CVE-2019-1003002
- EPSS 81.55%
- Veröffentlicht 22.01.2019 14:29:00
- Zuletzt bearbeitet 21.11.2024 04:17:43
A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/Converter.groovy that allows attackers with Overall/Read permis...
CVE-2019-1003003
- EPSS 1.55%
- Veröffentlicht 22.01.2019 14:29:00
- Zuletzt bearbeitet 21.11.2024 04:17:43
An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java that allows attackers with Overall/RunScripts permission to craft Remember M...
CVE-2019-1003004
- EPSS 1.62%
- Veröffentlicht 22.01.2019 14:29:00
- Zuletzt bearbeitet 21.11.2024 04:17:43
An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java that allows attackers to extend the duration of active HTTP sessions indef...
CVE-2019-0542
- EPSS 3.18%
- Veröffentlicht 09.01.2019 15:29:00
- Zuletzt bearbeitet 21.11.2024 04:16:49
A remote code execution vulnerability exists in Xterm.js when the component mishandles special characters, aka "Xterm Remote Code Execution Vulnerability." This affects xterm.js.
CVE-2018-14718
- EPSS 12.68%
- Veröffentlicht 02.01.2019 18:29:00
- Zuletzt bearbeitet 21.11.2024 03:49:39
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.
CVE-2018-14719
- EPSS 9.68%
- Veröffentlicht 02.01.2019 18:29:00
- Zuletzt bearbeitet 21.11.2024 03:49:40
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.
CVE-2018-14720
- EPSS 7.52%
- Veröffentlicht 02.01.2019 18:29:00
- Zuletzt bearbeitet 21.11.2024 03:49:40
FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.
- EPSS 10.46%
- Veröffentlicht 02.01.2019 18:29:00
- Zuletzt bearbeitet 21.11.2024 03:49:40
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.
CVE-2018-19360
- EPSS 10.6%
- Veröffentlicht 02.01.2019 18:29:00
- Zuletzt bearbeitet 21.11.2024 03:57:48
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.
CVE-2018-19361
- EPSS 10.6%
- Veröffentlicht 02.01.2019 18:29:00
- Zuletzt bearbeitet 21.11.2024 03:57:48
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.