3.11

DATE	CVE	VULNERABILITY TITLE	RISK
2019-03-28	CVE-2019-1003041	Unsafe Reflection vulnerability in multiple products A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2.64 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts. network low complexity jenkins redhat CWE-470 critical	9.8
2019-03-28	CVE-2019-1003040	Unsafe Reflection vulnerability in multiple products A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts. network low complexity jenkins redhat CWE-470 critical	9.8
2019-03-26	CVE-2019-3826	A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. network low complexity prometheus redhat	6.1
2019-03-25	CVE-2019-7609	Code Injection vulnerability in multiple products Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. network low complexity elastic redhat CWE-94 critical	10.0
2019-03-21	CVE-2019-7221	Use After Free vulnerability in multiple products The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free. local low complexity linux opensuse fedoraproject debian canonical netapp redhat CWE-416	7.8
2019-03-21	CVE-2018-20615	Out-of-bounds Read vulnerability in multiple products An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can result in a crash. network low complexity haproxy opensuse canonical redhat CWE-125	7.5
2019-03-21	CVE-2018-12023	Deserialization of Untrusted Data vulnerability in multiple products An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. network high complexity fasterxml debian fedoraproject oracle redhat CWE-502	7.5
2019-03-21	CVE-2018-12022	Deserialization of Untrusted Data vulnerability in multiple products An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. network high complexity fasterxml debian fedoraproject oracle redhat CWE-502	7.5
2019-03-08	CVE-2019-9636	Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. network low complexity python fedoraproject opensuse debian canonical redhat oracle critical	9.8
2019-03-08	CVE-2019-1003034	A sandbox bypass vulnerability exists in Jenkins Job DSL Plugin 1.71 and earlier in job-dsl-core/src/main/groovy/javaposse/jobdsl/dsl/AbstractDslScriptLoader.groovy, job-dsl-plugin/build.gradle, job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/JobDslWhitelist.groovy, job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/SandboxDslScriptLoader.groovy that allows attackers with control over Job DSL definitions to execute arbitrary code on the Jenkins master JVM. network low complexity jenkins redhat critical	9.9