Skip to main content
CVE-2019-1003005 HIGH POC PATCH THREAT Act Now

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.50 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Jenkins RCE Script Security
NVD GitHub
CVSS 3.1
8.8
EPSS
19.0%
CVE-2019-3822 CRITICAL POC PATCH THREAT Act Now

libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Stack Overflow Libcurl Ubuntu Linux Debian Linux +13
NVD
CVSS 3.1
9.8
EPSS
12.8%
CVE-2019-7548 HIGH POC PATCH This Week

SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

SQLi Sqlalchemy Debian Linux Backports Sle Leap +5
NVD GitHub
CVSS 3.1
7.8
EPSS
1.8%
CVE-2019-3823 HIGH POC PATCH This Week

libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Libcurl Ubuntu Linux Debian Linux +4
NVD
CVSS 3.0
7.5
EPSS
4.3%
CVE-2019-3825 MEDIUM POC This Month

A vulnerability was discovered in gdm before 3.31.4. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Gnome Display Manager Ubuntu Linux Enterprise Linux
NVD
CVSS 3.0
6.4
EPSS
0.5%
CVE-2019-7546 MEDIUM POC This Month

An issue was discovered in SIDU 6.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Sidu
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-7543 MEDIUM POC This Month

In KindEditor 4.1.11, the php/demo.php content1 parameter has a reflected Cross-site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Kindeditor
NVD GitHub
CVSS 3.0
6.1
EPSS
3.2%
CVE-2019-3464 CRITICAL Act Now

Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Rssh Debian Linux Fedora Ubuntu Linux
NVD
CVSS 3.1
9.8
EPSS
4.7%
CVE-2019-3463 CRITICAL Act Now

Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Rssh Debian Linux Fedora Ubuntu Linux
NVD
CVSS 3.1
9.8
EPSS
4.9%
CVE-2019-7545 MEDIUM POC This Month

In DbNinja 3.2.7, the Add Host function of the Manage Hosts pages has a Stored Cross-site Scripting (XSS) vulnerability in the User Name field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dbninja
NVD GitHub
CVSS 3.0
5.4
EPSS
0.7%
CVE-2019-7544 MEDIUM POC This Month

An issue was discovered in MyWebSQL 3.7. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mywebsql
NVD GitHub
CVSS 3.0
5.4
EPSS
0.7%
CVE-2019-1003015 CRITICAL PATCH Act Now

An XML external entity processing vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/client/RestApiClient.java that allows attackers. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Java Denial Of Service Jenkins Job Import
NVD
CVSS 3.0
9.1
EPSS
1.8%
CVE-2019-7547 MEDIUM POC This Month

An issue was discovered in SIDU 6.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Sidu
NVD GitHub
CVSS 3.0
4.8
EPSS
0.7%
CVE-2019-1003016 HIGH PATCH This Week

An exposure of sensitive information vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/JobImportAction.java,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Jenkins CSRF Job Import
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2019-1003008 HIGH This Week

A cross-site request forgery vulnerability exists in Jenkins Warnings Next Generation Plugin 2.1.1 and earlier in src/main/java/io/jenkins/plugins/analysis/warnings/groovy/GroovyParser.java that. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Jenkins RCE CSRF Warnings Next Generation
NVD
CVSS 3.0
8.8
EPSS
1.2%
CVE-2019-1003007 HIGH PATCH This Week

A cross-site request forgery vulnerability exists in Jenkins Warnings Plugin 5.0.0 and earlier in src/main/java/hudson/plugins/warnings/GroovyParser.java that allows attackers to execute arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Jenkins RCE CSRF Warnings
NVD
CVSS 3.0
8.8
EPSS
1.2%
CVE-2019-1003006 HIGH PATCH This Week

A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.0 and earlier in src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Java Jenkins RCE Groovy
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2019-3820 MEDIUM POC PATCH This Month

It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Gnome Shell Leap Ubuntu Linux
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2019-1003011 HIGH PATCH This Week

An information exposure and denial of service vulnerability exists in Jenkins Token Macro Plugin 2.5 and earlier in src/main/java/org/jenkinsci/plugins/tokenmacro/Parser.java,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Denial Of Service Jenkins Information Disclosure Token Macro +1
NVD
CVSS 3.1
8.1
EPSS
2.0%
CVE-2019-1003009 HIGH PATCH This Week

An improper certificate validation vulnerability exists in Jenkins Active Directory Plugin 2.10 and earlier in src/main/java/hudson/plugins/active_directory/ActiveDirectoryDomain.java,. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Jenkins Information Disclosure Active Directory
NVD
CVSS 3.0
7.4
EPSS
0.8%
CVE-2019-6517 MEDIUM This Month

BD FACSLyric Research Use Only, Windows 10 Professional Operating System, U.S. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Facslyric Facslyric Ivd
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2019-1003022 MEDIUM PATCH This Month

A denial of service vulnerability exists in Jenkins Monitoring Plugin 1.74.0 and earlier in PluginImpl.java that allows attackers to kill threads running on the Jenkins master. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Denial Of Service Jenkins CSRF Monitoring
NVD
CVSS 3.0
6.5
EPSS
0.7%
CVE-2019-1003012 MEDIUM PATCH This Month

A data modification vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-core-js/src/js/bundleStartup.js, blueocean-core-js/src/js/fetch.ts,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Jenkins CSRF Blue Ocean Openshift Container Platform
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2019-1003023 MEDIUM PATCH This Month

A cross-site scripting vulnerability exists in Jenkins Warnings Next Generation Plugin 1.0.1 and earlier in src/main/java/io/jenkins/plugins/analysis/core/model/DetailsTableModel.java,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Java Jenkins Warnings Next Generation
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2019-6504 MEDIUM This Month

Insufficient output sanitization in the Automic Web Interface (AWI), in CA Automic Workload Automation 12.0 to 12.2, allow attackers to potentially conduct persistent cross site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Automic Workload Automation
NVD
CVSS 3.0
6.1
EPSS
2.0%
CVE-2019-1003019 MEDIUM PATCH This Month

An session fixation vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm.java that allows unauthorized attackers to impersonate another user if they. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Java Session Fixation Jenkins Github Oauth
NVD
CVSS 3.0
5.9
EPSS
0.9%
CVE-2019-1003013 MEDIUM PATCH This Month

An cross-site scripting vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/Export.java,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Java Jenkins Blue Ocean Openshift Container Platform
NVD
CVSS 3.0
5.4
EPSS
1.2%
CVE-2019-1003017 MEDIUM PATCH This Month

A data modification vulnerability exists in Jenkins Job Import Plugin 3.0 and earlier in JobImportAction.java that allows attackers to copy jobs from a preconfigured other Jenkins instance,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Jenkins CSRF Job Import
NVD
CVSS 3.0
5.3
EPSS
0.5%
CVE-2019-1003014 MEDIUM PATCH This Month

An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/lib/configfiles/configfiles.jelly that allows attackers with permission to. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Config File Provider Openshift Container Platform
NVD
CVSS 3.0
4.8
EPSS
0.9%
CVE-2019-1003021 MEDIUM PATCH This Month

An exposure of sensitive information vulnerability exists in Jenkins OpenId Connect Authentication Plugin 1.4 and earlier in OicSecurityRealm/config.jelly that allows attackers able to view a Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Openid Connect Authentication
NVD
CVSS 3.0
4.3
EPSS
1.1%
CVE-2019-1003020 MEDIUM PATCH This Month

A server-side request forgery vulnerability exists in Jenkins Kanboard Plugin 1.5.10 and earlier in KanboardGlobalConfiguration.java that allows attackers with Overall/Read permission to submit a GET. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java SSRF Jenkins Kanboard
NVD
CVSS 3.0
4.3
EPSS
0.6%
CVE-2019-1003018 MEDIUM PATCH This Month

An exposure of sensitive information vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm/config.jelly that allows attackers able to view a Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Github Oauth
NVD
CVSS 3.0
4.3
EPSS
1.1%
CVE-2019-1003010 MEDIUM PATCH This Month

A cross-site request forgery vulnerability exists in Jenkins Git Plugin 3.9.1 and earlier in src/main/java/hudson/plugins/git/GitTagAction.java that allows attackers to create a Git tag in a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Jenkins CSRF Git Openshift Container Platform
NVD
CVSS 3.0
4.3
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy