Skip to main content
CVE-2019-1003002 HIGH POC PATCH THREAT Act Now

A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Jenkins RCE Pipeline Openshift Container Platform
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
81.6%
CVE-2019-1003001 HIGH POC PATCH THREAT Act Now

A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins/workflow/cps/CpsFlowDefinition.java,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Jenkins RCE Pipeline Openshift Container Platform
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
86.2%
CVE-2019-1003000 HIGH POC PATCH THREAT Act Now

A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Jenkins RCE Script Security Openshift Container Platform
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
98.4%
CVE-2019-6510 HIGH POC This Week

An issue was discovered in creditease-sec insight through 2018-09-11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Insight
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%
CVE-2019-6509 HIGH POC This Week

An issue was discovered in creditease-sec insight through 2018-09-11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Insight
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%
CVE-2019-6508 HIGH POC This Week

An issue was discovered in creditease-sec insight through 2018-09-11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Insight
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%
CVE-2019-6507 HIGH POC This Week

An issue was discovered in creditease-sec insight through 2018-09-11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Insight
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%
CVE-2019-6502 HIGH POC This Week

sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory leak, as demonstrated by a call from eidenv. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Opensc
NVD GitHub
CVSS 3.0
7.5
EPSS
2.2%
CVE-2019-6338 HIGH PATCH This Week

In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; Drupal core uses the third-party PEAR Archive_Tar library. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Drupal Debian Linux
NVD
CVSS 3.0
8.0
EPSS
2.1%
CVE-2019-1003004 HIGH PATCH This Week

An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java that allows attackers. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Openshift Container Platform
NVD
CVSS 3.1
7.2
EPSS
1.6%
CVE-2019-1003003 HIGH PATCH This Week

An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java that allows attackers. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Openshift Container Platform
NVD
CVSS 3.1
7.2
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy