Search Results (83112 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-10495 1 Qualcomm 72 Msm8909w, Msm8909w Firmware, Msm8996au and 69 more 2024-11-21 7.3 High
Arbitrary buffer write issue while processing sequence header during HEVC or AVC encoding. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130
CVE-2019-10494 1 Qualcomm 82 Apq8009, Apq8009 Firmware, Apq8017 and 79 more 2024-11-21 8.1 High
Race condition between the camera functions due to lack of resource lock which will lead to memory corruption and UAF issue in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCN7605, QCS405, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SM6150, SM7150, SM8150
CVE-2019-10480 1 Qualcomm 86 Apq8009, Apq8009 Firmware, Apq8017 and 83 more 2024-11-21 7.8 High
Out of bound write can happen in WMI firmware event handler due to lack of validation of data received from WLAN firmware in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, IPQ4019, IPQ8064, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9615, MDM9640, MDM9650, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCA9980, QCN7605, QCS605, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130
CVE-2019-10479 1 Glory-global 2 Rbw-100, Rbw-100 Firmware 2024-11-21 N/A
An issue was discovered on Glory RBW-100 devices with firmware ISP-K05-02 7.0.0. A hard-coded username and password were identified that allow a remote attacker to gain admin access to the Front Circle Controller web interface.
CVE-2019-10475 1 Jenkins 1 Build-metrics 2024-11-21 6.1 Medium
A reflected cross-site scripting vulnerability in Jenkins build-metrics Plugin allows attackers to inject arbitrary HTML and JavaScript into web pages provided by this plugin.
CVE-2019-10432 2 Jenkins, Redhat 2 Html Publisher, Openshift 2024-11-21 5.4 Medium
Jenkins HTML Publisher Plugin 1.20 and earlier did not escape the project and build display names in the HTML report frame, resulting in a cross-site scripting vulnerability exploitable by users able to change those.
CVE-2019-10410 1 Jenkins 1 Log Parser 2024-11-21 5.4 Medium
Jenkins Log Parser Plugin 2.0 and earlier did not escape an error message, resulting in a cross-site scripting vulnerability exploitable by users able to define log parsing rules.
CVE-2019-10406 2 Jenkins, Redhat 2 Jenkins, Openshift 2024-11-21 4.8 Medium
Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not restrict or filter values set as Jenkins URL in the global configuration, resulting in a stored XSS vulnerability exploitable by attackers with Overall/Administer permission.
CVE-2019-10405 2 Jenkins, Redhat 2 Jenkins, Openshift 2024-11-21 5.4 Medium
Jenkins 2.196 and earlier, LTS 2.176.3 and earlier printed the value of the "Cookie" HTTP request header on the /whoAmI/ URL, allowing attackers exploiting another XSS vulnerability to obtain the HTTP session cookie despite it being marked HttpOnly.
CVE-2019-10404 2 Jenkins, Redhat 2 Jenkins, Openshift 2024-11-21 5.4 Medium
Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the reason why a queue items is blcoked in tooltips, resulting in a stored XSS vulnerability exploitable by users able to control parts of the reason a queue item is blocked, such as label expressions not matching any idle executors.
CVE-2019-10403 2 Jenkins, Redhat 2 Jenkins, Openshift 2024-11-21 5.4 Medium
Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the SCM tag name on the tooltip for SCM tag actions, resulting in a stored XSS vulnerability exploitable by users able to control SCM tag names for these actions.
CVE-2019-10402 2 Jenkins, Redhat 2 Jenkins, Openshift 2024-11-21 5.4 Medium
In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:combobox form control interpreted its item labels as HTML, resulting in a stored XSS vulnerability exploitable by users with permission to define its contents.
CVE-2019-10401 2 Jenkins, Redhat 2 Jenkins, Openshift 2024-11-21 5.4 Medium
In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:expandableTextBox form control interpreted its content as HTML when expanded, resulting in a stored XSS vulnerability exploitable by users with permission to define its contents (typically Job/Configure).
CVE-2019-10396 1 Jenkins 1 Dashboard View 2024-11-21 5.4 Medium
Jenkins Dashboard View Plugin 2.11 and earlier did not escape build descriptions, resulting in a cross-site scripting vulnerability exploitable by users able to change build descriptions.
CVE-2019-10395 1 Jenkins 1 Build Environment 2024-11-21 5.4 Medium
Jenkins Build Environment Plugin 1.6 and earlier did not escape variables shown on its views, resulting in a cross-site scripting vulnerability in Jenkins 2.145, 2.138.1, or older, exploitable by users able to change various job/build properties.
CVE-2019-10392 2 Jenkins, Redhat 2 Git Client, Openshift 2024-11-21 8.8 High
Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection.
CVE-2019-10384 3 Jenkins, Oracle, Redhat 4 Jenkins, Communications Cloud Native Core Automated Test Suite, Openshift and 1 more 2024-11-21 8.8 High
Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed users to obtain CSRF tokens without an associated web session ID, resulting in CSRF tokens that did not expire and could be used to bypass CSRF protection for the anonymous user.
CVE-2019-10383 3 Jenkins, Oracle, Redhat 4 Jenkins, Communications Cloud Native Core Automated Test Suite, Openshift and 1 more 2024-11-21 4.8 Medium
A stored cross-site scripting vulnerability in Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed attackers with Overall/Administer permission to configure the update site URL to inject arbitrary HTML and JavaScript in update center web pages.
CVE-2019-10376 1 Jenkins 1 Wall Display 2024-11-21 6.1 Medium
A reflected cross-site scripting vulnerability in Jenkins Wall Display Plugin 0.6.34 and earlier allows attackers to inject arbitrary HTML and JavaScript into web pages provided by this plugin.
CVE-2019-10374 1 Jenkins 1 Pegdown Formatter 2024-11-21 5.4 Medium
A stored cross-site scripting vulnerability in Jenkins PegDown Formatter Plugin 1.3 and earlier allows attackers able to edit descriptions and other fields rendered using the configured markup formatter to insert links with the javascript scheme into the Jenkins UI.