Security
Headlines
HeadlinesLatestCVEs

Tag

#csrf

CVE-2019-19142: Hack ‘N’ Routers - Vulnerabilidades comuns em roteadores domésticos - [PT-BR]

Intelbras WRN240 devices do not require authentication to replace the firmware via a POST request to the incoming/Firmware.cfg URI.

CVE
#xss#csrf#vulnerability#ios#android#java#intel#auth#xiaomi#wifi
CVE-2020-2094: Jenkins Security Advisory 2020-01-15

A missing permission check in Jenkins Health Advisor by CloudBees Plugin 3.0 and earlier allows attackers with Overall/Read permission to send a fixed email to an attacker-specific recipient.

CVE-2020-2091: Jenkins Security Advisory 2020-01-15

A missing permission check in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method.

CVE-2020-2096: Jenkins Security Advisory 2020-01-15

Jenkins Gitlab Hook Plugin 1.4.2 and earlier does not escape project names in the build_now endpoint, resulting in a reflected XSS vulnerability.

CVE-2019-12273

** DISPUTED ** OutSystems Platform 10 through 11 allows ImageResourceDetail.aspx CSRF for content modifications and file uploads. NOTE: The product is self-hosted by the customer, even though it has a *.outsystemsenterprise.com domain name.) NOTE: The vendor claims that the independent researcher created the report without any type of validation and that no such vulnerability exists.

CVE-2019-19833: Comparing v2.1.9...v2.1.10-beta · Tautulli/Tautulli

In Tautulli 2.1.9, CSRF in the /shutdown URI allows an attacker to shut down the remote media server. (Also, anonymous access can be achieved in applications that do not have a user login area).

CVE-2019-16564: Jenkins Security Advisory 2019-12-17

Jenkins Pipeline Aggregator View Plugin 1.8 and earlier does not escape information shown on its view, resulting in a stored XSS vulnerability exploitable by attackers able to affects view content such as job display name or pipeline stage names.

CVE-2019-16562: Jenkins Security Advisory 2019-12-17

Jenkins buildgraph-view Plugin 1.8 and earlier does not escape the description of builds shown in its view, resulting in a stored XSS vulnerability exploitable by users able to change build descriptions.

CVE-2019-16563: Jenkins Security Advisory 2019-12-17

Jenkins Mission Control Plugin 0.9.16 and earlier does not escape job display names and build names shown on its view, resulting in a stored XSS vulnerability exploitable by attackers able to change these properties.

CVE-2014-0197: Invalid Bug ID

CVE-2014-0197 CFME: CSRF protection vulnerability in referrer header