Loading data/CVE/list +137 −99 Original line number Diff line number Diff line CVE-2019-14753 RESERVED CVE-2019-14752 RESERVED CVE-2019-14751 RESERVED CVE-2019-14750 (An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1. ...) TODO: check CVE-2019-14749 (An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1. ...) TODO: check CVE-2019-14748 (An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1. ...) TODO: check CVE-2019-14747 (DWSurvey through 2019-07-22 has stored XSS via the design/my-survey-de ...) TODO: check CVE-2019-14746 (A issue was discovered in KuaiFanCMS 5.0. It allows eval injection by ...) TODO: check CVE-2019-14745 (In radare2 before 3.7.0, a command injection vulnerability exists in b ...) TODO: check CVE-2019-14744 (In KDE Frameworks KConfig before 5.61.0, malicious desktop files and c ...) TODO: check CVE-2019-14743 (** DISPUTED ** In Valve Steam Client for Windows through 2019-08-07, H ...) TODO: check CVE-2019-14742 RESERVED CVE-2019-14741 RESERVED CVE-2019-14740 RESERVED CVE-2019-14739 RESERVED CVE-2019-14738 RESERVED CVE-2019-14737 RESERVED CVE-2019-14736 RESERVED CVE-2019-14735 RESERVED CVE-2019-14734 (AdPlug 2.3.1 has multiple heap-based buffer overflows in CmtkLoader::l ...) - adplug <unfixed> NOTE: https://github.com/adplug/adplug/issues/90 Loading Loading @@ -163,16 +201,16 @@ CVE-2019-14662 (Brandy 1.20.1 has a stack-based buffer overflow in fileio_openou - brandy <unfixed> (unimportant; bug #933996) NOTE: https://sourceforge.net/p/brandy/bugs/7/ NOTE: Negligible security impact CVE-2018-20961 [USB: gadget: f_midi: fixing a possible double-free in f_midi] CVE-2018-20961 (In the Linux kernel before 4.16.4, a double free vulnerability in the ...) - linux 4.16.5-1 [stretch] - linux 4.9.107-1 NOTE: Fixed by: https://git.kernel.org/linus/7fafcfdf6377b18b2a726ea554d6e593ba44349f CVE-2018-20960 RESERVED CVE-2018-20959 RESERVED CVE-2018-20958 RESERVED CVE-2018-20959 (Jura E8 devices lack Bluetooth connection security. ...) TODO: check CVE-2018-20958 (The Bluetooth Low Energy (BLE) subsystem on Tapplock devices before 20 ...) TODO: check CVE-2018-20957 RESERVED CVE-2018-20956 Loading Loading @@ -447,16 +485,16 @@ CVE-2019-14539 RESERVED CVE-2019-14538 RESERVED CVE-2019-14537 RESERVED CVE-2019-14537 (YOURLS through 1.7.3 is affected by a type juggling vulnerability in t ...) TODO: check CVE-2019-14536 RESERVED CVE-2017-18483 RESERVED CVE-2017-18483 (ANNKE SP1 HD wireless camera 3.4.1.1604071109 devices allow XSS via a ...) TODO: check CVE-2016-10862 RESERVED CVE-2016-10861 RESERVED CVE-2016-10861 (Neet AirStream NAS1.1 devices allow CSRF attacks that cause the settin ...) TODO: check CVE-2019-14535 RESERVED CVE-2019-14534 Loading Loading @@ -486,7 +524,7 @@ CVE-2019-14527 RESERVED CVE-2019-14526 RESERVED CVE-2019-14525 (In Octopus Deploy 2019.4.0 through 2019.6.6 and 2019.7.0 through 2019. ...) CVE-2019-14525 (In Octopus Deploy 2019.4.0 through 2019.6.x before 2019.6.6, and 2019. ...) NOT-FOR-US: Octopus Deploy CVE-2019-14524 (An issue was discovered in Schism Tracker through 20190722. There is a ...) - schism <unfixed> (bug #933808) Loading Loading @@ -608,8 +646,8 @@ CVE-2019-14476 RESERVED CVE-2019-14475 (eQ-3 Homematic CCU2 2.47.15 and prior and CCU3 3.47.15 and prior use s ...) NOT-FOR-US: eQ-3 Homematic CCU2 and CCU3 CVE-2019-14474 RESERVED CVE-2019-14474 (eQ-3 Homematic CCU3 3.47.15 and prior has Improper Input Validation in ...) TODO: check CVE-2019-14473 (eQ-3 Homematic CCU2 and CCU3 use session IDs for authentication but la ...) NOT-FOR-US: eQ-3 Homematic CCU2 and CCU3 CVE-2019-14472 (Zurmo 3.2.7-2 has XSS via the app/index.php/zurmo/default PATH_INFO. ...) Loading Loading @@ -1138,36 +1176,36 @@ CVE-2016-10814 (cPanel before 57.9999.54 allows demo-mode escape via show_templa NOT-FOR-US: cPanel CVE-2016-10813 (cPanel before 57.9999.54 allows self XSS during ftp account creation u ...) NOT-FOR-US: cPanel CVE-2016-10812 RESERVED CVE-2016-10811 RESERVED CVE-2016-10810 RESERVED CVE-2016-10809 RESERVED CVE-2016-10808 RESERVED CVE-2016-10807 RESERVED CVE-2016-10806 RESERVED CVE-2016-10805 RESERVED CVE-2016-10804 RESERVED CVE-2016-10803 RESERVED CVE-2016-10802 RESERVED CVE-2016-10801 RESERVED CVE-2016-10800 RESERVED CVE-2016-10799 RESERVED CVE-2016-10798 RESERVED CVE-2016-10812 (In cPanel before 57.9999.54, /scripts/enablefileprotect exposed TTYs ( ...) TODO: check CVE-2016-10811 (In cPanel before 57.9999.54, /scripts/unsuspendacct exposed TTYs (SEC- ...) TODO: check CVE-2016-10810 (In cPanel before 57.9999.54, /scripts/maildir_converter exposed a TTY ...) TODO: check CVE-2016-10809 (In cPanel before 57.9999.54, /scripts/checkinfopages exposed a TTY to ...) TODO: check CVE-2016-10808 (In cPanel before 57.9999.54, /scripts/addpop and /scripts/delpop expos ...) TODO: check CVE-2016-10807 (cPanel before 57.9999.54 allows certain denial-of-service outcomes via ...) TODO: check CVE-2016-10806 (cPanel before 57.9999.54 allows self XSS on the Paper Lantern Landing ...) TODO: check CVE-2016-10805 (cPanel before 57.9999.54 allows demo accounts to execute arbitrary cod ...) TODO: check CVE-2016-10804 (The SQLite journal feature in cPanel before 57.9999.54 allows arbitrar ...) TODO: check CVE-2016-10803 (cPanel before 57.9999.105 allows newline injection via LOC records (CP ...) TODO: check CVE-2016-10802 (cPanel before 58.0.4 allows code execution in the context of other use ...) TODO: check CVE-2016-10801 (cPanel before 58.0.4 has improper session handling for shared users (S ...) TODO: check CVE-2016-10800 (cPanel before 58.0.4 allows demo-mode escape via Site Templates and Bo ...) TODO: check CVE-2016-10799 (cPanel before 58.0.4 does not set the Pear tmp directory during a PHP ...) TODO: check CVE-2016-10798 (cPanel before 58.0.4 allows a file-ownership change (to nobody) via re ...) TODO: check CVE-2016-10797 (cPanel before 58.0.4 allows WHM "Purchase and Install an SSL Certifica ...) NOT-FOR-US: cPanel CVE-2016-10796 (cPanel before 58.0.4 initially uses weak permissions for Apache HTTP S ...) Loading Loading @@ -1294,8 +1332,8 @@ CVE-2019-14433 [Nova Server Resource Faults Leak External Exception Details] - nova <unfixed> (bug #934114) NOTE: https://security.openstack.org/ossa/OSSA-2019-003.html NOTE: https://launchpad.net/bugs/1837877 CVE-2019-14432 RESERVED CVE-2019-14432 (Incorrect authentication of application WebSocket connections in Loom ...) TODO: check CVE-2019-14431 (In MatrixSSL 3.8.3 Open through 4.2.1 Open, the DTLS server mishandles ...) - matrixssl <removed> CVE-2019-14430 Loading Loading @@ -6295,7 +6333,7 @@ CVE-2019-12816 (Modules.cpp in ZNC before 1.7.4-rc1 allows remote authenticated NOTE: Versions affected: 0.098 - 1.7.3 NOTE: https://github.com/znc/znc/commit/8de9e376ce531fe7f3c8b0aa4876d15b479b7311 CVE-2019-12815 (An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3. ...) {DSA-4491-1} {DSA-4491-1 DLA-1873-1} - proftpd-dfsg 1.3.6-6 (low; bug #932453) NOTE: http://bugs.proftpd.org/show_bug.cgi?id=4372 NOTE: https://github.com/proftpd/proftpd/pull/816 Loading Loading @@ -9309,8 +9347,8 @@ CVE-2019-11655 RESERVED CVE-2019-11654 RESERVED CVE-2019-11653 RESERVED CVE-2019-11653 (Remote Access Control Bypass in Micro Focus Content Manager. versions ...) TODO: check CVE-2019-11652 RESERVED CVE-2019-11651 Loading Loading @@ -12551,52 +12589,52 @@ CVE-2019-10391 RESERVED CVE-2019-10390 RESERVED CVE-2019-10389 RESERVED CVE-2019-10388 RESERVED CVE-2019-10387 RESERVED CVE-2019-10386 RESERVED CVE-2019-10385 RESERVED CVE-2019-10389 (A missing permission check in Jenkins Relution Enterprise Appstore Pub ...) TODO: check CVE-2019-10388 (A cross-site request forgery vulnerability in Jenkins Relution Enterpr ...) TODO: check CVE-2019-10387 (A missing permission check in Jenkins XL TestView Plugin 1.2.0 and ear ...) TODO: check CVE-2019-10386 (A cross-site request forgery vulnerability in Jenkins XL TestView Plug ...) TODO: check CVE-2019-10385 (Jenkins eggPlant Plugin 2.2 and earlier stores credentials unencrypted ...) TODO: check CVE-2019-10384 RESERVED CVE-2019-10383 RESERVED CVE-2019-10382 RESERVED CVE-2019-10381 RESERVED CVE-2019-10380 RESERVED CVE-2019-10379 RESERVED CVE-2019-10378 RESERVED CVE-2019-10377 RESERVED CVE-2019-10376 RESERVED CVE-2019-10375 RESERVED CVE-2019-10374 RESERVED CVE-2019-10373 RESERVED CVE-2019-10372 RESERVED CVE-2019-10371 RESERVED CVE-2019-10370 RESERVED CVE-2019-10369 RESERVED CVE-2019-10368 RESERVED CVE-2019-10367 RESERVED CVE-2019-10382 (Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier disables SS ...) TODO: check CVE-2019-10381 (Jenkins Codefresh Integration Plugin 1.8 and earlier disables SSL/TLS ...) TODO: check CVE-2019-10380 (Jenkins Simple Travis Pipeline Runner Plugin 1.0 and earlier specifies ...) TODO: check CVE-2019-10379 (Jenkins Google Cloud Messaging Notification Plugin 1.0 and earlier sto ...) TODO: check CVE-2019-10378 (Jenkins TestLink Plugin 3.16 and earlier stores credentials unencrypte ...) TODO: check CVE-2019-10377 (A missing permission check in Jenkins Avatar Plugin 1.2 and earlier al ...) TODO: check CVE-2019-10376 (A reflected cross-site scripting vulnerability in Jenkins Wall Display ...) TODO: check CVE-2019-10375 (An arbitrary file read vulnerability in Jenkins File System SCM Plugin ...) TODO: check CVE-2019-10374 (A stored cross-site scripting vulnerability in Jenkins PegDown Formatt ...) TODO: check CVE-2019-10373 (A stored cross-site scripting vulnerability in Jenkins Build Pipeline ...) TODO: check CVE-2019-10372 (An open redirect vulnerability in Jenkins Gitlab Authentication Plugin ...) TODO: check CVE-2019-10371 (A session fixation vulnerability in Jenkins Gitlab Authentication Plug ...) TODO: check CVE-2019-10370 (Jenkins Mask Passwords Plugin 2.12.0 and earlier transmits globally co ...) TODO: check CVE-2019-10369 (A missing permission check in Jenkins JClouds Plugin 2.14 and earlier ...) TODO: check CVE-2019-10368 (A cross-site request forgery vulnerability in Jenkins JClouds Plugin 2 ...) TODO: check CVE-2019-10367 (Due to an incomplete fix of CVE-2019-10343, Jenkins Configuration as C ...) TODO: check CVE-2019-10366 (Jenkins Skytap Cloud CI Plugin 2.06 and earlier stored credentials une ...) NOT-FOR-US: Jenkins Skytap Cloud CI Plugin CVE-2019-10365 (Jenkins Google Kubernetes Engine Plugin 0.6.2 and earlier created a te ...) Loading Loading @@ -13386,8 +13424,8 @@ CVE-2016-10749 (parse_string in cJSON.c in cJSON before 2016-10-02 has a buffer NOTE: https://github.com/DaveGamble/cJSON/commit/94df772485c92866ca417d92137747b2e3b0a917 CVE-2016-10744 (In Select2 through 4.0.5, as used in Snipe-IT and other products, rich ...) NOT-FOR-US: Snipe-IT CVE-2019-10099 RESERVED CVE-2019-10099 (Prior to Spark 2.3.3, in certain situations Spark would write user dat ...) TODO: check CVE-2019-10098 RESERVED CVE-2019-10097 Loading Loading @@ -26003,8 +26041,8 @@ CVE-2019-5478 RESERVED CVE-2019-5477 RESERVED CVE-2019-5476 RESERVED CVE-2019-5476 (An SQL Injection in the Nextcloud Lookup-Server < v0.3.0 (running o ...) TODO: check CVE-2019-5475 RESERVED CVE-2019-5474 [Override Merge Request Approval Rules] Loading Loading @@ -54602,8 +54640,8 @@ CVE-2018-14385 RESERVED CVE-2018-14384 RESERVED CVE-2018-14383 RESERVED CVE-2018-14383 (The Transition Technologies "The Scheduler" app 5.1.3 for Jira allows ...) TODO: check CVE-2018-14382 (InstantCMS 2.10.1 has /redirect?url= XSS. ...) NOT-FOR-US: InstantCMS CVE-2018-14381 (Pagekit before 1.0.14 has a /user/login?redirect= open redirect vulner ...) Loading Loading @@ -159359,8 +159397,8 @@ CVE-2016-5434 (libalpm, as used in pacman 5.0.1, allows remote attackers to caus NOT-FOR-US: libalpm (Arch Linux Package Management (ALPM) library) CVE-2016-5432 (The ovirt-engine-provisiondb utility in Red Hat Enterprise Virtualizat ...) NOT-FOR-US: ovirt-engine CVE-2016-5431 RESERVED CVE-2016-5431 (TThe PHP JOSE Library by Gree Inc. version <= 2.2.0 is vulnerable t ...) TODO: check CVE-2016-5430 (The RSA 1.5 algorithm implementation in the JOSE_JWE class in JWE.php ...) NOT-FOR-US: jose-php CVE-2016-5429 (jose-php before 2.2.1 does not use constant-time operations for HMAC c ...) Loading
data/CVE/list +137 −99 Original line number Diff line number Diff line CVE-2019-14753 RESERVED CVE-2019-14752 RESERVED CVE-2019-14751 RESERVED CVE-2019-14750 (An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1. ...) TODO: check CVE-2019-14749 (An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1. ...) TODO: check CVE-2019-14748 (An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1. ...) TODO: check CVE-2019-14747 (DWSurvey through 2019-07-22 has stored XSS via the design/my-survey-de ...) TODO: check CVE-2019-14746 (A issue was discovered in KuaiFanCMS 5.0. It allows eval injection by ...) TODO: check CVE-2019-14745 (In radare2 before 3.7.0, a command injection vulnerability exists in b ...) TODO: check CVE-2019-14744 (In KDE Frameworks KConfig before 5.61.0, malicious desktop files and c ...) TODO: check CVE-2019-14743 (** DISPUTED ** In Valve Steam Client for Windows through 2019-08-07, H ...) TODO: check CVE-2019-14742 RESERVED CVE-2019-14741 RESERVED CVE-2019-14740 RESERVED CVE-2019-14739 RESERVED CVE-2019-14738 RESERVED CVE-2019-14737 RESERVED CVE-2019-14736 RESERVED CVE-2019-14735 RESERVED CVE-2019-14734 (AdPlug 2.3.1 has multiple heap-based buffer overflows in CmtkLoader::l ...) - adplug <unfixed> NOTE: https://github.com/adplug/adplug/issues/90 Loading Loading @@ -163,16 +201,16 @@ CVE-2019-14662 (Brandy 1.20.1 has a stack-based buffer overflow in fileio_openou - brandy <unfixed> (unimportant; bug #933996) NOTE: https://sourceforge.net/p/brandy/bugs/7/ NOTE: Negligible security impact CVE-2018-20961 [USB: gadget: f_midi: fixing a possible double-free in f_midi] CVE-2018-20961 (In the Linux kernel before 4.16.4, a double free vulnerability in the ...) - linux 4.16.5-1 [stretch] - linux 4.9.107-1 NOTE: Fixed by: https://git.kernel.org/linus/7fafcfdf6377b18b2a726ea554d6e593ba44349f CVE-2018-20960 RESERVED CVE-2018-20959 RESERVED CVE-2018-20958 RESERVED CVE-2018-20959 (Jura E8 devices lack Bluetooth connection security. ...) TODO: check CVE-2018-20958 (The Bluetooth Low Energy (BLE) subsystem on Tapplock devices before 20 ...) TODO: check CVE-2018-20957 RESERVED CVE-2018-20956 Loading Loading @@ -447,16 +485,16 @@ CVE-2019-14539 RESERVED CVE-2019-14538 RESERVED CVE-2019-14537 RESERVED CVE-2019-14537 (YOURLS through 1.7.3 is affected by a type juggling vulnerability in t ...) TODO: check CVE-2019-14536 RESERVED CVE-2017-18483 RESERVED CVE-2017-18483 (ANNKE SP1 HD wireless camera 3.4.1.1604071109 devices allow XSS via a ...) TODO: check CVE-2016-10862 RESERVED CVE-2016-10861 RESERVED CVE-2016-10861 (Neet AirStream NAS1.1 devices allow CSRF attacks that cause the settin ...) TODO: check CVE-2019-14535 RESERVED CVE-2019-14534 Loading Loading @@ -486,7 +524,7 @@ CVE-2019-14527 RESERVED CVE-2019-14526 RESERVED CVE-2019-14525 (In Octopus Deploy 2019.4.0 through 2019.6.6 and 2019.7.0 through 2019. ...) CVE-2019-14525 (In Octopus Deploy 2019.4.0 through 2019.6.x before 2019.6.6, and 2019. ...) NOT-FOR-US: Octopus Deploy CVE-2019-14524 (An issue was discovered in Schism Tracker through 20190722. There is a ...) - schism <unfixed> (bug #933808) Loading Loading @@ -608,8 +646,8 @@ CVE-2019-14476 RESERVED CVE-2019-14475 (eQ-3 Homematic CCU2 2.47.15 and prior and CCU3 3.47.15 and prior use s ...) NOT-FOR-US: eQ-3 Homematic CCU2 and CCU3 CVE-2019-14474 RESERVED CVE-2019-14474 (eQ-3 Homematic CCU3 3.47.15 and prior has Improper Input Validation in ...) TODO: check CVE-2019-14473 (eQ-3 Homematic CCU2 and CCU3 use session IDs for authentication but la ...) NOT-FOR-US: eQ-3 Homematic CCU2 and CCU3 CVE-2019-14472 (Zurmo 3.2.7-2 has XSS via the app/index.php/zurmo/default PATH_INFO. ...) Loading Loading @@ -1138,36 +1176,36 @@ CVE-2016-10814 (cPanel before 57.9999.54 allows demo-mode escape via show_templa NOT-FOR-US: cPanel CVE-2016-10813 (cPanel before 57.9999.54 allows self XSS during ftp account creation u ...) NOT-FOR-US: cPanel CVE-2016-10812 RESERVED CVE-2016-10811 RESERVED CVE-2016-10810 RESERVED CVE-2016-10809 RESERVED CVE-2016-10808 RESERVED CVE-2016-10807 RESERVED CVE-2016-10806 RESERVED CVE-2016-10805 RESERVED CVE-2016-10804 RESERVED CVE-2016-10803 RESERVED CVE-2016-10802 RESERVED CVE-2016-10801 RESERVED CVE-2016-10800 RESERVED CVE-2016-10799 RESERVED CVE-2016-10798 RESERVED CVE-2016-10812 (In cPanel before 57.9999.54, /scripts/enablefileprotect exposed TTYs ( ...) TODO: check CVE-2016-10811 (In cPanel before 57.9999.54, /scripts/unsuspendacct exposed TTYs (SEC- ...) TODO: check CVE-2016-10810 (In cPanel before 57.9999.54, /scripts/maildir_converter exposed a TTY ...) TODO: check CVE-2016-10809 (In cPanel before 57.9999.54, /scripts/checkinfopages exposed a TTY to ...) TODO: check CVE-2016-10808 (In cPanel before 57.9999.54, /scripts/addpop and /scripts/delpop expos ...) TODO: check CVE-2016-10807 (cPanel before 57.9999.54 allows certain denial-of-service outcomes via ...) TODO: check CVE-2016-10806 (cPanel before 57.9999.54 allows self XSS on the Paper Lantern Landing ...) TODO: check CVE-2016-10805 (cPanel before 57.9999.54 allows demo accounts to execute arbitrary cod ...) TODO: check CVE-2016-10804 (The SQLite journal feature in cPanel before 57.9999.54 allows arbitrar ...) TODO: check CVE-2016-10803 (cPanel before 57.9999.105 allows newline injection via LOC records (CP ...) TODO: check CVE-2016-10802 (cPanel before 58.0.4 allows code execution in the context of other use ...) TODO: check CVE-2016-10801 (cPanel before 58.0.4 has improper session handling for shared users (S ...) TODO: check CVE-2016-10800 (cPanel before 58.0.4 allows demo-mode escape via Site Templates and Bo ...) TODO: check CVE-2016-10799 (cPanel before 58.0.4 does not set the Pear tmp directory during a PHP ...) TODO: check CVE-2016-10798 (cPanel before 58.0.4 allows a file-ownership change (to nobody) via re ...) TODO: check CVE-2016-10797 (cPanel before 58.0.4 allows WHM "Purchase and Install an SSL Certifica ...) NOT-FOR-US: cPanel CVE-2016-10796 (cPanel before 58.0.4 initially uses weak permissions for Apache HTTP S ...) Loading Loading @@ -1294,8 +1332,8 @@ CVE-2019-14433 [Nova Server Resource Faults Leak External Exception Details] - nova <unfixed> (bug #934114) NOTE: https://security.openstack.org/ossa/OSSA-2019-003.html NOTE: https://launchpad.net/bugs/1837877 CVE-2019-14432 RESERVED CVE-2019-14432 (Incorrect authentication of application WebSocket connections in Loom ...) TODO: check CVE-2019-14431 (In MatrixSSL 3.8.3 Open through 4.2.1 Open, the DTLS server mishandles ...) - matrixssl <removed> CVE-2019-14430 Loading Loading @@ -6295,7 +6333,7 @@ CVE-2019-12816 (Modules.cpp in ZNC before 1.7.4-rc1 allows remote authenticated NOTE: Versions affected: 0.098 - 1.7.3 NOTE: https://github.com/znc/znc/commit/8de9e376ce531fe7f3c8b0aa4876d15b479b7311 CVE-2019-12815 (An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3. ...) {DSA-4491-1} {DSA-4491-1 DLA-1873-1} - proftpd-dfsg 1.3.6-6 (low; bug #932453) NOTE: http://bugs.proftpd.org/show_bug.cgi?id=4372 NOTE: https://github.com/proftpd/proftpd/pull/816 Loading Loading @@ -9309,8 +9347,8 @@ CVE-2019-11655 RESERVED CVE-2019-11654 RESERVED CVE-2019-11653 RESERVED CVE-2019-11653 (Remote Access Control Bypass in Micro Focus Content Manager. versions ...) TODO: check CVE-2019-11652 RESERVED CVE-2019-11651 Loading Loading @@ -12551,52 +12589,52 @@ CVE-2019-10391 RESERVED CVE-2019-10390 RESERVED CVE-2019-10389 RESERVED CVE-2019-10388 RESERVED CVE-2019-10387 RESERVED CVE-2019-10386 RESERVED CVE-2019-10385 RESERVED CVE-2019-10389 (A missing permission check in Jenkins Relution Enterprise Appstore Pub ...) TODO: check CVE-2019-10388 (A cross-site request forgery vulnerability in Jenkins Relution Enterpr ...) TODO: check CVE-2019-10387 (A missing permission check in Jenkins XL TestView Plugin 1.2.0 and ear ...) TODO: check CVE-2019-10386 (A cross-site request forgery vulnerability in Jenkins XL TestView Plug ...) TODO: check CVE-2019-10385 (Jenkins eggPlant Plugin 2.2 and earlier stores credentials unencrypted ...) TODO: check CVE-2019-10384 RESERVED CVE-2019-10383 RESERVED CVE-2019-10382 RESERVED CVE-2019-10381 RESERVED CVE-2019-10380 RESERVED CVE-2019-10379 RESERVED CVE-2019-10378 RESERVED CVE-2019-10377 RESERVED CVE-2019-10376 RESERVED CVE-2019-10375 RESERVED CVE-2019-10374 RESERVED CVE-2019-10373 RESERVED CVE-2019-10372 RESERVED CVE-2019-10371 RESERVED CVE-2019-10370 RESERVED CVE-2019-10369 RESERVED CVE-2019-10368 RESERVED CVE-2019-10367 RESERVED CVE-2019-10382 (Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier disables SS ...) TODO: check CVE-2019-10381 (Jenkins Codefresh Integration Plugin 1.8 and earlier disables SSL/TLS ...) TODO: check CVE-2019-10380 (Jenkins Simple Travis Pipeline Runner Plugin 1.0 and earlier specifies ...) TODO: check CVE-2019-10379 (Jenkins Google Cloud Messaging Notification Plugin 1.0 and earlier sto ...) TODO: check CVE-2019-10378 (Jenkins TestLink Plugin 3.16 and earlier stores credentials unencrypte ...) TODO: check CVE-2019-10377 (A missing permission check in Jenkins Avatar Plugin 1.2 and earlier al ...) TODO: check CVE-2019-10376 (A reflected cross-site scripting vulnerability in Jenkins Wall Display ...) TODO: check CVE-2019-10375 (An arbitrary file read vulnerability in Jenkins File System SCM Plugin ...) TODO: check CVE-2019-10374 (A stored cross-site scripting vulnerability in Jenkins PegDown Formatt ...) TODO: check CVE-2019-10373 (A stored cross-site scripting vulnerability in Jenkins Build Pipeline ...) TODO: check CVE-2019-10372 (An open redirect vulnerability in Jenkins Gitlab Authentication Plugin ...) TODO: check CVE-2019-10371 (A session fixation vulnerability in Jenkins Gitlab Authentication Plug ...) TODO: check CVE-2019-10370 (Jenkins Mask Passwords Plugin 2.12.0 and earlier transmits globally co ...) TODO: check CVE-2019-10369 (A missing permission check in Jenkins JClouds Plugin 2.14 and earlier ...) TODO: check CVE-2019-10368 (A cross-site request forgery vulnerability in Jenkins JClouds Plugin 2 ...) TODO: check CVE-2019-10367 (Due to an incomplete fix of CVE-2019-10343, Jenkins Configuration as C ...) TODO: check CVE-2019-10366 (Jenkins Skytap Cloud CI Plugin 2.06 and earlier stored credentials une ...) NOT-FOR-US: Jenkins Skytap Cloud CI Plugin CVE-2019-10365 (Jenkins Google Kubernetes Engine Plugin 0.6.2 and earlier created a te ...) Loading Loading @@ -13386,8 +13424,8 @@ CVE-2016-10749 (parse_string in cJSON.c in cJSON before 2016-10-02 has a buffer NOTE: https://github.com/DaveGamble/cJSON/commit/94df772485c92866ca417d92137747b2e3b0a917 CVE-2016-10744 (In Select2 through 4.0.5, as used in Snipe-IT and other products, rich ...) NOT-FOR-US: Snipe-IT CVE-2019-10099 RESERVED CVE-2019-10099 (Prior to Spark 2.3.3, in certain situations Spark would write user dat ...) TODO: check CVE-2019-10098 RESERVED CVE-2019-10097 Loading Loading @@ -26003,8 +26041,8 @@ CVE-2019-5478 RESERVED CVE-2019-5477 RESERVED CVE-2019-5476 RESERVED CVE-2019-5476 (An SQL Injection in the Nextcloud Lookup-Server < v0.3.0 (running o ...) TODO: check CVE-2019-5475 RESERVED CVE-2019-5474 [Override Merge Request Approval Rules] Loading Loading @@ -54602,8 +54640,8 @@ CVE-2018-14385 RESERVED CVE-2018-14384 RESERVED CVE-2018-14383 RESERVED CVE-2018-14383 (The Transition Technologies "The Scheduler" app 5.1.3 for Jira allows ...) TODO: check CVE-2018-14382 (InstantCMS 2.10.1 has /redirect?url= XSS. ...) NOT-FOR-US: InstantCMS CVE-2018-14381 (Pagekit before 1.0.14 has a /user/login?redirect= open redirect vulner ...) Loading Loading @@ -159359,8 +159397,8 @@ CVE-2016-5434 (libalpm, as used in pacman 5.0.1, allows remote attackers to caus NOT-FOR-US: libalpm (Arch Linux Package Management (ALPM) library) CVE-2016-5432 (The ovirt-engine-provisiondb utility in Red Hat Enterprise Virtualizat ...) NOT-FOR-US: ovirt-engine CVE-2016-5431 RESERVED CVE-2016-5431 (TThe PHP JOSE Library by Gree Inc. version <= 2.2.0 is vulnerable t ...) TODO: check CVE-2016-5430 (The RSA 1.5 algorithm implementation in the JOSE_JWE class in JWE.php ...) NOT-FOR-US: jose-php CVE-2016-5429 (jose-php before 2.2.1 does not use constant-time operations for HMAC c ...)
