NVD List
Id | Name | Description | Reject | CVSS Version | CVSS Score | Severity | Pub Date | Modified Date | Actions |
---|---|---|---|---|---|---|---|---|---|
19493 | CVE-2016-3725 | Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users to trigger updating of update site metadata by leveraging a missing permissions check. NOTE: this issue can be combined with DNS cache poisoning to cause a denial of service (service disruption). | 2 | 5 | Medium | 2017-01-19 | 2016-07-14 | View | |
19494 | CVE-2016-3726 | Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors related to "scheme-relative" URLs. | 2 | 5.8 | Medium | 2017-01-19 | 2016-07-14 | View | |
19495 | CVE-2016-3727 | The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors. | 2 | 4 | Medium | 2017-01-19 | 2016-07-14 | View | |
19496 | CVE-2016-3728 | Eval injection vulnerability in tftp_api.rb in the TFTP module in the Smart-Proxy in Foreman before 1.10.4 and 1.11.x before 1.11.2 allows remote attackers to execute arbitrary code via the PXE template type portion of the PATH_INFO to tftp/. | 2 | 6.8 | Medium | 2017-01-19 | 2016-05-23 | View | |
85139 | CVE-2016-3729 | The user editing form in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to edit profile fields locked by the administrator. | 2017-04-27 | 2017-04-20 | View |
Page 15826 of 17672, showing 5 records out of 88360 total, starting on record 79126, ending on 79130