|
225021
|
6.8 |
MEDIUM
Physics
|
hp
|
thinpro
|
In HP ThinPro Linux 6.2, 6.2.1, 7.0 and 7.1, an attacker may be able to leverage the application filter bypass vulnerability to gain privileged access to create a file on the local file system whose …
|
NVD-CWE-noinfo
|
CVE-2019-16287
|
2024-11-21 13:30 |
2019-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225022
|
6.8 |
MEDIUM
Physics
|
hp
|
thinpro_linux
|
An attacker may be able to bypass the OS application filter meant to restrict applications that can be executed by changing browser preferences to launch a separate process that in turn can execute a…
|
CWE-287
Improper Authentication
|
CVE-2019-16286
|
2024-11-21 13:30 |
2019-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225023
|
4.6 |
MEDIUM
Physics
|
hp
|
thinpro_linux
|
If a local user has been configured and logged in, an unauthenticated attacker with physical access may be able to extract sensitive information onto a local drive.
|
CWE-200
Information Exposure
|
CVE-2019-16285
|
2024-11-21 13:30 |
2019-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225024
|
7.8 |
HIGH
Local
|
centreon
|
centreon_web
|
Centreon Web 19.04.4 has weak permissions within the OVA (aka VMware virtual machine) and OVF (aka VirtualBox virtual machine) files, allowing attackers to gain privileges via a Trojan horse Centreon…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-16406
|
2024-11-21 13:30 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225025
|
7.2 |
HIGH
Network
|
centreon
|
centreon_web
|
Centreon Web before 2.8.30, 18.10.x before 18.10.8, 19.04.x before 19.04.5 and 19.10.x before 19.10.2 allows Remote Code Execution by an administrator who can modify Macro Expression location setting…
|
NVD-CWE-noinfo
|
CVE-2019-16405
|
2024-11-21 13:30 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225026
|
8.8 |
HIGH
Network
|
jenkins
|
google_compute_engine
|
A cross-site request forgery vulnerability in Jenkins Google Compute Engine Plugin 4.1.1 and earlier in ComputeEngineCloud#doProvision could be used to provision new agents.
|
CWE-352
Origin Validation Error
|
CVE-2019-16548
|
2024-11-21 13:30 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225027
|
4.3 |
MEDIUM
Network
|
jenkins
|
google_compute_engine
|
Missing permission checks in various API endpoints in Jenkins Google Compute Engine Plugin 4.1.1 and earlier allow attackers with Overall/Read permission to obtain limited information about the plugi…
|
CWE-862
Missing Authorization
|
CVE-2019-16547
|
2024-11-21 13:30 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225028
|
5.9 |
MEDIUM
Network
|
jenkins
|
google_compute_engine
|
Jenkins Google Compute Engine Plugin 4.1.1 and earlier does not verify SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2019-16546
|
2024-11-21 13:30 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225029
|
6.5 |
MEDIUM
Network
|
qmetry
|
jenkins_qmetry_for_jira
|
Jenkins QMetry for JIRA - Test Management Plugin transmits credentials in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure.
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2019-16545
|
2024-11-21 13:30 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225030
|
8.8 |
HIGH
Network
|
qmetry
|
jenkins_qmetry_for_jira
|
Jenkins QMetry for JIRA - Test Management Plugin 1.12 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read per…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2019-16544
|
2024-11-21 13:30 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
