Total
31465 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-10356 | 2 Jenkins, Redhat | 2 Script Security, Openshift Container Platform | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of method pointer expressions allowed attackers to execute arbitrary code in sandboxed scripts. | |||||
| CVE-2019-10306 | 1 Jenkins | 1 Ontrack | 2024-11-21 | 6.5 MEDIUM | 9.9 CRITICAL |
| A sandbox bypass vulnerability in Jenkins ontrack Plugin 3.4 and earlier allowed attackers with control over ontrack DSL definitions to execute arbitrary code on the Jenkins master JVM. | |||||
| CVE-2019-10271 | 1 Ultimatemember | 1 Ultimate Member | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in the Ultimate Member plugin 2.39 for WordPress. It allows unauthorized profile and cover picture modification. It is possible to modify the profile and cover picture of any user once one is connected. One can also modify the profiles and cover pictures of privileged users. To perform such a modification, one first needs to (for example) intercept an upload-picture request and modify the user_id parameter. | |||||
| CVE-2019-10256 | 1 Vivotek | 1 Camera | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An authentication bypass vulnerability in VIVOTEK IPCam versions prior to 0x13a was found. | |||||
| CVE-2019-10211 | 2 Microsoft, Postgresql | 2 Windows, Postgresql | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via bundled OpenSSL executing code from unprotected directory. | |||||
| CVE-2019-10169 | 1 Redhat | 1 Keycloak | 2024-11-21 | 6.5 MEDIUM | 6.6 MEDIUM |
| A flaw was found in Keycloak’s user-managed access interface, where it would permit a script to be set in the UMA policy. This flaw allows an authenticated attacker with UMA permissions to configure a malicious script to trigger and execute arbitrary code with the permissions of the user running application. | |||||
| CVE-2019-10134 | 1 Moodle | 1 Moodle | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
| A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. The size of users' private file uploads via email were not correctly checked, so their quota allowance could be exceeded. | |||||
| CVE-2019-10104 | 1 Jetbrains | 1 Intellij Idea | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In several JetBrains IntelliJ IDEA Ultimate versions, an Application Server run configuration (for Tomcat, Jetty, Resin, or CloudBees) with the default setting allowed a remote attacker to execute code when the configuration is running, because a JMX server listened on all interfaces instead of localhost only. The issue has been fixed in the following versions: 2018.3.4, 2018.2.8, 2018.1.8, and 2017.3.7. | |||||
| CVE-2019-10065 | 1 Otrs | 1 Otrs | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Open Ticket Request System (OTRS) 7.0 through 7.0.6. An attacker who is logged into OTRS as a customer user can use the search result screens to disclose information from internal FAQ articles, a different vulnerability than CVE-2019-9753. | |||||
| CVE-2019-10058 | 1 Lexmark | 148 6500e, 6500e Firmware, C734 and 145 more | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| Various Lexmark products have Incorrect Access Control. | |||||
| CVE-2019-1020017 | 1 Discourse | 1 Discourse | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via a user-api OTP. | |||||
| CVE-2019-1010221 | 1 Lineageos | 1 Lineageos | 2024-11-21 | 4.4 MEDIUM | 6.8 MEDIUM |
| LineageOS 16.0 and earlier is affected by: Incorrect Access Control. The impact is: The property checked by `adb root` can also be set in a normal adb shell session. The component is: adb shell (patches to fix this are at https://review.lineageos.org/c/LineageOS/android_system_core/+/234800, https://review.lineageos.org/c/LineageOS/android_device_lineage_sepolicy/+/234799). The attack vector is: When adb is enabled, and an attacker has physical access, `adb shell setprop service.adb.root 1` allows restarting adb as root. | |||||
| CVE-2019-1010155 | 1 Dlink | 2 Dsl-2750u, Dsl-2750u Firmware | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| ** DISPUTED ** D-Link DSL-2750U 1.11 is affected by: Authentication Bypass. The impact is: denial of service and information leakage. The component is: login. NOTE: Third parties dispute this issues as not being a vulnerability because although the wizard is accessible without authentication, it can't actually configure anything. Thus, there is no denial of service or information leakage. | |||||
| CVE-2019-1010083 | 1 Palletsprojects | 1 Flask | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1. NOTE: this may overlap CVE-2018-1000656. | |||||
| CVE-2019-1010023 | 1 Gnu | 1 Glibc | 2024-11-21 | 6.8 MEDIUM | 5.4 MEDIUM |
| ** DISPUTED ** GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat." | |||||
| CVE-2019-1003034 | 2 Jenkins, Redhat | 2 Job Dsl, Openshift Container Platform | 2024-11-21 | 6.5 MEDIUM | 9.9 CRITICAL |
| A sandbox bypass vulnerability exists in Jenkins Job DSL Plugin 1.71 and earlier in job-dsl-core/src/main/groovy/javaposse/jobdsl/dsl/AbstractDslScriptLoader.groovy, job-dsl-plugin/build.gradle, job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/JobDslWhitelist.groovy, job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/SandboxDslScriptLoader.groovy that allows attackers with control over Job DSL definitions to execute arbitrary code on the Jenkins master JVM. | |||||
| CVE-2019-1003033 | 1 Jenkins | 1 Groovy | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.1 and earlier in pom.xml, src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM. | |||||
| CVE-2019-1003032 | 1 Jenkins | 1 Email Extension | 2024-11-21 | 6.5 MEDIUM | 9.9 CRITICAL |
| A sandbox bypass vulnerability exists in Jenkins Email Extension Plugin 2.64 and earlier in pom.xml, src/main/java/hudson/plugins/emailext/ExtendedEmailPublisher.java, src/main/java/hudson/plugins/emailext/plugins/content/EmailExtScript.java, src/main/java/hudson/plugins/emailext/plugins/content/ScriptContent.java, src/main/java/hudson/plugins/emailext/plugins/trigger/AbstractScriptTrigger.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM. | |||||
| CVE-2019-1003031 | 2 Jenkins, Redhat | 2 Matrix Project, Openshift Container Platform | 2024-11-21 | 6.5 MEDIUM | 9.9 CRITICAL |
| A sandbox bypass vulnerability exists in Jenkins Matrix Project Plugin 1.13 and earlier in pom.xml, src/main/java/hudson/matrix/FilterScript.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM. | |||||
| CVE-2019-1003024 | 2 Jenkins, Redhat | 2 Script Security, Openshift Container Platform | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.52 and earlier in RejectASTTransformsCustomizer.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM. | |||||