Export limit exceeded: 79592 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (79592 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-2510 | 1 Oracle | 1 Database Server | 2024-11-21 | 7.5 High |
| Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via OracleNet to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Core RDBMS. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). | ||||
| CVE-2020-2508 | 1 Qnap | 2 Qts, Quts Hero | 2024-11-21 | 7.2 High |
| A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. QNAP have already fixed this vulnerability in the following versions: QTS 4.5.1.1456 build 20201015 (and later) QuTS hero h4.5.1.1472 build 20201031 (and later) | ||||
| CVE-2020-2492 | 1 Qnap | 1 Qts | 2024-11-21 | 7.2 High |
| If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. QTS versions prior to 4.4.3.1421 on build 20200907. | ||||
| CVE-2020-2490 | 1 Qnap | 1 Qts | 2024-11-21 | 7.2 High |
| If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. QTS versions prior to 4.4.3.1421 on build 20200907. | ||||
| CVE-2020-2324 | 1 Jenkins | 1 Cvs | 2024-11-21 | 7.5 High |
| Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2020-2322 | 1 Netflix | 1 Chaos Monkey | 2024-11-21 | 7.5 High |
| Jenkins Chaos Monkey Plugin 0.3 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to generate load and to generate memory leaks. | ||||
| CVE-2020-2321 | 1 Jenkins | 1 Shelve Project | 2024-11-21 | 8.1 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Shelve Project Plugin 3.0 and earlier allows attackers to shelve, unshelve, or delete a project. | ||||
| CVE-2020-2286 | 1 Jenkins | 1 Role-based Authorization Strategy | 2024-11-21 | 8.8 High |
| Jenkins Role-based Authorization Strategy Plugin 3.0 and earlier does not properly invalidate a permission cache when the configuration is changed, resulting in permissions being granted based on an outdated configuration. | ||||
| CVE-2020-2284 | 1 Jenkins | 1 Liquibase Runner | 2024-11-21 | 7.1 High |
| Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2020-2280 | 1 Jenkins | 1 Warnings | 2024-11-21 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Warnings Plugin 5.0.1 and earlier allows attackers to execute arbitrary code. | ||||
| CVE-2020-2276 | 1 Jenkins | 1 Selection Tasks | 2024-11-21 | 8.8 High |
| Jenkins Selection tasks Plugin 1.0 and earlier executes a user-specified program on the Jenkins controller, allowing attackers with Job/Configure permission to execute an arbitrary system command on the Jenkins controller as the OS user that the Jenkins process is running as. | ||||
| CVE-2020-2268 | 1 Jenkins | 1 Mongodb | 2024-11-21 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins MongoDB Plugin 1.3 and earlier allows attackers to gain access to some metadata of any arbitrary files on the Jenkins controller. | ||||
| CVE-2020-2261 | 1 Jenkins | 1 Perfecto | 2024-11-21 | 8.8 High |
| Jenkins Perfecto Plugin 1.17 and earlier executes a command on the Jenkins controller, allowing attackers with Job/Configure permission to run arbitrary commands on the Jenkins controller | ||||
| CVE-2020-2245 | 1 Jenkins | 1 Valgrind | 2024-11-21 | 7.1 High |
| Jenkins Valgrind Plugin 0.28 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2020-2241 | 1 Jenkins | 1 Database | 2024-11-21 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to connect to an attacker-specified database server using attacker-specified credentials. | ||||
| CVE-2020-2240 | 1 Jenkins | 1 Database | 2024-11-21 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to execute arbitrary SQL scripts. | ||||
| CVE-2020-2232 | 1 Jenkins | 1 Email Extension | 2024-11-21 | 7.5 High |
| Jenkins Email Extension Plugin 2.72 and 2.73 transmits and displays the SMTP password in plain text as part of the global Jenkins configuration form, potentially resulting in its exposure. | ||||
| CVE-2020-2228 | 1 Jenkins | 1 Gitlab Authentication | 2024-11-21 | 8.8 High |
| Jenkins Gitlab Authentication Plugin 1.5 and earlier does not perform group authorization checks properly, resulting in a privilege escalation vulnerability. | ||||
| CVE-2020-2211 | 1 Jenkins | 1 Kubernetes Ci | 2024-11-21 | 8.8 High |
| Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin 1.3 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | ||||
| CVE-2020-2200 | 1 Jenkins | 1 Play Framework | 2024-11-21 | 8.8 High |
| Jenkins Play Framework Plugin 1.0.2 and earlier lets users specify the path to the `play` command on the Jenkins master for a form validation endpoint, resulting in an OS command injection vulnerability exploitable by users able to store such a file on the Jenkins master. | ||||