Vulnerabilities (CVE)

Total 309320 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-16655 1 Joyplus Project 1 Joyplus 2024-11-21 6.4 MEDIUM 7.5 HIGH
joyplus-cms 1.6.0 allows reinstallation if the install/ URI remains available.
CVE-2019-16653 1 Geniusbytes 1 Genius Server 2024-11-21 6.5 MEDIUM 8.8 HIGH
An application plugin in Genius Bytes Genius Server (Genius CDDS) 3.2.2 allows remote authenticated users to gain admin privileges.
CVE-2019-16652 1 Geniusbytes 1 Genius Server 2024-11-21 6.5 MEDIUM 7.2 HIGH
The BPM component in Genius Bytes Genius Server (Genius CDDS) 3.2.2 allows remote authenticated users to execute arbitrary commands.
CVE-2019-16651 1 Virginmedia 2 Super Hub 3, Super Hub 3 Firmware 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered on Virgin Media Super Hub 3 (based on ARRIS TG2492) devices. Because their SNMP commands have insufficient protection mechanisms, it is possible to use JavaScript and DNS rebinding to leak the WAN IP address of a user (if they are using certain VPN implementations, this would decloak them).
CVE-2019-16650 1 Supermicro 526 A1sa2-2750f, A1sa2-2750f Firmware, A1sai-2550f and 523 more 2024-11-21 7.5 HIGH 10.0 CRITICAL
On Supermicro X10 and X11 products, a client's access privileges may be transferred to a different client that later has the same socket file descriptor number. In opportunistic circumstances, an attacker can simply connect to the virtual media service, and then connect virtual USB devices to the server managed by the BMC.
CVE-2019-16649 1 Supermicro 672 A1sa2-2750f, A1sa2-2750f Firmware, A1sai-2550f and 669 more 2024-11-21 5.0 MEDIUM 10.0 CRITICAL
On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of BMC credentials and data transferred over virtual media devices. Attackers can use captured credentials to connect virtual USB devices to the server managed by the BMC.
CVE-2019-16647 2 Maxthon, Microsoft 2 Maxthon Browser, Windows 2024-11-21 9.0 HIGH 7.2 HIGH
Unquoted Search Path in Maxthon 5.1.0 to 5.2.7 Browser for Windows.
CVE-2019-16645 1 Embedthis 1 Goahead 2024-11-21 5.0 MEDIUM 8.6 HIGH
An issue was discovered in Embedthis GoAhead 2.5.0. Certain pages (such as goform/login and config/log_off_page.htm) create links containing a hostname obtained from an arbitrary HTTP Host header sent by an attacker. This could potentially be used in a phishing attack.
CVE-2019-16644 1 Tuzicms 1 Tuzicms 2024-11-21 7.5 HIGH 9.8 CRITICAL
App\Home\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Zhuanti/group?id= substring.
CVE-2019-16643 1 Zrlog 1 Zrlog 2024-11-21 3.5 LOW 5.4 MEDIUM
An issue was discovered in ZrLog 2.1.1. There is a Stored XSS vulnerability in the article_edit area.
CVE-2019-16642 1 Yejiao 1 Tuzicms 2024-11-21 7.5 HIGH 9.8 CRITICAL
App\Mobile\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Mobile/Zhuanti/group?id= substring.
CVE-2019-16576 1 Jenkins 1 Alauda Kubernetes Support 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
A missing permission check in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing the Kubernetes service account token or credentials stored in Jenkins.
CVE-2019-16575 1 Jenkins 1 Alauda Kubernetes Support 2024-11-21 6.8 MEDIUM 8.8 HIGH
A cross-site request forgery vulnerability in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing the Kubernetes service account token or credentials stored in Jenkins.
CVE-2019-16574 1 Jenkins 1 Alauda Devops Pipeline 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
A missing permission check in Jenkins Alauda DevOps Pipeline Plugin 2.3.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
CVE-2019-16573 1 Jenkins 1 Alauda Devops Pipeline 2024-11-21 6.8 MEDIUM 8.8 HIGH
A cross-site request forgery vulnerability in Jenkins Alauda DevOps Pipeline Plugin 2.3.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
CVE-2019-16572 1 Jenkins 1 Weibo 2024-11-21 2.1 LOW 5.5 MEDIUM
Jenkins Weibo Plugin 1.0.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
CVE-2019-16571 1 Jenkins 1 Rapiddeploy 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
A missing permission check in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server.
CVE-2019-16570 1 Jenkins 1 Rapiddeploy 2024-11-21 6.8 MEDIUM 8.8 HIGH
A cross-site request forgery vulnerability in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers to connect to an attacker-specified web server.
CVE-2019-16569 1 Jenkins 1 Mantis 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
A cross-site request forgery vulnerability in Jenkins Mantis Plugin 0.26 and earlier allows attackers to connect to an attacker-specified web server using attacker-specified credentials.
CVE-2019-16568 1 Jenkins 1 Sctmexecutor 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
Jenkins SCTMExecutor Plugin 2.2 and earlier transmits previously configured service credentials in plain text as part of the global configuration, as well as individual jobs' configurations.