High

DATE	CVE	VULNERABILITY TITLE	RISK
2019-01-28	CVE-2018-16889	Information Exposure Through Log Files vulnerability in Redhat Ceph Ceph does not properly sanitize encryption keys in debug logging for v4 auth. network low complexity redhat CWE-532	7.5
2019-01-25	CVE-2018-16881	Integer Overflow or Wraparound vulnerability in multiple products A denial of service vulnerability was found in rsyslog in the imptcp module. network low complexity rsyslog redhat debian CWE-190	7.5
2019-01-22	CVE-2019-1003004	An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java that allows attackers to extend the duration of active HTTP sessions indefinitely even though the user account may have been deleted in the mean time. network low complexity jenkins redhat	7.2
2019-01-22	CVE-2019-1003003	An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java that allows attackers with Overall/RunScripts permission to craft Remember Me cookies that would never expire, allowing e.g. network low complexity jenkins redhat	7.2
2019-01-22	CVE-2019-1003002	A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/Converter.groovy that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM. network low complexity jenkins redhat	8.8
2019-01-22	CVE-2019-1003001	A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins/workflow/cps/CpsFlowDefinition.java, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShellFactory.java that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM. network low complexity jenkins redhat	8.8
2019-01-22	CVE-2019-1003000	A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM. network low complexity jenkins redhat	8.8
2019-01-16	CVE-2017-3145	Use After Free vulnerability in multiple products BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. network low complexity isc redhat debian netapp juniper CWE-416	7.5
2019-01-16	CVE-2019-2534	Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). network low complexity oracle canonical netapp redhat	7.1
2019-01-14	CVE-2018-16886	Improper Authentication vulnerability in multiple products etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. network high complexity etcd redhat fedoraproject CWE-287	8.1