CVE-2019-19376

In Octopus Deploy prior to 2019.10.6, an authenticated user with TeamEdit permission could send a malformed Team API request that bypassed input validation and caused an application‑level denial of service. The fix was backported to LTS 2019.9.8 and LTS 2019.6.14, addressing the issue without cha...

CVE-2019-19376

In Octopus Deploy before 2019.10.6, an authenticated user with TeamEdit permission could send a malformed Team API request that bypasses input validation and causes an application level denial of service condition. The fix for this was also backported to LTS 2019.9.8 and LTS 2019.6.14...

CVE-2019-19375

In Octopus Deploy before 2019.10.7, in a configuration where SSL offloading is enabled, the CSRF cookie was sometimes sent without the secure attribute. The fix for this was backported to LTS versions 2019.6.14 and 2019.9.8...

CVE-2019-19375

Octopus Deploy before 2019.10.7 could send the CSRF cookie without the secure attribute in configurations with SSL offloading. Root cause is the CSRF cookie not being marked secure under those conditions. The issue was addressed by backporting the fix to LTS branches 2019.6.14 and 2019.9.8, and t...

Octopus Deploy has an unspecified vulnerability (CNVD-2019-46262)

Octopus Deploy is an automation tool for .NET, Java and other application development and deployment from Octopus Deploy Australia. A security vulnerability exists in Octopus Deploy versions prior to 2019.10.7 that stems from a CSRF cookie sometimes missing the secure attribute when SSL offloadin...

NetApp ONTAP Select Deploy Code Injection Vulnerability

ONTAP Select Deploy is a management utility for deploying and managing ONTAP Select clusters. A code injection vulnerability exists in ONTAP Select Deploy. An attacker could exploit the vulnerability to enable and use privileged user accounts...

CVE-2019-5509

ONTAP Select Deploy administration utility versions 2.11.2 through 2.12.2 are susceptible to a code injection vulnerability which when successfully exploited could allow an unauthenticated remote attacker to enable and use a privileged user account...

CVE-2019-5509

ONTAP Select Deploy administration utility versions 2.11.2 through 2.12.2 are susceptible to a code injection vulnerability which when successfully exploited could allow an unauthenticated remote attacker to enable and use a privileged user account...

CVE-2019-17272

All versions of ONTAP Select Deploy administration utility are susceptible to a vulnerability which when successfully exploited could allow an administrative user to escalate their privileges...

Code injection

All versions of ONTAP Select Deploy administration utility are susceptible to a vulnerability which when successfully exploited could allow an administrative user to escalate their privileges...

Code injection

ONTAP Select Deploy administration utility versions 2.11.2 through 2.12.2 are susceptible to a code injection vulnerability which when successfully exploited could allow an unauthenticated remote attacker to enable and use a privileged user account...

CVE-2019-17272

Technical details (affected product/version, root cause, impact, or fixes) are not publicly provided in the supplied documents. Monitor for updates from vendors and CVE records.

CVE-2019-17272

All versions of ONTAP Select Deploy administration utility are susceptible to a vulnerability which when successfully exploited could allow an administrative user to escalate their privileges...

CVE-2019-5509

ONTAP Select Deploy administration utility versions 2.11.2 through 2.12.2 are susceptible to a code injection vulnerability which when successfully exploited could allow an unauthenticated remote attacker to enable and use a privileged user account...

WordPress WP Maintenance Plugin CVE-2019-19979 Cross Site Request Forgery Vulnerability

Description The WP Maintenance Plugin for WordPress is prone to a cross-site request-forgery vulnerability. An attacker can exploit this issue to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. WP Maintenance versions prior to 5.0...

Octopus Deploy Cross-Site Scripting Vulnerability (CNVD-2019-42443)

Octopus Deploy is an automation tool for .NET, Java and other application development and deployment from Octopus Deploy Australia. A cross-site scripting vulnerability exists in Octopus Server, which stems from the lack of proper validation of client-side data by the WEB application and can be...

Octopus Deploy Code Issue Vulnerability

Octopus Deploy is an automation tool for .NET, Java and other application development and deployment from Octopus Deploy Australia. A code issue vulnerability exists in Octopus Deploy, which can be exploited by an attacker with the help of a specially crafted package to disclose underlying...

The vulnerability of the Exadata Plug-In Deploy and Install sub-component, as well as the Enterprise Manager for Exadata software platform of Oracle Enterprise Manager, allows a hacker to gain full control over the application.

The vulnerability of the Exadata Plug-In Deploy and Install component of the Enterprise Manager for Exadata software from Oracle involves access control deficiencies. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain full control over the application using t...

CVE-2019-19084

In Octopus Deploy 3.3.0 through 2019.10.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted package, triggering an exception that exposes underlying operating system details...

CVE-2019-19084

In Octopus Deploy 3.3.0 through 2019.10.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted package, triggering an exception that exposes underlying operating system details...