Max CVSS 6.5 Min CVSS 2.1 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2020-2255 4.0
A missing permission check in Jenkins Blue Ocean Plugin 1.23.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.
25-10-2023 - 18:16 16-09-2020 - 14:15
CVE-2019-16541 6.5
Jenkins JIRA Plugin 3.0.10 and earlier does not declare the correct (folder) scope for per-folder Jira site definitions, allowing users to select and use credentials with System scope.
25-10-2023 - 18:16 21-11-2019 - 15:15
CVE-2020-2252 5.8
Jenkins Mailer Plugin 1.32 and earlier does not perform hostname validation when connecting to the configured SMTP server.
25-10-2023 - 18:16 16-09-2020 - 14:15
CVE-2020-2254 3.5
Jenkins Blue Ocean Plugin 1.23.2 and earlier provides an undocumented feature flag that, when enabled, allows an attacker with Job/Configure or Job/Create permission to read arbitrary files on the Jenkins controller file system.
25-10-2023 - 18:16 16-09-2020 - 14:15
CVE-2020-16845 5.0
Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.
03-02-2023 - 02:28 06-08-2020 - 18:15
CVE-2020-8559 6.0
The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise
27-01-2023 - 20:34 22-07-2020 - 14:15
CVE-2020-15586 4.3
Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time.
03-12-2022 - 14:31 17-07-2020 - 16:15
CVE-2020-14370 4.0
An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variable
07-11-2022 - 20:15 23-09-2020 - 13:15
CVE-2020-8564 2.1
In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This affects < v1.
29-03-2021 - 19:30 07-12-2020 - 22:15
CVE-2020-14040 5.0
The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 deco
18-11-2020 - 14:44 17-06-2020 - 20:15
CVE-2020-14370 4.0
An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variable
29-09-2020 - 18:33 23-09-2020 - 13:15
CVE-2020-14370 4.0
An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variable
29-09-2020 - 18:33 23-09-2020 - 13:15
CVE-2020-16845 5.0
Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.
24-09-2020 - 12:15 06-08-2020 - 18:15
Back to Top Mark selected
Back to Top