CVE-2019-19375

In Octopus Deploy before 2019.10.7, in a configuration where SSL offloading is enabled, the CSRF cookie was sometimes sent without the secure attribute. The fix for this was backported to LTS versions 2019.6.14 and 2019.9.8...

CVE-2019-19376

In Octopus Deploy before 2019.10.6, an authenticated user with TeamEdit permission could send a malformed Team API request that bypasses input validation and causes an application level denial of service condition. The fix for this was also backported to LTS 2019.9.8 and LTS 2019.6.14...

CVE-2019-19376

In Octopus Deploy before 2019.10.6, an authenticated user with TeamEdit permission could send a malformed Team API request that bypasses input validation and causes an application level denial of service condition. The fix for this was also backported to LTS 2019.9.8 and LTS 2019.6.14...

Input validation

In Octopus Deploy before 2019.10.6, an authenticated user with TeamEdit permission could send a malformed Team API request that bypasses input validation and causes an application level denial of service condition. The fix for this was also backported to LTS 2019.9.8 and LTS 2019.6.14...

Cross site request forgery (csrf)

In Octopus Deploy before 2019.10.7, in a configuration where SSL offloading is enabled, the CSRF cookie was sometimes sent without the secure attribute. The fix for this was backported to LTS versions 2019.6.14 and 2019.9.8...

CVE-2019-19376

In Octopus Deploy before 2019.10.6, an authenticated user with TeamEdit permission could send a malformed Team API request that bypasses input validation and causes an application level denial of service condition. The fix for this was also backported to LTS 2019.9.8 and LTS 2019.6.14...

CVE-2019-19376

In Octopus Deploy prior to 2019.10.6, an authenticated user with TeamEdit permission could send a malformed Team API request that bypassed input validation and caused an application‑level denial of service. The fix was backported to LTS 2019.9.8 and LTS 2019.6.14, addressing the issue without cha...

CVE-2019-19375

Octopus Deploy before 2019.10.7 could send the CSRF cookie without the secure attribute in configurations with SSL offloading. Root cause is the CSRF cookie not being marked secure under those conditions. The issue was addressed by backporting the fix to LTS branches 2019.6.14 and 2019.9.8, and t...

CVE-2019-19375

In Octopus Deploy before 2019.10.7, in a configuration where SSL offloading is enabled, the CSRF cookie was sometimes sent without the secure attribute. The fix for this was backported to LTS versions 2019.6.14 and 2019.9.8...

Octopus Deploy has an unspecified vulnerability (CNVD-2019-46262)

Octopus Deploy is an automation tool for .NET, Java and other application development and deployment from Octopus Deploy Australia. A security vulnerability exists in Octopus Deploy versions prior to 2019.10.7 that stems from a CSRF cookie sometimes missing the secure attribute when SSL offloadin...

NetApp ONTAP Select Deploy Code Injection Vulnerability

ONTAP Select Deploy is a management utility for deploying and managing ONTAP Select clusters. A code injection vulnerability exists in ONTAP Select Deploy. An attacker could exploit the vulnerability to enable and use privileged user accounts...

CVE-2019-5509

ONTAP Select Deploy administration utility versions 2.11.2 through 2.12.2 are susceptible to a code injection vulnerability which when successfully exploited could allow an unauthenticated remote attacker to enable and use a privileged user account...

CVE-2019-5509

ONTAP Select Deploy administration utility versions 2.11.2 through 2.12.2 are susceptible to a code injection vulnerability which when successfully exploited could allow an unauthenticated remote attacker to enable and use a privileged user account...

CVE-2019-17272

All versions of ONTAP Select Deploy administration utility are susceptible to a vulnerability which when successfully exploited could allow an administrative user to escalate their privileges...

Code injection

ONTAP Select Deploy administration utility versions 2.11.2 through 2.12.2 are susceptible to a code injection vulnerability which when successfully exploited could allow an unauthenticated remote attacker to enable and use a privileged user account...

Code injection

All versions of ONTAP Select Deploy administration utility are susceptible to a vulnerability which when successfully exploited could allow an administrative user to escalate their privileges...

CVE-2019-17272

Technical details (affected product/version, root cause, impact, or fixes) are not publicly provided in the supplied documents. Monitor for updates from vendors and CVE records.

CVE-2019-17272

All versions of ONTAP Select Deploy administration utility are susceptible to a vulnerability which when successfully exploited could allow an administrative user to escalate their privileges...

CVE-2019-5509

ONTAP Select Deploy administration utility versions 2.11.2 through 2.12.2 are susceptible to a code injection vulnerability which when successfully exploited could allow an unauthenticated remote attacker to enable and use a privileged user account...

WordPress WP Maintenance Plugin CVE-2019-19979 Cross Site Request Forgery Vulnerability

Description The WP Maintenance Plugin for WordPress is prone to a cross-site request-forgery vulnerability. An attacker can exploit this issue to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. WP Maintenance versions prior to 5.0...