Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-2301 | 1 Jenkins | 1 Active Directory | 2020-11-09 | 7.5 HIGH | 9.8 CRITICAL |
| Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user with any password while a successful authentication of that user is still in the optional cache when using Windows/ADSI mode. | |||||
| CVE-2020-2300 | 1 Jenkins | 1 Active Directory | 2020-11-09 | 7.5 HIGH | 9.8 CRITICAL |
| Jenkins Active Directory Plugin 2.19 and earlier does not prohibit the use of an empty password in Windows/ADSI mode, which allows attackers to log in to Jenkins as any user depending on the configuration of the Active Directory server. | |||||
| CVE-2009-4484 | 4 Canonical, Debian, Oracle and 1 more | 4 Ubuntu Linux, Debian Linux, Mysql and 1 more | 2020-11-09 | 7.5 HIGH | N/A |
| Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9, as used in mysqld in MySQL 5.0.x before 5.0.90, MySQL 5.1.x before 5.1.43, MySQL 5.5.x through 5.5.0-m2, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field, as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a. | |||||
| CVE-2020-2307 | 1 Jenkins | 1 Kubernetes | 2020-11-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Kubernetes Plugin 1.27.3 and earlier allows low-privilege users to access possibly sensitive Jenkins controller environment variables. | |||||
| CVE-2017-14651 | 1 Wso2 | 17 Api Manager, App Manager, Application Server and 14 more | 2020-11-09 | 3.5 LOW | 4.8 MEDIUM |
| WSO2 Data Analytics Server 3.1.0 has XSS in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter. | |||||
| CVE-2020-11114 | 1 Qualcomm | 2 Ar9344, Ar9344 Firmware | 2020-11-09 | 5.8 MEDIUM | 8.8 HIGH |
| u'Bluetooth devices does not properly restrict the L2CAP payload length allowing users in radio range to cause a buffer overflow via a crafted Link Layer packet(Equivalent to CVE-2019-17060,CVE-2019-17061 and CVE-2019-17517 in Sweyntooth paper)' in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music in AR9344 | |||||
| CVE-2018-1000671 | 2 Debian, Sympa | 2 Debian Linux, Sympa | 2020-11-09 | 5.8 MEDIUM | 6.1 MEDIUM |
| sympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in The "referer" parameter of the wwsympa.fcgi login action. that can result in Open redirection and reflected XSS via data URIs. This attack appear to be exploitable via Victim's browser must follow a URL supplied by the attacker. This vulnerability appears to have been fixed in none available. | |||||
| CVE-2020-27648 | 1 Synology | 3 Diskstation Manager, Skynas, Skynas Firmware | 2020-11-09 | 6.8 MEDIUM | 9.0 CRITICAL |
| Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2020-27649 | 1 Synology | 1 Router Manager | 2020-11-09 | 6.8 MEDIUM | 9.0 CRITICAL |
| Improper certificate validation vulnerability in OpenVPN client in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2010-2008 | 3 Canonical, Fedoraproject, Oracle | 3 Ubuntu Linux, Fedora, Mysql | 2020-11-09 | 3.5 LOW | N/A |
| MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory. | |||||
| CVE-2020-14352 | 3 Fedoraproject, Opensuse, Redhat | 4 Fedora, Backports Sle, Leap and 1 more | 2020-11-09 | 8.5 HIGH | 8.0 HIGH |
| A flaw was found in librepo in versions before 1.12.1. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository metadata. An attacker controlling a remote repository may be able to copy files outside of the destination directory on the targeted system via path traversal. This flaw could potentially result in system compromise via the overwriting of critical system files. The highest threat from this flaw is to users that make use of untrusted third-party repositories. | |||||
| CVE-2017-8244 | 1 Google | 1 Android | 2020-11-09 | 6.9 MEDIUM | 7.0 HIGH |
| In core_info_read and inst_info_read in all Android releases from CAF using the Linux kernel, variable "dbg_buf", "dbg_buf->curr" and "dbg_buf->filled_size" could be modified by different threads at the same time, but they are not protected with mutex or locks. Buffer overflow is possible on race conditions. "buffer->curr" itself could also be overwritten, which means that it may point to anywhere of kernel memory (for write). | |||||
| CVE-2017-8245 | 1 Google | 1 Android | 2020-11-09 | 4.6 MEDIUM | 7.8 HIGH |
| In all Android releases from CAF using the Linux kernel, while processing a voice SVC request which is nonstandard by specifying a payload size that will overflow its own declared size, an out of bounds memory copy occurs. | |||||
| CVE-2017-8246 | 1 Google | 1 Android | 2020-11-09 | 4.6 MEDIUM | 7.8 HIGH |
| In function msm_pcm_playback_close() in all Android releases from CAF using the Linux kernel, prtd is assigned substream->runtime->private_data. Later, prtd is freed. However, prtd is not sanitized and set to NULL, resulting in a dangling pointer. There are other functions that access the same memory (substream->runtime->private_data) with a NULL check, such as msm_pcm_volume_ctl_put(), which means this freed memory could be used. | |||||
| CVE-2020-11162 | 1 Qualcomm | 80 Agatti, Agatti Firmware, Apq8009 and 77 more | 2020-11-09 | 4.6 MEDIUM | 7.8 HIGH |
| u'Possible buffer overflow in MHI driver due to lack of input parameter validation of EOT events received from MHI device side' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in Agatti, APQ8009, Bitra, IPQ4019, IPQ5018, IPQ6018, IPQ8064, IPQ8074, Kamorta, MDM9607, MSM8917, MSM8953, Nicobar, QCA6390, QCM2150, QCS404, QCS405, QCS605, QM215, QRB5165, Rennell, SA415M, SA515M, SA6155P, SA8155P, Saipan, SC8180X, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM710, SDM845, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130 | |||||
| CVE-2020-11164 | 1 Qualcomm | 60 Agatti, Agatti Firmware, Apq8096au and 57 more | 2020-11-09 | 4.6 MEDIUM | 7.8 HIGH |
| u'Third-party app may also call the broadcasts in Perfdump and cause privilege escalation issue due to improper access control' in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in Agatti, APQ8096AU, APQ8098, Bitra, Kamorta, MSM8909W, MSM8917, MSM8940, Nicobar, QCA6390, QCM2150, QCS605, Rennell, SA6155P, SA8155P, Saipan, SDA660, SDM429W, SDM450, SDM630, SDM636, SDM660, SDM670, SDM710, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | |||||
| CVE-2011-4074 | 1 Phpldapadmin Project | 1 Phpldapadmin | 2020-11-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in cmd.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via an _debug command. | |||||
| CVE-2011-4075 | 1 Phpldapadmin Project | 1 Phpldapadmin | 2020-11-09 | 7.5 HIGH | N/A |
| The masort function in lib/functions.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to execute arbitrary PHP code via the orderby parameter (aka sortby variable) in a query_engine action to cmd.php, as exploited in the wild in October 2011. | |||||
| CVE-2020-9368 | 1 Oleacorner | 1 Olea Gift On Order | 2020-11-09 | 5.0 MEDIUM | 7.5 HIGH |
| The Module Olea Gift On Order module through 5.0.8 for PrestaShop enables an unauthenticated user to read arbitrary files on the server via getfile.php?file=/.. directory traversal. | |||||
| CVE-2020-26505 | 1 Marmind | 1 Marmind | 2020-11-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Stored Cross-Site Scripting (XSS) vulnerability in the “Marmind” web application with version 4.1.141.0 allows an attacker to inject code that will later be executed by legitimate users when they open the assets containing the JavaScript code. This would allow an attacker to perform unauthorized actions in the application on behalf of legitimate users or spread malware via the application. By using the “Assets Upload” function, an attacker can abuse the upload function to upload a malicious PDF file containing a stored XSS. | |||||
| CVE-2008-3912 | 2 Clamav, Debian | 2 Clamav, Debian Linux | 2020-11-09 | 5.0 MEDIUM | N/A |
| libclamav in ClamAV before 0.94 allows attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to an out-of-memory condition. | |||||
| CVE-2016-10029 | 1 Qemu | 1 Qemu | 2020-11-09 | 2.1 LOW | 5.5 MEDIUM |
| The virtio_gpu_set_scanout function in QEMU (aka Quick Emulator) built with Virtio GPU Device emulator support allows local guest OS users to cause a denial of service (out-of-bounds read and process crash) via a scanout id in a VIRTIO_GPU_CMD_SET_SCANOUT command larger than num_scanouts. | |||||
| CVE-2020-5937 | 1 F5 | 1 Big-ip Advanced Firewall Manager | 2020-11-09 | 7.1 HIGH | 7.5 HIGH |
| On BIG-IP AFM 15.1.0-15.1.0.5, the Traffic Management Microkernel (TMM) may produce a core file while processing layer 4 (L4) behavioral denial-of-service (DoS) traffic. | |||||
| CVE-2020-5938 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 11 more | 2020-11-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| On BIG-IP 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, when negotiating IPSec tunnels with configured, authenticated peers, the peer may negotiate a different key length than the BIG-IP configuration would otherwise allow. | |||||
| CVE-2020-5931 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2020-11-09 | 5.0 MEDIUM | 7.5 HIGH |
| On BIG-IP 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, Virtual servers with a OneConnect profile may incorrectly handle WebSockets related HTTP response headers, causing TMM to restart. | |||||
| CVE-2020-5932 | 1 F5 | 1 Big-ip Application Security Manager | 2020-11-09 | 3.5 LOW | 4.8 MEDIUM |
| On BIG-IP ASM 15.1.0-15.1.0.5, a cross-site scripting (XSS) vulnerability exists in the BIG-IP ASM Configuration utility response and blocking pages. An authenticated user with administrative privileges can specify a response page with any content, including JavaScript code that will be executed when preview is opened. | |||||
| CVE-2020-5933 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2020-11-09 | 7.8 HIGH | 7.5 HIGH |
| On versions 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, when a BIG-IP system that has a virtual server configured with an HTTP compression profile processes compressed HTTP message payloads that require deflation, a Slowloris-style attack can trigger an out-of-memory condition on the BIG-IP system. | |||||
| CVE-2020-5934 | 1 F5 | 1 Big-ip Access Policy Manager | 2020-11-09 | 3.3 LOW | 6.5 MEDIUM |
| On BIG-IP APM 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, when multiple HTTP requests from the same client to configured SAML Single Logout (SLO) URL are passing through a TCP Keep-Alive connection, traffic to TMM can be disrupted. | |||||
| CVE-2020-5935 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2020-11-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| On BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, FPS, GTM, Link Controller, PEM) versions 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, when handling MQTT traffic through a BIG-IP virtual server associated with an MQTT profile and an iRule performing manipulations on that traffic, TMM may produce a core file. | |||||
| CVE-2020-5936 | 1 F5 | 1 Big-ip Local Traffic Manager | 2020-11-09 | 4.3 MEDIUM | 7.5 HIGH |
| On BIG-IP LTM 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, and 12.1.0-12.1.5.1, the Traffic Management Microkernel (TMM) process may consume excessive resources when processing SSL traffic and client authentication are enabled on the client SSL profile. | |||||
| CVE-2016-8661 | 1 Obdev | 1 Little Snitch | 2020-11-09 | 7.2 HIGH | 8.4 HIGH |
| Little Snitch version 3.0 through 3.6.1 suffer from a buffer overflow vulnerability that could be locally exploited which could lead to an escalation of privileges (EoP) and unauthorised ring0 access to the operating system. The buffer overflow is related to insufficient checking of parameters to the "OSMalloc" and "copyin" kernel API calls. | |||||
| CVE-2017-2675 | 2 Obdev, Objective Development | 2 Little Snitch, Little Snitch | 2020-11-09 | 4.6 MEDIUM | 7.8 HIGH |
| Little Snitch version 3.0 through 3.7.3 suffer from a local privilege escalation vulnerability in the installer part. The vulnerability is related to the installation of the configuration file "at.obdev.littlesnitchd.plist" which gets installed to /Library/LaunchDaemons. | |||||
| CVE-2020-11125 | 1 Qualcomm | 96 Agatti, Agatti Firmware, Apq8009 and 93 more | 2020-11-09 | 4.6 MEDIUM | 7.8 HIGH |
| u'Out of bound access can happen in MHI command process due to lack of check of channel id value received from MHI devices' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in Agatti, APQ8009, Bitra, IPQ4019, IPQ5018, IPQ6018, IPQ8064, IPQ8074, Kamorta, MDM9150, MDM9607, MDM9650, MSM8905, MSM8917, MSM8953, Nicobar, QCA6390, QCA9531, QCM2150, QCS404, QCS405, QCS605, QCS610, QM215, QRB5165, Rennell, SA415M, SA515M, SA6155P, SA8155P, Saipan, SC8180X, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM660, SDM670, SDM710, SDM845, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | |||||
| CVE-2020-11155 | 1 Qualcomm | 22 Apq8009, Apq8009 Firmware, Apq8053 and 19 more | 2020-11-09 | 8.3 HIGH | 8.8 HIGH |
| u'Buffer overflow while processing PDU packet in bluetooth due to lack of check of buffer length before copying into it.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, QCA6390, QCN7605, QCN7606, SA415M, SA515M, SA6155P, SA8155P, SC8180X, SDX55 | |||||
| CVE-2007-2650 | 2 Clamav, Debian | 2 Clamav, Debian Linux | 2020-11-09 | 4.3 MEDIUM | N/A |
| The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (resource consumption) via an OLE2 file with (1) a large property size or (2) a loop in the FAT file block chain that triggers an infinite loop, as demonstrated via a crafted DOC file. | |||||
| CVE-2018-19058 | 3 Canonical, Debian, Freedesktop | 3 Ubuntu Linux, Debian Linux, Poppler | 2020-11-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file. | |||||
| CVE-2018-20650 | 2 Canonical, Freedesktop | 2 Ubuntu Linux, Poppler | 2020-11-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach. | |||||
| CVE-2018-20662 | 3 Debian, Fedoraproject, Freedesktop | 3 Debian Linux, Fedora, Poppler | 2020-11-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing. | |||||
| CVE-2019-10018 | 1 Xpdfreader | 1 Xpdf | 2020-11-09 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case. | |||||
| CVE-2019-14494 | 3 Canonical, Fedoraproject, Freedesktop | 3 Ubuntu Linux, Fedora, Poppler | 2020-11-09 | 4.3 MEDIUM | 7.5 HIGH |
| An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc. | |||||
| CVE-2019-9959 | 1 Freedesktop | 1 Poppler | 2020-11-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo. | |||||
| CVE-2015-5262 | 3 Apache, Canonical, Fedoraproject | 3 Httpclient, Ubuntu Linux, Fedora | 2020-11-08 | 4.3 MEDIUM | N/A |
| http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors. | |||||
| CVE-2019-13314 | 1 Redhat | 1 Virt-bootstrap | 2020-11-07 | 2.1 LOW | 7.8 HIGH |
| virt-bootstrap 1.1.0 allows local users to discover a root password by listing a process, because this password may be present in the --root-password option to virt_bootstrap.py. | |||||
| CVE-2020-3654 | 1 Qualcomm | 82 Agatti, Agatti Firmware, Apq8053 and 79 more | 2020-11-06 | 10.0 HIGH | 9.8 CRITICAL |
| u'Buffer overflow occurs while processing SIP message packet due to lack of check of index validation before copying into it' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in Agatti, APQ8053, APQ8096AU, APQ8098, Bitra, Kamorta, MSM8905, MSM8909W, MSM8917, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCA6390, QCA6574AU, QCM2150, QCS605, QM215, Rennell, SA6155P, SA8155P, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | |||||
| CVE-2020-1909 | 1 Whatsapp | 2 Whatsapp, Whatsapp Business | 2020-11-06 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free in a logging library in WhatsApp for iOS prior to v2.20.111 and WhatsApp Business for iOS prior to v2.20.111 could have resulted in memory corruption, crashes and potentially code execution. This could have happened only if several events occurred together in sequence, including receiving an animated sticker while placing a WhatsApp video call on hold. | |||||
| CVE-2020-2306 | 1 Jenkins | 1 Mercurial | 2020-11-06 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins Mercurial Plugin 2.11 and earlier allows attackers with Overall/Read permission to obtain a list of names of configured Mercurial installations. | |||||
| CVE-2020-2309 | 1 Jenkins | 1 Kubernetes | 2020-11-06 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing/An incorrect permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | |||||
| CVE-2020-2308 | 1 Jenkins | 1 Kubernetes | 2020-11-06 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to list global pod template names. | |||||
| CVE-2020-2303 | 1 Jenkins | 1 Active Directory | 2020-11-06 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Active Directory Plugin 2.19 and earlier allows attackers to perform connection tests, connecting to attacker-specified or previously configured Active Directory servers using attacker-specified credentials. | |||||
| CVE-2020-2313 | 1 Jenkins | 1 Azure Key Vault | 2020-11-06 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins Azure Key Vault Plugin 2.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | |||||