Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2017-1000411

    OpenFlow Plugin and OpenDayLight Controller versions Nitrogen, Carbon, Boron, Robert Varga, Anil Vishnoi contain a flaw when multiple 'expired' flows take up the memory resource of CONFIG DATASTORE which leads to CONTROLLER shutdown. If multiple different... Read more

    Affected Products : openflow opendaylight
    • EPSS Score: %0.93
    • Published: Jan. 31, 2018
    • Modified: Nov. 21, 2024

  • 7.0

    HIGH
    CVE-2017-1000409

    A buffer overflow in glibc 2.5 (released on September 29, 2006) and can be triggered through the LD_LIBRARY_PATH environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366.... Read more

    Affected Products : glibc
    • EPSS Score: %1.77
    • Published: Feb. 01, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-1000408

    A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached and amplified through the LD_HWCAP_MASK environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366.... Read more

    Affected Products : glibc
    • EPSS Score: %1.54
    • Published: Feb. 01, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-1000404

    The Jenkins Delivery Pipeline Plugin version 1.0.7 and earlier used the unescaped content of the query parameter 'fullscreen' in its JavaScript, resulting in a cross-site scripting vulnerability through specially crafted URLs.... Read more

    Affected Products : delivery_pipeline
    • EPSS Score: %0.05
    • Published: Jan. 26, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-1000403

    Jenkins Speaks! Plugin, all current versions, allows users with Job/Configure permission to run arbitrary Groovy code inside the Jenkins JVM, effectively elevating privileges to Overall/Run Scripts.... Read more

    Affected Products : speaks\!
    • EPSS Score: %0.10
    • Published: Jan. 26, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2017-1000402

    Jenkins Swarm Plugin Client 3.4 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks.... Read more

    Affected Products : swarm
    • EPSS Score: %0.03
    • Published: Jan. 26, 2018
    • Modified: Nov. 21, 2024

  • 2.2

    LOW
    CVE-2017-1000401

    The Jenkins 2.73.1 and earlier, 2.83 and earlier default form control for passwords and other secrets, <f:password/>, supports form validation (e.g. for API keys). The form validation AJAX requests were sent via GET, which could result in secrets being lo... Read more

    Affected Products : jenkins
    • EPSS Score: %0.03
    • Published: Jan. 26, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2017-1000400

    The Jenkins 2.73.1 and earlier, 2.83 and earlier remote API at /job/(job-name)/api contained information about upstream and downstream projects. This included information about tasks that the current user otherwise has no access to, e.g. due to lack of It... Read more

    Affected Products : jenkins
    • EPSS Score: %0.04
    • Published: Jan. 26, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2017-1000399

    The Jenkins 2.73.1 and earlier, 2.83 and earlier remote API at /queue/item/(ID)/api showed information about tasks in the queue (typically builds waiting to start). This included information about tasks that the current user otherwise has no access to, e.... Read more

    Affected Products : jenkins
    • EPSS Score: %0.15
    • Published: Jan. 26, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2017-1000398

    The remote API in Jenkins 2.73.1 and earlier, 2.83 and earlier at /computer/(agent-name)/api showed information about tasks (typically builds) currently running on that agent. This included information about tasks that the current user otherwise has no ac... Read more

    Affected Products : jenkins
    • EPSS Score: %0.08
    • Published: Jan. 26, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2017-1000397

    Jenkins Maven Plugin 2.17 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks. Maven Plugin 3.0 no longer has a... Read more

    Affected Products : maven
    • EPSS Score: %0.03
    • Published: Jan. 26, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2017-1000396

    Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks. This library is widely us... Read more

    Affected Products : jenkins
    • EPSS Score: %0.02
    • Published: Jan. 26, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2017-1000395

    Jenkins 2.73.1 and earlier, 2.83 and earlier provides information about Jenkins user accounts which is generally available to anyone with Overall/Read permissions via the /user/(username)/api remote API. This included e.g. Jenkins users' email addresses i... Read more

    Affected Products : jenkins
    • EPSS Score: %0.07
    • Published: Jan. 26, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-1000394

    Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the commons-fileupload library with the denial-of-service vulnerability known as CVE-2016-3092. The fix for that vulnerability has been backported to the version of the library bundled with... Read more

    Affected Products : jenkins
    • EPSS Score: %0.40
    • Published: Jan. 26, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2017-1000393

    Jenkins 2.73.1 and earlier, 2.83 and earlier users with permission to create or configure agents in Jenkins could configure a launch method called 'Launch agent via execution of command on master'. This allowed them to run arbitrary shell commands on the ... Read more

    Affected Products : jenkins
    • EPSS Score: %0.60
    • Published: Jan. 26, 2018
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2017-1000392

    Jenkins 2.88 and earlier; 2.73.2 and earlier Autocompletion suggestions for text fields were not escaped, resulting in a persisted cross-site scripting vulnerability if the source for the suggestions allowed specifying text that includes HTML metacharacte... Read more

    Affected Products : jenkins
    • EPSS Score: %0.11
    • Published: Jan. 26, 2018
    • Modified: Nov. 21, 2024

  • 7.3

    HIGH
    CVE-2017-1000391

    Jenkins versions 2.88 and earlier and 2.73.2 and earlier stores metadata related to 'people', which encompasses actual user accounts, as well as users appearing in SCM, in directories corresponding to the user ID on disk. These directories used the user I... Read more

    Affected Products : jenkins
    • EPSS Score: %0.19
    • Published: Jan. 26, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2017-1000390

    Jenkins Multijob plugin version 1.25 and earlier did not check permissions in the Resume Build action, allowing anyone with Job/Read permission to resume the build.... Read more

    Affected Products : multijob
    • EPSS Score: %0.02
    • Published: Jan. 26, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-1000389

    Some URLs provided by Jenkins global-build-stats plugin version 1.4 and earlier returned a JSON response that contained request parameters. These responses had the Content Type: text/html, so could have been interpreted as HTML by clients, resulting in a ... Read more

    Affected Products : global-build-stats
    • EPSS Score: %0.06
    • Published: Jan. 26, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2017-1000388

    Jenkins Dependency Graph Viewer plugin 0.12 and earlier did not perform permission checks for the API endpoint that modifies the dependency graph, allowing anyone with Overall/Read permission to modify this data.... Read more

    Affected Products : dependency_graph_viewer
    • EPSS Score: %0.03
    • Published: Jan. 26, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 291593 Results