CVE-2019-17272

All versions of ONTAP Select Deploy administration utility are susceptible to a vulnerability which when successfully exploited could allow an administrative user to escalate their privileges...

CVE-2019-5509

ONTAP Select Deploy administration utility versions 2.11.2 through 2.12.2 are susceptible to a code injection vulnerability which when successfully exploited could allow an unauthenticated remote attacker to enable and use a privileged user account...

WordPress WP Maintenance Plugin CVE-2019-19979 Cross Site Request Forgery Vulnerability

Description The WP Maintenance Plugin for WordPress is prone to a cross-site request-forgery vulnerability. An attacker can exploit this issue to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. WP Maintenance versions prior to 5.0...

Octopus Deploy Code Issue Vulnerability

Octopus Deploy is an automation tool for .NET, Java and other application development and deployment from Octopus Deploy Australia. A code issue vulnerability exists in Octopus Deploy, which can be exploited by an attacker with the help of a specially crafted package to disclose underlying...

Octopus Deploy Cross-Site Scripting Vulnerability (CNVD-2019-42443)

Octopus Deploy is an automation tool for .NET, Java and other application development and deployment from Octopus Deploy Australia. A cross-site scripting vulnerability exists in Octopus Server, which stems from the lack of proper validation of client-side data by the WEB application and can be...

The vulnerability of the Exadata Plug-In Deploy and Install sub-component, as well as the Enterprise Manager for Exadata software platform of Oracle Enterprise Manager, allows a hacker to gain full control over the application.

The vulnerability of the Exadata Plug-In Deploy and Install component of the Enterprise Manager for Exadata software from Oracle involves access control deficiencies. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain full control over the application using t...

CVE-2019-19084

In Octopus Deploy 3.3.0 through 2019.10.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted package, triggering an exception that exposes underlying operating system details...

CVE-2019-19084

In Octopus Deploy 3.3.0 through 2019.10.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted package, triggering an exception that exposes underlying operating system details...

Design/Logic Flaw

In Octopus Deploy 3.3.0 through 2019.10.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted package, triggering an exception that exposes underlying operating system details...

CVE-2019-19084

CVE-2019-19084 affects Octopus Deploy server (versions 3.3.0–2019.10.4). An authenticated user with PackagePush permission can upload a specially crafted package, triggering an exception that reveals underlying operating system details. Consequences are exposure of OS information via error handli...

CVE-2019-19084

In Octopus Deploy 3.3.0 through 2019.10.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted package, triggering an exception that exposes underlying operating system details...

IBM UrbanCode Deploy File Download Vulnerability

IBM UrbanCode Deploy UCD is a set of application automation deployment tools from IBM in the United States. The tool is based on an application deployment automation management information model, and through remote agent technology, to realize the complex application in different environments, su...

IBM UrbanCode Deploy CVE-2019-4490 Security Bypass Vulnerability

Description IBM UrbanCode Deploy is prone to a security-bypass vulnerability. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. IBM UrbanCode Deploy versions 6.2.7 through 7.0.3 are vulnerable. Technologies Affected...

CVE-2019-10464

A cross-site request forgery vulnerability in Jenkins Deploy WebLogic Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials, or determine whether a file or directory with an attacker-specified path exists on the Jenkins master file system...

CVE-2019-10465

A missing permission check in Jenkins Deploy WebLogic Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials, or determine whether a file or directory with an attacker-specified path exists on the Jenkins master file syste...

Cross site request forgery (csrf)

A cross-site request forgery vulnerability in Jenkins Deploy WebLogic Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials, or determine whether a file or directory with an attacker-specified path exists on the Jenkins master file system...

CVE-2019-10465

A missing permission check in Jenkins Deploy WebLogic Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials, or determine whether a file or directory with an attacker-specified path exists on the Jenkins master file syste...

CVE-2019-10464

The CVE-2019-10464 entry concerns a cross-site request forgery in the Jenkins Deploy WebLogic Plugin. The underlying issue: the plugin does not perform permission checks in a form validation method and does not require POST for that validation, allowing authenticated Jenkins users (with Overall/R...

CVE-2019-10465

CVE-2019-10465 affects the Jenkins Deploy WebLogic Plugin. The vulnerability is a missing permission check that allows users with Overall/Read access to connect to an attacker‑specified URL using attacker‑specified credentials or to probe for the existence of files/dirs on the Jenkins master file...

OpenAFS CVE-2019-18602 Information Disclosure Vulnerability

Description OpenAFS is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks. The following versions are affected: OpenAFS 1.0 through 1.6.23 OpenAFS 1.8.0 through 1.8.4 Technologies Affected OpenAFS...