Vulnerabilities (CVE)

CWE filter

CWE-254

Filter

842 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-5768 4 Google, Debian, Redhat and 1 more 6 Chrome, Debian Linux, Enterprise Linux Desktop and 3 more 2019-04-18 4.3
DevTools API not correctly gating on extension capability in DevTools in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to read local files via a crafted Chrome Extension.
CVE-2019-9217 1 Gitlab 1 Gitlab 2019-04-17 7.5
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. Its User Interface has a Misrepresentation of Critical Information.
CVE-2019-0732 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2019-04-17 4.6
A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Security Feature Bypass Vulnerability'.
CVE-2019-9946 2 Kubernetes, Netapp 2 Kubernetes, Cloud Insights 2019-04-16 5.0
Cloud Native Computing Foundation (CNCF) CNI (Container Networking Interface) 0.7.4 has a network firewall misconfiguration which affects Kubernetes. The CNI 'portmap' plugin, used to setup HostPorts for CNI, inserts rules at the front of the...
CVE-2019-0036 1 Juniper 1 Junos 2019-04-16 7.5
When configuring a stateless firewall filter in Junos OS, terms named using the format "internal-n" (e.g. "internal-1", "internal-2", etc.) are silently ignored. No warning is issued during configuration, and the config is committed without...
CVE-2019-1003041 1 Jenkins 1 Pipeline%3a Groovy 2019-04-16 7.5
A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2.64 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts.
CVE-2018-8014 4 Apache, Canonical, Netapp and 1 more 7 Tomcat, Ubuntu Linux, Oncommand Insight and 4 more 2019-04-15 7.5
The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS...
CVE-2018-1304 5 Apache, Redhat, Debian and 2 more 8 Tomcat, Jboss Enterprise Web Server, Debian Linux and 5 more 2019-04-15 4.3
The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint...
CVE-2017-5664 1 Apache 1 Tomcat 2019-04-15 5.0
The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the...
CVE-2016-6796 1 Apache 1 Tomcat 2019-04-15 5.0
A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters...
CVE-2016-5018 1 Apache 1 Tomcat 2019-04-15 5.0
In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web...
CVE-2019-9202 1 Nagios 1 Incident Manager 2019-04-15 6.5
Nagios IM (component of Nagios XI) before 2.2.7 allows authenticated users to execute arbitrary code via API key issues.
CVE-2019-6156 1 Lenovo 101 510-15ikl Firmware, 510s-08ikl Firmware, 530s-07icb Firmware and 98 more 2019-04-12 2.1
In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). Lenovo was notified that after...
CVE-2019-9658 1 Checkstyle 1 Checkstyle 2019-04-12 5.0
Checkstyle before 8.18 loads external DTDs by default.
CVE-2019-0041 1 Juniper 1 Junos 2019-04-11 5.0
On EX4300-MP Series devices with any lo0 filters applied, transit network traffic may reach the control plane via loopback interface (lo0). The device may fail to forward such traffic. This issue affects Juniper Networks Junos OS 18.2 versions...
CVE-2019-11065 2019-04-11 4.3
Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. Dependency artifacts could have been maliciously compromised by a MITM attack against the...
CVE-2019-1003034 1 Jenkins 1 Job Dsl 2019-04-10 6.5
A sandbox bypass vulnerability exists in Jenkins Job DSL Plugin 1.71 and earlier in job-dsl-core/src/main/groovy/javaposse/jobdsl/dsl/AbstractDslScriptLoader.groovy, job-dsl-plugin/build.gradle,...
CVE-2019-1003031 1 Jenkins 1 Matrix Project 2019-04-10 6.5
A sandbox bypass vulnerability exists in Jenkins Matrix Project Plugin 1.13 and earlier in pom.xml, src/main/java/hudson/matrix/FilterScript.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM.
CVE-2019-1003030 1 Jenkins 1 Pipeline%3a Groovy 2019-04-10 6.5
A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShell.java that allows attackers able to control pipeline scripts to execute arbitrary...
CVE-2019-1003029 1 Jenkins 1 Script Security 2019-04-10 6.5
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java,...