Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2019
CVE-2019-10393
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of method names in method call expressions allowed attackers to execute arbitrary code in sandboxed scripts.
CVSS Score
4.2
EPSS Score
0.002
Published
2019-09-12
CVE-2019-10394
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions on the left-hand side of assignment expressions allowed attackers to execute arbitrary code in sandboxed scripts.
CVSS Score
4.2
EPSS Score
0.002
Published
2019-09-12
CVE-2019-10395
Jenkins Build Environment Plugin 1.6 and earlier did not escape variables shown on its views, resulting in a cross-site scripting vulnerability in Jenkins 2.145, 2.138.1, or older, exploitable by users able to change various job/build properties.
CVSS Score
5.4
EPSS Score
0.001
Published
2019-09-12
CVE-2019-10396
Jenkins Dashboard View Plugin 2.11 and earlier did not escape build descriptions, resulting in a cross-site scripting vulnerability exploitable by users able to change build descriptions.
CVSS Score
5.4
EPSS Score
0.001
Published
2019-09-12
CVE-2019-10397
Jenkins Aqua Security Serverless Scanner Plugin 1.0.4 and earlier transmitted configured passwords in plain text as part of job configuration forms, potentially resulting in their exposure.
CVSS Score
3.1
EPSS Score
0.0
Published
2019-09-12
CVE-2019-10398
Jenkins Beaker Builder Plugin 1.9 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.
CVSS Score
5.5
EPSS Score
0.0
Published
2019-09-12
CVE-2019-10399
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions in increment and decrement expressions allowed attackers to execute arbitrary code in sandboxed scripts.
CVSS Score
4.2
EPSS Score
0.002
Published
2019-09-12
CVE-2019-10400
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of subexpressions in increment and decrement expressions not involving actual assignment allowed attackers to execute arbitrary code in sandboxed scripts.
CVSS Score
4.2
EPSS Score
0.002
Published
2019-09-12
CVE-2019-16256
Known exploited
Some Samsung devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location and IMEI information, or retrieve other data or execute certain commands, via SIM Toolkit (STK) instructions in an SMS message, aka Simjacker.
CVSS Score
9.8
EPSS Score
0.612
Published
2019-09-12
CVE-2019-16257
Some Motorola devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location and IMEI information, or retrieve other data or execute certain commands, via SIM Toolkit (STK) instructions in an SMS message, aka Simjacker.
CVSS Score
9.8
EPSS Score
0.008
Published
2019-09-12


Products
Pricing
Contact Us

Shodan ® - All rights reserved