Design/Logic Flaw

In Octopus Deploy 3.3.0 through 2019.10.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted package, triggering an exception that exposes underlying operating system details...

CVE-2019-19084

In Octopus Deploy 3.3.0 through 2019.10.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted package, triggering an exception that exposes underlying operating system details...

CVE-2019-19084

CVE-2019-19084 affects Octopus Deploy server (versions 3.3.0–2019.10.4). An authenticated user with PackagePush permission can upload a specially crafted package, triggering an exception that reveals underlying operating system details. Consequences are exposure of OS information via error handli...

IBM UrbanCode Deploy File Download Vulnerability

IBM UrbanCode Deploy UCD is a set of application automation deployment tools from IBM in the United States. The tool is based on an application deployment automation management information model, and through remote agent technology, to realize the complex application in different environments, su...

IBM UrbanCode Deploy CVE-2019-4490 Security Bypass Vulnerability

Description IBM UrbanCode Deploy is prone to a security-bypass vulnerability. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. IBM UrbanCode Deploy versions 6.2.7 through 7.0.3 are vulnerable. Technologies Affected...

CVE-2019-10464

A cross-site request forgery vulnerability in Jenkins Deploy WebLogic Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials, or determine whether a file or directory with an attacker-specified path exists on the Jenkins master file system...

CVE-2019-10465

A missing permission check in Jenkins Deploy WebLogic Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials, or determine whether a file or directory with an attacker-specified path exists on the Jenkins master file syste...

Cross site request forgery (csrf)

A cross-site request forgery vulnerability in Jenkins Deploy WebLogic Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials, or determine whether a file or directory with an attacker-specified path exists on the Jenkins master file system...

CVE-2019-10465

CVE-2019-10465 affects the Jenkins Deploy WebLogic Plugin. The vulnerability is a missing permission check that allows users with Overall/Read access to connect to an attacker‑specified URL using attacker‑specified credentials or to probe for the existence of files/dirs on the Jenkins master file...

CVE-2019-10464

The CVE-2019-10464 entry concerns a cross-site request forgery in the Jenkins Deploy WebLogic Plugin. The underlying issue: the plugin does not perform permission checks in a form validation method and does not require POST for that validation, allowing authenticated Jenkins users (with Overall/R...

CVE-2019-10465

A missing permission check in Jenkins Deploy WebLogic Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials, or determine whether a file or directory with an attacker-specified path exists on the Jenkins master file syste...

OpenAFS CVE-2019-18602 Information Disclosure Vulnerability

Description OpenAFS is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks. The following versions are affected: OpenAFS 1.0 through 1.6.23 OpenAFS 1.8.0 through 1.8.4 Technologies Affected OpenAFS...

Code injection

Vulnerability in the Enterprise Manager for Exadata product of Oracle Enterprise Manager component: Exadata Plug-In Deploy and Ins. Supported versions that are affected are 12.1.0.5.0, 13.2.2.0.0, 13.3.1.0.0 and 13.3.2.0.0. Difficult to exploit vulnerability allows low privileged attacker with...

CloudBees Jenkins Serena SRA Deploy Plugin Trust Management Issue Vulnerability

CloudBees Jenkins Hudson Labs is a suite of Java-based continuous integration tools from the US-based CloudBees. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks.Serena SRA Deploy Plugin is used in which a plug-in for the deployme...

Oracle Enterprise Manager CVE-2019-2895 Remote Security Vulnerability

Description Oracle Enterprise Manager is prone to a remote security vulnerability in Enterprise Manager for Exadata. The vulnerability can be exploited over the 'HTTP' protocol. The 'Exadata Plug-In Deploy and Ins' component is affected. This vulnerability affects the following supported versions...

Juniper Junos CVE-2019-0050 Denial of Service Vulnerability

Description Juniper Junos is prone to a denial-of-service vulnerability. An attacker may exploit this issue to cause denial-of-service conditions. Technologies Affected Juniper Junos 15.1X49 Juniper Junos 15.1X49-D10 Juniper Junos 15.1X49-D100 Juniper Junos 15.1X49-D101 Juniper Junos 15.1X49-D110...

Microsoft Windows NTLM CVE-2019-1338 Security Bypass Vulnerability

Description Microsoft Windows is prone to a security bypass vulnerability. Successfully exploiting this issue may allow attackers to bypass certain security restrictions and perform unauthorized actions by conducting a man-in-the-middle attack. This may lead to other attacks. Technologies Affecte...

Palo Alto Networks Zingbox Inspector CVE-2019-15023 Information Disclosure Vulnerability

Description Palo Alto Networks Zingbox Inspector is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Versions prior to Zingbox Inspector 1.295 are vulnerable. Technologies Affected Paloaltonetworks...

NetApp ONTAP Select Deploy Remote Command Execution Vulnerability

ONTAP Select Deploy is a management utility for deploying and managing ONTAP Select clusters. A remote command execution vulnerability exists in ONTAP Select Deploy 2.12, 2.12.1. An attacker could exploit this vulnerability to perform administrative operations...

NetApp ONTAP Select Deploy Information Disclosure Vulnerability (CNVD-2019-43849)

ONTAP Select Deploy is a management utility for deploying and managing ONTAP Select clusters. An information disclosure vulnerability exists in ONTAP Select Deploy. The vulnerability stems from the product transmitting credentials in plain text. An attacker could exploit this vulnerability to...