CVE-2019-7221
- EPSS 0.81%
- Veröffentlicht 21.03.2019 16:01:10
- Zuletzt bearbeitet 21.11.2024 04:47:46
The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.
CVE-2018-20615
- EPSS 4.46%
- Veröffentlicht 21.03.2019 16:00:36
- Zuletzt bearbeitet 21.11.2024 04:01:51
An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can result in a crash. The processing of the PRIORITY flag in a HEADERS frame requires 5 extra bytes, and while these bytes are s...
CVE-2018-12022
- EPSS 7.29%
- Veröffentlicht 21.03.2019 16:00:12
- Zuletzt bearbeitet 21.11.2024 03:44:25
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in ...
CVE-2018-12023
- EPSS 8.87%
- Veröffentlicht 21.03.2019 16:00:12
- Zuletzt bearbeitet 21.11.2024 03:44:26
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provid...
CVE-2019-1003029
- EPSS 73.85%
- Veröffentlicht 08.03.2019 21:29:00
- Zuletzt bearbeitet 24.10.2025 14:49:04
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java, src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/Secure...
CVE-2019-1003030
- EPSS 75.59%
- Veröffentlicht 08.03.2019 21:29:00
- Zuletzt bearbeitet 24.10.2025 20:48:13
A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShell.java that allows attackers able to control pipeline scripts to execute arbitrary cod...
CVE-2019-1003031
- EPSS 3.39%
- Veröffentlicht 08.03.2019 21:29:00
- Zuletzt bearbeitet 21.11.2024 04:17:46
A sandbox bypass vulnerability exists in Jenkins Matrix Project Plugin 1.13 and earlier in pom.xml, src/main/java/hudson/matrix/FilterScript.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM.
CVE-2019-1003034
- EPSS 2.96%
- Veröffentlicht 08.03.2019 21:29:00
- Zuletzt bearbeitet 21.11.2024 04:17:46
A sandbox bypass vulnerability exists in Jenkins Job DSL Plugin 1.71 and earlier in job-dsl-core/src/main/groovy/javaposse/jobdsl/dsl/AbstractDslScriptLoader.groovy, job-dsl-plugin/build.gradle, job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/...
CVE-2019-9636
- EPSS 8.81%
- Veröffentlicht 08.03.2019 21:29:00
- Zuletzt bearbeitet 21.11.2024 04:52:01
Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a ...
CVE-2019-1003024
- EPSS 2.99%
- Veröffentlicht 20.02.2019 21:29:00
- Zuletzt bearbeitet 21.11.2024 04:17:45
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.52 and earlier in RejectASTTransformsCustomizer.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitr...