Security
Headlines
HeadlinesLatestCVEs

Tag

#csrf

CVE-2019-11718: Security vulnerabilities fixed in Firefox 68

Activity Stream can display content from sent from the Snippet Service website. This content is written to innerHTML on the Activity Stream page without sanitization, allowing for a potential access to other information available to the Activity Stream, such as browsing history, if the Snipper Service were compromised. This vulnerability affects Firefox < 68.

CVE
#xss#csrf#vulnerability#web#android#perl#dell#firefox#ssl
CVE-2019-10346: Jenkins Security Advisory 2019-07-11

A reflected cross site scripting vulnerability in Jenkins Embeddable Build Status Plugin 2.0.1 and earlier allowed attackers inject arbitrary HTML and JavaScript into the response of this plugin.

CVE-2019-10349: Jenkins Security Advisory 2019-07-11

A stored cross site scripting vulnerability in Jenkins Dependency Graph Viewer Plugin 0.13 and earlier allowed attackers able to configure jobs in Jenkins to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins.

CVE-2019-10340: Jenkins Security Advisory 2019-07-11

A cross-site request forgery vulnerability in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

CVE-2019-5979: WooHero WooCommerce Store Customizer

Cross-site request forgery (CSRF) vulnerability in Personalized WooCommerce Cart Page 2.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.

CVE-2019-5984: Custom CSS Pro

Cross-site request forgery (CSRF) vulnerability in Custom CSS Pro 1.0.3 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.

CVE-2019-5983: WordPress Plugin ”HTML5 Maps” vulnerable to cross-site request forgery

Cross-site request forgery (CSRF) vulnerability in HTML5 Maps 1.6.5.6 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.

CVE-2019-10101: JetBrains Security Bulletin Q1 2019 | JetBrains News

JetBrains Kotlin versions before 1.3.30 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack.

CVE-2019-12181: Serv-U File Server 15.1.7 Release Notes

A privilege escalation vulnerability exists in SolarWinds Serv-U before 15.1.7 for Linux.

CVE-2018-10690: Moxa_AWK_1121/Moxa_AWK_1121 at master · samuelhuntley/Moxa_AWK_1121

An issue was discovered on Moxa AWK-3121 1.14 devices. The device by default allows HTTP traffic thus providing an insecure communication mechanism for a user connecting to the web server. This allows an attacker to sniff the traffic easily and allows an attacker to compromise sensitive data such as credentials.