Lucene search
K

400 matches found

NVD
NVD
added 2019/04/30 9:29 p.m.24 views

CVE-2019-3929

The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pr...

10CVSS10AI score0.98952EPSS
Exploits10References5
Prion
Prion
added 2019/02/20 9:29 p.m.27 views

Security feature bypass

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.52 and earlier in RejectASTTransformsCustomizer.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM...

6.5CVSS8.9AI score0.0299EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2019/02/20 9:29 p.m.27 views

CVE-2019-1003024

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.52 and earlier in RejectASTTransformsCustomizer.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM...

8.8CVSS7.3AI score
Exploits0References3
Prion
Prion
added 2019/02/06 4:29 p.m.18 views

Security feature bypass

A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.0 and earlier in src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkin...

6.5CVSS8.9AI score0.0155EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2019/02/06 4:29 p.m.35 views

Security feature bypass

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.50 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result i...

6.5CVSS8.8AI score0.19042EPSS
Exploits3References3Affected Software1
Prion
Prion
added 2019/02/06 4:29 p.m.20 views

Cross site request forgery (csrf)

A cross-site request forgery vulnerability exists in Jenkins Warnings Next Generation Plugin 2.1.1 and earlier in src/main/java/io/jenkins/plugins/analysis/warnings/groovy/GroovyParser.java that allows attackers to execute arbitrary code via a form validation HTTP endpoint...

6.8CVSS8.8AI score0.01151EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2019/02/06 4:29 p.m.28 views

CVE-2019-1003007

A cross-site request forgery vulnerability exists in Jenkins Warnings Plugin 5.0.0 and earlier in src/main/java/hudson/plugins/warnings/GroovyParser.java that allows attackers to execute arbitrary code via a form validation HTTP endpoint...

8.8CVSS8.9AI score0.0121EPSS
Exploits0References1
Prion
Prion
added 2019/02/06 4:29 p.m.16 views

Cross site request forgery (csrf)

A cross-site request forgery vulnerability exists in Jenkins Warnings Plugin 5.0.0 and earlier in src/main/java/hudson/plugins/warnings/GroovyParser.java that allows attackers to execute arbitrary code via a form validation HTTP endpoint...

6.8CVSS8.8AI score0.0121EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2019/02/06 4:29 p.m.26 views

CVE-2019-1003005

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.50 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result i...

8.8CVSS7.3AI score
Exploits0References3
Cvelist
Cvelist
added 2019/02/06 4:0 p.m.24 views

CVE-2019-1003006

A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.0 and earlier in src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkin...

9AI score0.0155EPSS
Exploits0References1
CVE
CVE
added 2019/02/06 4:0 p.m.57 views

CVE-2019-1003007

The CVE-2019-1003007 entry describes a CSRF vulnerability in Jenkins Warnings Plugin (versions 5.0.0 and earlier) affecting the GroovyParser.java form validation HTTP endpoint. The underlying issue allows attackers to execute arbitrary code via CSRF, with the affected component being the GroovyPa...

8.8CVSS8.8AI score0.0121EPSS
Exploits0References1Affected Software1
AlpineLinux
AlpineLinux
added 2019/02/06 4:0 p.m.26 views

CVE-2019-1003007

A cross-site request forgery vulnerability exists in Jenkins Warnings Plugin 5.0.0 and earlier in src/main/java/hudson/plugins/warnings/GroovyParser.java that allows attackers to execute arbitrary code via a form validation HTTP endpoint...

8.8CVSS6AI score0.0121EPSS
Exploits0References2
Cvelist
Cvelist
added 2019/02/06 4:0 p.m.37 views

CVE-2019-1003007

A cross-site request forgery vulnerability exists in Jenkins Warnings Plugin 5.0.0 and earlier in src/main/java/hudson/plugins/warnings/GroovyParser.java that allows attackers to execute arbitrary code via a form validation HTTP endpoint...

8.9AI score0.0121EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2019/02/06 12:0 a.m.6 views

PT-2019-2297 · Jenkins · Jenkins Script Security Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Script Security Plugin versions 1.50 and earlier Description: The issue is related to errors in handling Groovy scripts, which can be exploited by a remote attacker to bypass the sandbox and execute arbitrary code on the Jenkins maste...

8.8CVSS9.4AI score0.19042EPSS
Exploits3References14
Prion
Prion
added 2019/01/22 2:29 p.m.22 views

Security feature bypass

A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/Converter.groovy that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP...

6.5CVSS8.9AI score0.81552EPSS
Exploits9References6Affected Software1
OSV
OSV
added 2019/01/22 2:29 p.m.31 views

CVE-2019-1003002

A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/Converter.groovy that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP...

8.8CVSS7.3AI score
Exploits0References6
Cvelist
Cvelist
added 2019/01/22 2:0 p.m.39 views

CVE-2019-1003002

A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/Converter.groovy that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP...

8.9AI score0.81552EPSS
Exploits9References6
Cvelist
Cvelist
added 2019/01/22 2:0 p.m.24 views

CVE-2019-1003001

A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins/workflow/cps/CpsFlowDefinition.java, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShellFactory.java that allows attackers with Overall/Read permission to provide a...

8.9AI score0.86224EPSS
Exploits9References6
NVD
NVD
added 2018/12/13 2:29 p.m.25 views

CVE-2018-8033

In Apache OFBiz 16.11.01 to 16.11.04, the OFBiz HTTP engine org.apache.ofbiz.service.engine.HttpEngine.java handles requests for HTTP services via the /webtools/control/httpService endpoint. Both POST and GET requests to the httpService endpoint may contain three parameters: serviceName,...

7.5CVSS7.4AI score0.25743EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/06/04 7:0 p.m.23 views

CVE-2017-16035

The hubl-server module is a wrapper for the HubL Development Server. During installation hubl-server downloads a set of dependencies from api.hubapi.com. It appears in the code that these files are downloaded over HTTPS however the api.hubapi.com endpoint redirects to a HTTP url. Because of this...

8AI score0.00732EPSS
Exploits0References1
Rows per page
Query Builder