Total
715 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-10734 | 1 Trojita Project | 1 Trojita | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| In KDE Trojita 0.7, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker. | |||||
| CVE-2019-10732 | 2 Debian, Kde | 2 Debian Linux, Kmail | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| In KDE KMail 5.2.3, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker. | |||||
| CVE-2019-10435 | 1 Jenkins | 1 Sourcegear Vault | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Jenkins SourceGear Vault Plugin transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure. | |||||
| CVE-2019-10434 | 1 Jenkins | 1 Ldap Email | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Jenkins LDAP Email Plugin transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | |||||
| CVE-2019-10428 | 1 Jenkins | 1 Aqua Security Scanner | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Jenkins Aqua Security Scanner Plugin 3.0.17 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | |||||
| CVE-2019-10427 | 1 Jenkins | 1 Aqua Microscanner | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Jenkins Aqua MicroScanner Plugin 1.0.7 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | |||||
| CVE-2019-10412 | 1 Jenkins | 1 Inedo Proget | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Jenkins Inedo ProGet Plugin 1.2 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | |||||
| CVE-2019-10411 | 1 Jenkins | 1 Inedo Buildmaster | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Jenkins Inedo BuildMaster Plugin 2.4.0 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | |||||
| CVE-2019-10397 | 1 Jenkins | 1 Aqua Security Severless Scanner | 2024-11-21 | 2.6 LOW | 3.1 LOW |
| Jenkins Aqua Security Serverless Scanner Plugin 1.0.4 and earlier transmitted configured passwords in plain text as part of job configuration forms, potentially resulting in their exposure. | |||||
| CVE-2019-10391 | 1 Jenkins | 1 Ibm Application Security On Cloud | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Jenkins IBM Application Security on Cloud Plugin 1.2.4 and earlier transmitted configured passwords in plain text as part of job configuration forms, potentially resulting in their exposure. | |||||
| CVE-2019-10363 | 1 Jenkins | 1 Configuration As Code | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| Jenkins Configuration as Code Plugin 1.24 and earlier did not reliably identify sensitive values expected to be exported in their encrypted form. | |||||
| CVE-2019-10251 | 1 Ucweb | 1 Uc Browser | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| The UCWeb UC Browser application through 2019-03-26 for Android uses HTTP to download certain modules associated with PDF and Microsoft Office files (related to libpicsel), which allows MITM attacks. | |||||
| CVE-2019-10250 | 2 Microsoft, Ucweb | 2 Windows, Uc Browser | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| UCWeb UC Browser 7.0.185.1002 on Windows uses HTTP for downloading certain PDF modules, which allows MITM attacks. | |||||
| CVE-2019-10240 | 1 Eclipse | 1 Hawkbit | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifacts for the Vaadin based UI over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of hawkBit might be infected. | |||||
| CVE-2019-10102 | 1 Jetbrains | 2 Kotlin, Ktor | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| JetBrains Ktor framework (created using the Kotlin IDE template) versions before 1.1.0 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. This issue was fixed in Kotlin plugin version 1.3.30. | |||||
| CVE-2019-10101 | 1 Jetbrains | 1 Kotlin | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| JetBrains Kotlin versions before 1.3.30 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. | |||||
| CVE-2019-1010260 | 1 Ktlint Project | 1 Ktlint | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| Using ktlint to download and execute custom rulesets can result in arbitrary code execution as the served jars can be compromised by a MITM. This attack is exploitable via Man in the Middle of the HTTP connection to the artifact servers. This vulnerability appears to have been fixed in 0.30.0 and later; after commit 5e547b287d6c260d328a2cb658dbe6b7a7ff2261. | |||||
| CVE-2019-0348 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| SAP BusinessObjects Business Intelligence Platform (Web Intelligence), versions 4.1, 4.2, can access database with unencrypted connection, even if the quality of protection should be encrypted. | |||||
| CVE-2019-0346 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Unencrypted communication error in SAP Business Objects Business Intelligence Platform (Central Management Console), version 4.2, leads to disclosure of list of user names and roles imported from SAP NetWeaver BI systems, resulting in Information Disclosure. | |||||
| CVE-2019-0231 | 1 Apache | 1 Mina | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Handling of the close_notify SSL/TLS message does not lead to a connection closure, leading the server to retain the socket opened and to have the client potentially receive clear text messages afterward. Mitigation: 2.0.20 users should migrate to 2.0.21, 2.1.0 users should migrate to 2.1.1. This issue affects: Apache MINA. | |||||