Site Scripting Vulnerabilities Vendor: Wowza Media Systems, LLC. Product web page: https://www.wowza.com Affected version: 4.5.0 build 18676 Platform: JSP Summary: Wowza Streaming Engine is...

7.1AI score

Exploits0

OpenVAS•added 2015/01/05 12:0 a.m.•18 views

Fedora Update for jenkins-winstone FEDORA-2014-15776

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score

Exploits0References2

Fedora•added 2014/12/06 10:55 a.m.•8 views

[SECURITY] Fedora 21 Update: jenkins-winstone-2.8-1.fc21

Winstone is a servlet container that was written out of a desire to provide servlet functionality without the bloat that full J2EE compliance introduces...

2.9AI score

Exploits0