Category Archives: CVE

CVE

Jenkins CCM Plugin 3.1 and earlier processes XML external entities in files it parses as part of the build process, allo

CVE-2018-1000054 : Jenkins CCM Plugin 3.1 and earlier processes XML external entities in files it parses as part of the build process, allo

CVEdetails.com the ultimate security vulnerability data source

Jenkins CCM Plugin 3.1 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.

Publish Date : 2018-02-09 Last Update Date : 2018-02-09


CVSS Scores & Vulnerability Types

CVSS Score

0.0

Confidentiality Impact ???
Integrity Impact ???
Availability Impact ???
Access Complexity ???
Authentication ???
Gained Access None
Vulnerability Type(s)
CWE ID CWE id is not defined for this vulnerability


Products Affected By CVE-2018-1000054

# Product Type Vendor Product Version Update Edition Language

No vulnerable product found. If the vulnerability is created recently it may take a few days to gather vulnerable products list and other information like cvss scores. Please check again in a few days.


References For CVE-2018-1000054


Metasploit Modules Related To CVE-2018-1000054

CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is
MITRE’s CVE web site.

CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is
MITRE’s CWE web site.

OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is
MITRE’s OVAL web site.

Use of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties, implied or otherwise, with regard to this information or its use.
Any use of this information is at the user’s risk.
It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content.
EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site.
ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT,
INDIRECT or any other kind of loss.

LimeSurvey version 3.0.0-beta.3+17110 contains a Cross ite Request Forgery (CSRF) vulnerability in Theme Uninstallation

CVE-2018-1000053 : LimeSurvey version 3.0.0-beta.3+17110 contains a Cross ite Request Forgery (CSRF) vulnerability in Theme Uninstallation

CVEdetails.com the ultimate security vulnerability data source

LimeSurvey version 3.0.0-beta.3+17110 contains a Cross ite Request Forgery (CSRF) vulnerability in Theme Uninstallation that can result in CSRF causing LimeSurvey admins to delete all their themes, rendering the website unusable. This attack appear to be exploitable via Simple HTML markup can be used to send a GET request to the affected endpoint.

Publish Date : 2018-02-09 Last Update Date : 2018-02-09


CVSS Scores & Vulnerability Types

CVSS Score

0.0

Confidentiality Impact ???
Integrity Impact ???
Availability Impact ???
Access Complexity ???
Authentication ???
Gained Access None
Vulnerability Type(s) CSRF
CWE ID CWE id is not defined for this vulnerability


Products Affected By CVE-2018-1000053

# Product Type Vendor Product Version Update Edition Language

No vulnerable product found. If the vulnerability is created recently it may take a few days to gather vulnerable products list and other information like cvss scores. Please check again in a few days.


References For CVE-2018-1000053


Metasploit Modules Related To CVE-2018-1000053

CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is
MITRE’s CVE web site.

CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is
MITRE’s CWE web site.

OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is
MITRE’s OVAL web site.

Use of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties, implied or otherwise, with regard to this information or its use.
Any use of this information is at the user’s risk.
It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content.
EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site.
ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT,
INDIRECT or any other kind of loss.

fmtlib version prior to version 4.1.0 (before commit 0555cea5fc0bf890afe0071a558e44625a34ba85) contains a Memory corrupt

CVE-2018-1000052 : fmtlib version prior to version 4.1.0 (before commit 0555cea5fc0bf890afe0071a558e44625a34ba85) contains a Memory corrupt

CVEdetails.com the ultimate security vulnerability data source

fmtlib version prior to version 4.1.0 (before commit 0555cea5fc0bf890afe0071a558e44625a34ba85) contains a Memory corruption (SIGSEGV), CWE-134 vulnerability in fmt::print() library function that can result in Denial of Service. This attack appear to be exploitable via Specifying an invalid format specifier in the fmt::print() function results in a SIGSEGV (memory corruption, invalid write). This vulnerability appears to have been fixed in after commit 8cf30aa2be256eba07bb1cefb998c52326e846e7.

Publish Date : 2018-02-09 Last Update Date : 2018-02-09


CVSS Scores & Vulnerability Types

CVSS Score

0.0

Confidentiality Impact ???
Integrity Impact ???
Availability Impact ???
Access Complexity ???
Authentication ???
Gained Access None
Vulnerability Type(s) Denial Of ServiceMemory corruption
CWE ID CWE id is not defined for this vulnerability


Products Affected By CVE-2018-1000052

# Product Type Vendor Product Version Update Edition Language

No vulnerable product found. If the vulnerability is created recently it may take a few days to gather vulnerable products list and other information like cvss scores. Please check again in a few days.


References For CVE-2018-1000052


Metasploit Modules Related To CVE-2018-1000052

CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is
MITRE’s CVE web site.

CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is
MITRE’s CWE web site.

OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is
MITRE’s OVAL web site.

Use of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties, implied or otherwise, with regard to this information or its use.
Any use of this information is at the user’s risk.
It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content.
EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site.
ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT,
INDIRECT or any other kind of loss.

Artifex Mupdf version 1.12.0 contains a Use After Free vulnerability in fz_keep_key_storable that can result in DOS / Po

CVE-2018-1000051 : Artifex Mupdf version 1.12.0 contains a Use After Free vulnerability in fz_keep_key_storable that can result in DOS / Po

CVEdetails.com the ultimate security vulnerability data source

Artifex Mupdf version 1.12.0 contains a Use After Free vulnerability in fz_keep_key_storable that can result in DOS / Possible code execution. This attack appear to be exploitable via Victim opens a specially crafted PDF.

Publish Date : 2018-02-09 Last Update Date : 2018-02-09


CVSS Scores & Vulnerability Types

CVSS Score

0.0

Confidentiality Impact ???
Integrity Impact ???
Availability Impact ???
Access Complexity ???
Authentication ???
Gained Access None
Vulnerability Type(s) Execute Code
CWE ID CWE id is not defined for this vulnerability


Products Affected By CVE-2018-1000051

# Product Type Vendor Product Version Update Edition Language

No vulnerable product found. If the vulnerability is created recently it may take a few days to gather vulnerable products list and other information like cvss scores. Please check again in a few days.


References For CVE-2018-1000051


Metasploit Modules Related To CVE-2018-1000051

CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is
MITRE’s CVE web site.

CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is
MITRE’s CWE web site.

OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is
MITRE’s OVAL web site.

Use of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties, implied or otherwise, with regard to this information or its use.
Any use of this information is at the user’s risk.
It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content.
EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site.
ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT,
INDIRECT or any other kind of loss.

Sean Barrett stb_vorbis version 1.12 and earlier contains a Buffer Overflow vulnerability in All vorbis decoding paths.

CVE-2018-1000050 : Sean Barrett stb_vorbis version 1.12 and earlier contains a Buffer Overflow vulnerability in All vorbis decoding paths.

CVEdetails.com the ultimate security vulnerability data source

Sean Barrett stb_vorbis version 1.12 and earlier contains a Buffer Overflow vulnerability in All vorbis decoding paths. that can result in memory corruption, denial of service, comprised execution of host program. This attack appear to be exploitable via Victim must open a specially crafted Ogg Vorbis file. This vulnerability appears to have been fixed in 1.13.

Publish Date : 2018-02-09 Last Update Date : 2018-02-09


CVSS Scores & Vulnerability Types

CVSS Score

0.0

Confidentiality Impact ???
Integrity Impact ???
Availability Impact ???
Access Complexity ???
Authentication ???
Gained Access None
Vulnerability Type(s) Denial Of ServiceOverflowMemory corruption
CWE ID CWE id is not defined for this vulnerability


Products Affected By CVE-2018-1000050

# Product Type Vendor Product Version Update Edition Language

No vulnerable product found. If the vulnerability is created recently it may take a few days to gather vulnerable products list and other information like cvss scores. Please check again in a few days.


References For CVE-2018-1000050


Metasploit Modules Related To CVE-2018-1000050

CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is
MITRE’s CVE web site.

CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is
MITRE’s CWE web site.

OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is
MITRE’s OVAL web site.

Use of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties, implied or otherwise, with regard to this information or its use.
Any use of this information is at the user’s risk.
It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content.
EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site.
ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT,
INDIRECT or any other kind of loss.

nanopool Claymore Dual Miner version 7.3 and earlier contains a Remote Code Execution vulnerability in API that can resu

CVE-2018-1000049 : nanopool Claymore Dual Miner version 7.3 and earlier contains a Remote Code Execution vulnerability in API that can resu

CVEdetails.com the ultimate security vulnerability data source

nanopool Claymore Dual Miner version 7.3 and earlier contains a Remote Code Execution vulnerability in API that can result in RCE by abusing the remote manager API. This attack appear to be exploitable via The victim must run the miner with read/write mode enabled.

Publish Date : 2018-02-09 Last Update Date : 2018-02-09


CVSS Scores & Vulnerability Types

CVSS Score

0.0

Confidentiality Impact ???
Integrity Impact ???
Availability Impact ???
Access Complexity ???
Authentication ???
Gained Access None
Vulnerability Type(s) Execute Code
CWE ID CWE id is not defined for this vulnerability


Products Affected By CVE-2018-1000049

# Product Type Vendor Product Version Update Edition Language

No vulnerable product found. If the vulnerability is created recently it may take a few days to gather vulnerable products list and other information like cvss scores. Please check again in a few days.


References For CVE-2018-1000049


Metasploit Modules Related To CVE-2018-1000049

CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is
MITRE’s CVE web site.

CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is
MITRE’s CWE web site.

OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is
MITRE’s OVAL web site.

Use of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties, implied or otherwise, with regard to this information or its use.
Any use of this information is at the user’s risk.
It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content.
EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site.
ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT,
INDIRECT or any other kind of loss.

NASA RtRetrievalFramework version v1.0 contains a CWE-502 vulnerability in Data retrieval functionality of RtRetrieval f

CVE-2018-1000048 : NASA RtRetrievalFramework version v1.0 contains a CWE-502 vulnerability in Data retrieval functionality of RtRetrieval f

CVEdetails.com the ultimate security vulnerability data source

NASA RtRetrievalFramework version v1.0 contains a CWE-502 vulnerability in Data retrieval functionality of RtRetrieval framework that can result in remote code execution. This attack appear to be exploitable via Victim tries to retrieve and process a weather data file.

Publish Date : 2018-02-09 Last Update Date : 2018-02-09


CVSS Scores & Vulnerability Types

CVSS Score

0.0

Confidentiality Impact ???
Integrity Impact ???
Availability Impact ???
Access Complexity ???
Authentication ???
Gained Access None
Vulnerability Type(s) Execute Code
CWE ID CWE id is not defined for this vulnerability


Products Affected By CVE-2018-1000048

# Product Type Vendor Product Version Update Edition Language

No vulnerable product found. If the vulnerability is created recently it may take a few days to gather vulnerable products list and other information like cvss scores. Please check again in a few days.


References For CVE-2018-1000048


Metasploit Modules Related To CVE-2018-1000048

CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is
MITRE’s CVE web site.

CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is
MITRE’s CWE web site.

OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is
MITRE’s OVAL web site.

Use of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties, implied or otherwise, with regard to this information or its use.
Any use of this information is at the user’s risk.
It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content.
EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site.
ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT,
INDIRECT or any other kind of loss.

NASA Kodiak version v1.0 contains a CWE-502 vulnerability in Kodiak library’s data processing function that can res

CVE-2018-1000047 : NASA Kodiak version v1.0 contains a CWE-502 vulnerability in Kodiak library’s data processing function that can res

CVEdetails.com the ultimate security vulnerability data source

NASA Kodiak version v1.0 contains a CWE-502 vulnerability in Kodiak library’s data processing function that can result in remote code execution. This attack appear to be exploitable via Victim opens an untrusted file for optimization using Kodiak library.

Publish Date : 2018-02-09 Last Update Date : 2018-02-09


CVSS Scores & Vulnerability Types

CVSS Score

0.0

Confidentiality Impact ???
Integrity Impact ???
Availability Impact ???
Access Complexity ???
Authentication ???
Gained Access None
Vulnerability Type(s) Execute Code
CWE ID CWE id is not defined for this vulnerability


Products Affected By CVE-2018-1000047

# Product Type Vendor Product Version Update Edition Language

No vulnerable product found. If the vulnerability is created recently it may take a few days to gather vulnerable products list and other information like cvss scores. Please check again in a few days.


References For CVE-2018-1000047


Metasploit Modules Related To CVE-2018-1000047

CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is
MITRE’s CVE web site.

CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is
MITRE’s CWE web site.

OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is
MITRE’s OVAL web site.

Use of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties, implied or otherwise, with regard to this information or its use.
Any use of this information is at the user’s risk.
It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content.
EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site.
ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT,
INDIRECT or any other kind of loss.

CVE-2018-1000046 : NASA Pyblock version v1.0

CVE-2018-1000046 : NASA Pyblock version v1.0 – v1.3 contains a CWE-502 vulnerability in Radar data parsing library that can result in remot

CVEdetails.com the ultimate security vulnerability data source

NASA Pyblock version v1.0 – v1.3 contains a CWE-502 vulnerability in Radar data parsing library that can result in remote code execution. This attack appear to be exploitable via Victim opening a specially crafted radar data file. This vulnerability appears to have been fixed in v1.4.

Publish Date : 2018-02-09 Last Update Date : 2018-02-09


CVSS Scores & Vulnerability Types

CVSS Score

0.0

Confidentiality Impact ???
Integrity Impact ???
Availability Impact ???
Access Complexity ???
Authentication ???
Gained Access None
Vulnerability Type(s) Execute Code
CWE ID CWE id is not defined for this vulnerability


Products Affected By CVE-2018-1000046

# Product Type Vendor Product Version Update Edition Language

No vulnerable product found. If the vulnerability is created recently it may take a few days to gather vulnerable products list and other information like cvss scores. Please check again in a few days.


References For CVE-2018-1000046


Metasploit Modules Related To CVE-2018-1000046

CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is
MITRE’s CVE web site.

CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is
MITRE’s CWE web site.

OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is
MITRE’s OVAL web site.

Use of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties, implied or otherwise, with regard to this information or its use.
Any use of this information is at the user’s risk.
It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content.
EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site.
ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT,
INDIRECT or any other kind of loss.

NASA Singledop version v1.0 contains a CWE-502 vulnerability in NASA Singledop library (Weather data) that can result in

CVE-2018-1000045 : NASA Singledop version v1.0 contains a CWE-502 vulnerability in NASA Singledop library (Weather data) that can result in

CVEdetails.com the ultimate security vulnerability data source

NASA Singledop version v1.0 contains a CWE-502 vulnerability in NASA Singledop library (Weather data) that can result in remote code execution. This attack appear to be exploitable via Victim opening a specially crafted radar data file. This vulnerability appears to have been fixed in v1.1.

Publish Date : 2018-02-09 Last Update Date : 2018-02-09


CVSS Scores & Vulnerability Types

CVSS Score

0.0

Confidentiality Impact ???
Integrity Impact ???
Availability Impact ???
Access Complexity ???
Authentication ???
Gained Access None
Vulnerability Type(s) Execute Code
CWE ID CWE id is not defined for this vulnerability


Products Affected By CVE-2018-1000045

# Product Type Vendor Product Version Update Edition Language

No vulnerable product found. If the vulnerability is created recently it may take a few days to gather vulnerable products list and other information like cvss scores. Please check again in a few days.


References For CVE-2018-1000045


Metasploit Modules Related To CVE-2018-1000045

CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is
MITRE’s CVE web site.

CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is
MITRE’s CWE web site.

OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is
MITRE’s OVAL web site.

Use of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties, implied or otherwise, with regard to this information or its use.
Any use of this information is at the user’s risk.
It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content.
EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site.
ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT,
INDIRECT or any other kind of loss.