Security Vulnerabilities - CVEs Published In 2019
A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents.
CVSS Score
8.8
EPSS Score
0.001
Published
2019-12-17
A cross-site request forgery vulnerability in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials.
CVSS Score
8.8
EPSS Score
0.001
Published
2019-12-17
A missing permission check in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials, or determine the existence of a file with a given path on the Jenkins master.
CVSS Score
5.4
EPSS Score
0.0
Published
2019-12-17
Jenkins Maven Release Plugin 0.16.1 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks, allowing man-in-the-middle attackers to have Jenkins parse crafted XML documents.
CVSS Score
8.1
EPSS Score
0.001
Published
2019-12-17
Barco ClickShare Button R9861500D01 devices before 1.9.0 allow Information exposure (issue 2 of 2).. The encryption key of the media content which is shared between a ClickShare Button and a ClickShare Base Unit is randomly generated for each new session and communicated over a TLS connection. An attacker who is able to perform a Man-in-the-Middle attack between the TLS connection, is able to obtain the encryption key.
CVSS Score
5.9
EPSS Score
0.001
Published
2019-12-17
In Simplifile RecordFusion through 2019-11-25, the logs and hist parameters allow remote attackers to access local files via a logger/logs?/../ or logger/hist?/../ URI.
CVSS Score
7.5
EPSS Score
0.006
Published
2019-12-17
Contao 4.0 through 4.8.5 has Insecure Permissions. Back end users can manipulate the details view URL to show pages and articles that have not been enabled for them.
CVSS Score
5.3
EPSS Score
0.001
Published
2019-12-17
Barco ClickShare Button R9861500D01 devices before 1.10.0.13 have Missing Support for Integrity Check. The ClickShare Button does not verify the integrity of the mutable content on the UBIFS partition before being used.
CVSS Score
6.6
EPSS Score
0.001
Published
2019-12-17
Barco ClickShare Huddle CS-100 devices before 1.9.0 and CSE-200 devices before 1.9.0 have incorrect Credentials Management. The ClickShare Base Unit implements encryption at rest using encryption keys which are shared across all ClickShare Base Units of models CS-100 & CSE-200.
CVSS Score
7.5
EPSS Score
0.002
Published
2019-12-17
Barco ClickShare Button R9861500D01 devices before 1.10.0.13 have Missing Support for Integrity Check. The Barco signed 'Clickshare_For_Windows.exe' binary on the ClickShare Button (R9861500D01) loads a number of DLL files dynamically without verifying their integrity.
CVSS Score
7.8
EPSS Score
0.001
Published
2019-12-17