CVE-2019-1003040
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts.
Source: CVE-2019-1003040
[월:] 2019년 03월
CVE-2019-1003042
CVE-2019-1003042
A cross site scripting vulnerability in Jenkins Lockable Resources Plugin 2.4 and earlier allows attackers able to control resource names to inject arbitrary JavaScript in web pages rendered by the plugin.
Source: CVE-2019-1003042
CVE-2019-1003043
CVE-2019-1003043
A missing permission check in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Source: CVE-2019-1003043
CVE-2019-3710
CVE-2019-3710
Dell Networking OS10 has been updated to address a vulnerability which may be potentially exploited to compromise the system.
Source: CVE-2019-3710
CVE-2019-1003044
CVE-2019-1003044
A cross-site request forgery vulnerability in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Source: CVE-2019-1003044
CVE-2019-1003045
CVE-2019-1003045
A vulnerability in Jenkins ECS Publisher Plugin 1.0.0 and earlier allows attackers with Item/Extended Read permission, or local file system access to the Jenkins home directory to obtain the API token configured in this plugin’s configuration.
Source: CVE-2019-1003045
CVE-2019-1003046
CVE-2019-1003046
A cross-site request forgery vulnerability in Jenkins Fortify on Demand Uploader Plugin 3.0.10 and earlier allows attackers to initiate a connection to an attacker-specified server.
Source: CVE-2019-1003046
CVE-2019-1003047
CVE-2019-1003047
A missing permission check in Jenkins Fortify on Demand Uploader Plugin 3.0.10 and earlier allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.
Source: CVE-2019-1003047
CVE-2019-7251
CVE-2019-7251
An Integer Signedness issue (for a return code) in the res_pjsip_sdp_rtp module in Digium Asterisk versions 15.7.1 and earlier and 16.1.1 and earlier allows remote authenticated users to crash Asterisk via a specially crafted SDP protocol violation.
Source: CVE-2019-7251
CVE-2019-5737
CVE-2019-5737
An attacker can cause a Denial of Service (DoS) by establishing an HTTP or HTTPS connection in keep-alive mode and by sending headers very slowly thereby keeping the connection and associated resources alive for a long period of time. Attack potential is mitigated by the use of a load balancer or other proxy layer. This vulnerability is an extension of CVE-2018-12121, addressed in November and impacts all active release lines including 6, 8, 10 and 11.
Source: CVE-2019-5737