Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
publisher vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2019-1003067
Jenkins Trac Publisher Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
Jenkins Trac Publisher
10
CVSSv2
CVE-2015-8277
Multiple buffer overflows in (1) lmgrd and (2) Vendor Daemon in Flexera FlexNet Publisher prior to 11.13.1.2 Security Update 1 allow remote malicious users to execute arbitrary code via a crafted packet with opcode (a) 0x107 or (b) 0x10a.
Flexerasoftware Flexnet Publisher
1 Github repository
9.3
CVSSv2
CVE-2010-3955
pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 does not properly perform array indexing, which allows remote malicious users to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Array Indexing Memory Corrupt...
Microsoft Publisher 2002
NA
CVE-2023-37959
A missing permission check in Jenkins Sumologic Publisher Plugin 2.2.1 and previous versions allows attackers with Overall/Read permission to connect to an attacker-specified URL.
Jenkins Sumologic Publisher
5
CVSSv2
CVE-2020-2114
Jenkins S3 publisher Plugin 0.11.4 and previous versions transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.
Jenkins S3 Publisher
10
CVSSv2
CVE-2007-1117
Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 allows remote malicious users to execute arbitrary code via unspecified vectors, related to a "file format vulnerability." NOTE: this information is based upon a vague pre-advisory with no actionable i...
Microsoft Publisher 2007
3.5
CVSSv2
CVE-2019-10432
Jenkins HTML Publisher Plugin 1.20 and previous versions did not escape the project and build display names in the HTML report frame, resulting in a cross-site scripting vulnerability exploitable by users able to change those.
Jenkins Html Publisher
NA
CVE-2022-41231
Jenkins Build-Publisher Plugin 1.22 and previous versions allows attackers with Item/Configure permission to create or replace any config.xml file on the Jenkins controller file system by providing a crafted file name to an API endpoint.
Jenkins Build-publisher
NA
CVE-2022-41232
A cross-site request forgery (CSRF) vulnerability in Jenkins Build-Publisher Plugin 1.22 and previous versions allows malicious users to replace any config.xml file on the Jenkins controller file system with an empty file by providing a crafted file name to an API endpoint.
Jenkins Build-publisher
2.1
CVSSv2
CVE-2019-10426
Jenkins Gem Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Jenkins Gem Publisher
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »