Vulnerabilities (CVE)

CWE filter

CWE-254

Filter

589 total CVE
CVE Vendors Products Updated CVSS
CVE-2016-10894 2 Xtrlock Project, Debian 2 Xtrlock, Debian Linux 2019-10-15 2.1
xtrlock through 2.10 does not block multitouch events. Consequently, an attacker at a locked screen can send input to (and thus control) various programs such as Chromium via events such as pan scrolling, "pinch and zoom" gestures, or even...
CVE-2019-5421 1 Plataformatec 1 Devise 2019-10-09 N/A
Plataformatec Devise version 4.5.0 and earlier, using the lockable module contains a CWE-367 vulnerability in The `Devise::Models::Lockable` class, more specifically at the `#increment_failed_attempts` method. File location:...
CVE-2019-4310 1 Ibm 1 Security Guardium Big Data Intelligence 2019-10-09 5.0
IBM Security Guardium Big Data Intelligence 4.0 (SonarG) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 161036.
CVE-2019-4058 1 Ibm 1 Bigfix Platform 2019-10-09 4.0
IBM BigFix Platform 9.2 and 9.5 could allow a low-privilege user to manipulate the UI into exposing interface elements and information normally restricted to administrators. IBM X-Force ID: 156570.
CVE-2019-3808 1 Moodle 1 Moodle 2019-10-09 4.0
A flaw was found in Moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15 and earlier unsupported versions. The 'manage groups' capability did not have the 'XSS risk' flag assigned to it, but does have that access in certain...
CVE-2019-3806 1 Powerdns 1 Recursor 2019-10-09 6.8
An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua.
CVE-2019-11405 2019-10-09 5.8
OpenAPI Tools OpenAPI Generator before 4.0.0-20190419.052012-560 uses http:// URLs in various build.gradle, build.gradle.mustache, and build.sbt files, which may have caused insecurely resolved dependencies.
CVE-2019-11404 1 Arrow-kt 1 Arrow 2019-10-09 4.3
arrow-kt Arrow before 0.9.0 resolved Gradle build artifacts (for compiling and building the published JARs) over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by an MITM attack.
CVE-2019-10380 1 Jenkins 1 Simple Travis Pipeline Runner 2019-10-09 6.5
Jenkins Simple Travis Pipeline Runner Plugin 1.0 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code.
CVE-2019-10306 1 Jenkins 1 Ontrack 2019-10-09 6.5
A sandbox bypass vulnerability in Jenkins ontrack Plugin 3.4 and earlier allowed attackers with control over ontrack DSL definitions to execute arbitrary code on the Jenkins master JVM.
CVE-2019-10249 2019-10-09 6.8
All Xtext & Xtend versions prior to 2.18.0 were built using HTTP instead of HTTPS file transfer and thus the built artifacts may have been compromised.
CVE-2019-1003024 2 Jenkins, Redhat 2 Script Security, Openshift Container Platform 2019-10-09 6.5
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.52 and earlier in RejectASTTransformsCustomizer.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in...
CVE-2019-1003002 2 Jenkins, Redhat 2 Pipeline%3a Declarative, Openshift Container Platform 2019-10-09 6.5
A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/Converter.groovy that allows attackers with Overall/Read...
CVE-2019-1003001 2 Jenkins, Redhat 2 Pipeline%3a Groovy, Openshift Container Platform 2019-10-09 6.5
A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins/workflow/cps/CpsFlowDefinition.java, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShellFactory.java that allows...
CVE-2019-0048 1 Juniper 1 Junos 2019-10-09 5.0
On EX4300 Series switches with TCAM optimization enabled, incoming multicast traffic matches an implicit loopback filter rule first, since it has high priority. This rule is meant for reserved multicast addresses 224.0.0.x, but incorrectly...
CVE-2019-0041 1 Juniper 1 Junos 2019-10-09 5.0
On EX4300-MP Series devices with any lo0 filters applied, transit network traffic may reach the control plane via loopback interface (lo0). The device may fail to forward such traffic. This issue affects Juniper Networks Junos OS 18.2 versions...
CVE-2019-0036 1 Juniper 1 Junos 2019-10-09 7.5
When configuring a stateless firewall filter in Junos OS, terms named using the format "internal-n" (e.g. "internal-1", "internal-2", etc.) are silently ignored. No warning is issued during configuration, and the config is committed without...
CVE-2019-0007 1 Juniper 1 Junos 2019-10-09 7.5
The vMX Series software uses a predictable IP ID Sequence Number. This leaves the system as well as clients connecting through the device susceptible to a family of attacks which rely on the use of predictable IP ID sequence numbers as their base...
CVE-2018-6336 2019-10-09 6.8
An issue was discovered in osquery. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code...
CVE-2018-1956 1 Ibm 1 Security Identity Manager 2019-10-09 5.0
IBM Security Identity Manager 6.0.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 153628.