CVE-2024-34144

CRITICAL Year: 2024
CVSS v3 Score
9.8
Critical
Weakness Type
CWE-693
View all →

Vulnerability Description

A sandbox bypass vulnerability involving crafted constructor bodies in Jenkins Script Security Plugin 1335.vf07d9ce377a_e and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.

Related Vulnerabilities

CVE-2013-2465

CRITICAL
CVSS:9.8(Critical)

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remot...

CWE-6932013

CVE-2017-3197

CRITICAL
CVSS:9.8(Critical)

GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 (version F6) and GB-BXi7-5775 (version F2) platforms does not securely implement BIOSWE, BLE, SMM_BWP, and PRx features. As a result, the BIOS is not ...

CWE-6932017

CVE-2017-8864

CRITICAL
CVSS:9.8(Critical)

Client-side enforcement using JavaScript of server-side security options on the Cohu 3960HD allows an attacker to manipulate options sent to the camera and cause malfunction or code execution, as demo...

CWE-6932017

CVE-2018-9311

CRITICAL
CVSS:9.8(Critical)

The Telematics Control Unit (aka Telematic Communication Box or TCB), when present on BMW vehicles produced in 2012 through 2018, allows a remote attack via a cellular network.

CWE-6932018

CVE-2018-9318

CRITICAL
CVSS:9.8(Critical)

The Telematics Control Unit (aka Telematic Communication Box or TCB), when present on BMW vehicles produced in 2012 through 2018, allows a remote attack via a cellular network.

CWE-6932018

CVE-2021-27497

CRITICAL
CVSS:9.8(Critical)

Philips Vue PACS versions 12.2.x.x and prior does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

CWE-6932021