CVE-2019-1003004 CVSS:0.0
An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java that allows attackers to extend the duration of active HTTP sessions indefinitely even though the user account may have been deleted in the mean time. (Last Update:2019-01-23) (Publish Update:2019-01-22)
CVE-2019-1003003 CVSS:0.0
An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java that allows attackers with Overall/RunScripts permission to craft Remember Me cookies that would never expire, allowing e.g. to persist access to temporarily compromised user accounts. (Last Update:2019-01-23) (Publish Update:2019-01-22)
CVE-2019-1003002 CVSS:0.0
A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/Converter.groovy that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM. (Last Update:2019-01-22) (Publish Update:2019-01-22)
CVE-2019-1003001 CVSS:0.0
A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins/workflow/cps/CpsFlowDefinition.java, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShellFactory.java that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM. (Last Update:2019-01-22) (Publish Update:2019-01-22)
CVE-2019-1003000 CVSS:0.0
A sandbox bypass vulnerability exists in Script Security Plugin 2.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM. (Last Update:2019-01-22) (Publish Update:2019-01-22)
CVE-2019-6780 CVSS:0.0
The Wise Chat plugin before 2.7 for WordPress mishandles external links because rendering/filters/post/WiseChatLinksPostFilter.php omits noopener and noreferrer. (Last Update:2019-01-24) (Publish Update:2019-01-24)
CVE-2019-6779 CVSS:0.0
Cscms 4.1.8 allows admin.php/links/save CSRF to add, modify, or delete friend links. (Last Update:2019-01-24) (Publish Update:2019-01-24)
CVE-2019-6777 CVSS:4.3
An issue was discovered in ZoneMinder v1.32.3. Reflected XSS exists in web/skins/classic/views/plugin.php via the zm/index.php?view=plugin pl parameter. (Last Update:2019-01-24) (Publish Update:2019-01-24)
CVE-2019-6719 CVSS:0.0
An issue has been found in libIEC61850 v1.3.1. There is a use-after-free in the getState function in mms/iso_server/iso_server.c, as demonstrated by examples/server_example_goose/server_example_goose.c and examples/server_example_61400_25/server_example_61400_25.c. (Last Update:2019-01-23) (Publish Update:2019-01-23)
CVE-2019-6713 CVSS:0.0
app\admin\controller\RouteController.php in ThinkCMF 5.0.190111 allows remote attackers to execute arbitrary PHP code by using vectors involving portal/List/index and list/:id to inject this code into data\conf\route.php, as demonstrated by a file_put_contents call. (Last Update:2019-01-23) (Publish Update:2019-01-23)
Click here for a complete list of security vulnerabilities. This vulnerability list widget is provided by www.cvedetails.com