Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2020
Jenkins Android Lint Plugin 2.6 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide report files to the plugin's post-build step.
CVSS Score
5.4
EPSS Score
0.007
Published
2020-09-16
Jenkins Radiator View Plugin 1.29 and earlier does not escape the full name of the jobs in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
CVSS Score
5.4
EPSS Score
0.007
Published
2020-09-16
Jenkins Custom Job Icon Plugin 0.2 and earlier does not escape the job descriptions in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
CVSS Score
5.4
EPSS Score
0.007
Published
2020-09-16
Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does not escape the method information in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide report files to the plugin's post-build step.
CVSS Score
5.4
EPSS Score
0.007
Published
2020-09-16
Jenkins Description Column Plugin 1.3 and earlier does not escape the job description in the column tooltip, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
CVSS Score
5.4
EPSS Score
0.007
Published
2020-09-16
A memory corruption vulnerability is present in bspatch as shipped in Colin Percival’s bsdiff tools version 4.3. Insufficient checks when handling external inputs allows an attacker to bypass the sanity checks in place and write out of a dynamically allocated buffer boundaries.
CVSS Score
9.8
EPSS Score
0.025
Published
2020-09-16
A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of the service or integrity of data.
CVSS Score
7.1
EPSS Score
0.006
Published
2020-09-16
com_line() in command.c in gnuplot 5.4 leads to an out-of-bounds-write from strncpy() that may lead to arbitrary code execution.
CVSS Score
9.8
EPSS Score
0.025
Published
2020-09-16
A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.
CVSS Score
6.7
EPSS Score
0.013
Published
2020-09-16
An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A local attacker who is able to manipulate calls to dbd_db_login6_sv() could cause memory corruption, affecting the service's availability.
CVSS Score
5.5
EPSS Score
0.006
Published
2020-09-16


Contact Us

Shodan ® - All rights reserved