Log

CVE-2018-1999006 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Information disclosure
Description
+ Files indicating when a plugin JPI file was last extracted into a subdirectory of plugins/ in the Jenkins home directory were accessible via HTTP by users with Overall/Read permission before Jenkins 2.133. This allowed unauthorized users to determine the likely install date of a given plugin.
References
+ https://jenkins.io/security/advisory/2018-07-18/
Notes
CVE-2018-1999007 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Cross-site scripting
Description
+ Stapler is the web framework used by Jenkins to route HTTP requests. When its debug mode is enabled, HTTP 404 error pages display diagnostic information. Those error pages did not escape parts of URLs they displayed before Jenkins 2.133, in rare cases resulting in a cross-site scripting vulnerability.
References
+ https://jenkins.io/security/advisory/2018-07-18/
Notes
CVE-2018-1999023 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ "The Battle for Wesnoth", which allows arbitrary code execution by exploiting a vulnerability within the Lua scripting language engine which allows escaping existing sandbox measures in place and executing untrusted bytecode
References
+ http://www.openwall.com/lists/oss-security/2018/07/20/1
+ https://github.com/wesnoth/wesnoth/commit/d911268a783467842d38eae7ac1630f1fea41318
Notes
CVE-2018-1999024 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Local
Type
+ Cross-site scripting
Description
+ A security issue has been found in MathJax versions prior to version 2.7.4, which contain a Cross Site Scripting (XSS) vulnerability in the \unicode{} macro that can result in potentially untrusted Javascript running within a web browser, for example at notebook load.
References
+ https://blog.jupyter.org/security-fix-for-jupyter-notebook-450f272b6932
Notes
CVE-2018-1999043 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Access restriction bypass
Description
+ A security issue has been found in Jenkins version prior to 2.146. When attempting to authenticate using API token, an ephemeral user record was created to validate the token in case an external security realm was used, and the user record in Jenkins not previously saved, as (legacy) API tokens could exist without a persisted user record.
+ This behavior could be abused to create a large number of ephemeral user records in memory.
References
+ https://jenkins.io/security/advisory/2018-10-10/
Notes
CVE-2018-20002 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm.
References
+ https://sourceware.org/bugzilla/show_bug.cgi?id=23952
+ https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c2f5dc30afa34696f2da0081c4ac50b958ecb0e9
Notes
CVE-2018-20004 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ An issue has been found in Mini-XML (aka mxml) 2.12. It is a stack-based buffer overflow in mxml_write_node in mxml-file.c via vectors involving a double-precision floating point number and the '<order type="real">' substring, as demonstrated by testmxml.
References
+ https://github.com/michaelrsweet/mxml/commit/4f5577dd4672d228e4180f06bdbd66f343ea45e0
+ https://github.com/fouzhe/security/tree/master/mxml#stack-buffer-overflow-in-function-mxml_write_node
+ https://github.com/michaelrsweet/mxml/issues/233
Notes
CVE-2018-20005 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Local
Type
+ Arbitrary code execution
Description
+ An issue has been found in Mini-XML (aka mxml) 2.12. It is a use-after-free in mxmlWalkNext in mxml-search.c, as demonstrated by mxmldoc.
References
+ https://github.com/michaelrsweet/mxml/commit/eadf40fa7049e43dd5757df5945e9ec1c491e8a4
+ https://github.com/fouzhe/security/tree/master/mxml#heap-use-after-free-in-function-mxmlwalknext
Notes
CVE-2018-20102 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Remote
Type
+ Denial of service
Description
+ A stack-based out-of-bounds read has been found in HAProxy before 1.8.15, in the dns_validate_dns_response() function in dns.c, where it can be triggered by a crafted DNS packet.
References
+ https://www.mail-archive.com/haproxy@formilux.org/msg32055.html
+ https://git.haproxy.org/?p=haproxy-1.8.git;a=commitdiff;h=2e53fe850be462dab2c1141f044a94d248d68bfe
+ https://git.haproxy.org/?p=haproxy-1.8.git;a=commitdiff;h=12e27845513f87fe2df88e5795d0273f0b992a91
Notes
CVE-2018-20103 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ A stack-exhaustion issue has been found in HAProxy before 1.8.15, in the dns_read_name() function in dns.c, where an infinite recursion can be triggered via a crafted DNS packet.
References
+ https://www.mail-archive.com/haproxy@formilux.org/msg32055.html
+ https://git.haproxy.org/?p=haproxy-1.8.git;a=commitdiff;h=2b514b24f71af8ff8c6593636850b9a312a05278
Notes