Security Vulnerabilities - CVEs Published In March 2018
An improper authorization vulnerability exists in Jenkins Google Play Android Publisher Plugin version 1.6 and earlier in GooglePlayBuildStepDescriptor.java that allow an attacker to obtain credential IDs.
CVSS Score
4.3
EPSS Score
0.0
Published
2018-03-13
An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users.
CVSS Score
5.3
EPSS Score
0.13
Published
2018-03-13
An improper authorization vulnerability exists in Jenkins Subversion Plugin version 2.10.2 and earlier in SubversionStatus.java and SubversionRepositoryStatus.java that allows an attacker with network access to obtain a list of nodes and users.
CVSS Score
5.3
EPSS Score
0.0
Published
2018-03-13
An improper authorization vulnerability exists in Jenkins Mercurial Plugin version 2.2 and earlier in MercurialStatus.java that allows an attacker with network access to obtain a list of nodes and users.
CVSS Score
5.3
EPSS Score
0.001
Published
2018-03-13
A cross-site scripting vulnerability exists in Jenkins TestLink Plugin 2.12 and earlier in TestLinkBuildAction/summary.jelly and others that allow an attacker who can control e.g. TestLink report names to have Jenkins serve arbitrary HTML and JavaScript
CVSS Score
5.4
EPSS Score
0.001
Published
2018-03-13
An improper authorization vulnerability exists in Jenkins Promoted Builds Plugin 2.31.1 and earlier in Status.java and ManualCondition.java that allow an attacker with read access to jobs to perform promotions.
CVSS Score
4.3
EPSS Score
0.0
Published
2018-03-13
YzmCMS 3.7 has Stored XSS via the title parameter to advertisement/adver/edit.html.
CVSS Score
5.4
EPSS Score
0.009
Published
2018-03-13
Memory leak in the hwsim_new_radio_nl function in drivers/net/wireless/mac80211_hwsim.c in the Linux kernel through 4.15.9 allows local users to cause a denial of service (memory consumption) by triggering an out-of-array error case.
CVSS Score
5.5
EPSS Score
0.0
Published
2018-03-13
Teluu PJSIP version 2.7.1 and earlier contains a Integer Overflow vulnerability in pjmedia SDP parsing that can result in Crash. This attack appear to be exploitable via Sending a specially crafted message. This vulnerability appears to have been fixed in 2.7.2.
CVSS Score
7.5
EPSS Score
0.007
Published
2018-03-13
Teluu PJSIP version 2.7.1 and earlier contains a Access of Null/Uninitialized Pointer vulnerability in pjmedia SDP parsing that can result in Crash. This attack appear to be exploitable via Sending a specially crafted message. This vulnerability appears to have been fixed in 2.7.2.
CVSS Score
7.5
EPSS Score
0.01
Published
2018-03-13