Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
report project report vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2019-10432
Jenkins HTML Publisher Plugin 1.20 and previous versions did not escape the project and build display names in the HTML report frame, resulting in a cross-site scripting vulnerability exploitable by users able to change those.
Jenkins Html Publisher
5.3
CVSSv3
CVE-2023-39326
A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of d...
Golang Go
5.3
CVSSv3
CVE-2023-27983
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow deletion of reports from the IGSS project report directory, this would lead to loss of data when an attacker abuses this functionality. Affected Products...
Schneider-electric Custom Reports
Schneider-electric Igss Dashboard
Schneider-electric Igss Data Server
5.3
CVSSv3
CVE-2023-27977
A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause access to delete files in the IGSS project report directory, this could lead to loss of data when an attacker sends specific crafted messages to the Data Server TCP ...
Schneider-electric Custom Reports
Schneider-electric Igss Dashboard
Schneider-electric Igss Data Server
5.3
CVSSv3
CVE-2019-19859
An issue exists in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. The Add Collaborator allows unlimited data via the author parameter, even if the data does not match anything in the database.
Serpico Project Serpico 1.3.0
4.8
CVSSv3
CVE-2022-25220
PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code inside the markdown descriptions while creating a product, report or finding.
Petereport Project Petereport 0.5
4.8
CVSSv3
CVE-2019-19855
An issue exists in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. admin/list_user allows stored XSS via the auth_type parameter.
Serpico Project Serpico 1.3.0
4.8
CVSSv3
CVE-2019-19856
An issue exists in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. The User Type on the admin/list_user page allows stored XSS via the type parameter.
Serpico Project Serpico 1.3.0
4.8
CVSSv3
CVE-2019-19858
An issue exists in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. admin/add_user/UID allows stored XSS via the author parameter.
Serpico Project Serpico 1.3.0
4.7
CVSSv3
CVE-2020-8833
Time-of-check Time-of-use Race Condition vulnerability on crash report ownership change in Apport allows for a possible privilege escalation opportunity. If fs.protected_symlinks is disabled, this can be exploited between the os.open and os.chown calls when the Apport cron script...
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 19.10
Canonical Ubuntu Linux 16.04
Apport Project Apport -
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »