Total
6084 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-16752 | 3 Dash, Officialdapscoin, Pivx | 3 Dash Core, Decentralized Anonymous Payment System, Private Instant Verified Transactions | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Decentralized Anonymous Payment System (DAPS) through 2019-08-26. It is possible to force wallets to send HTTP requests to arbitrary locations, both on the local network and on the internet. This is a serious threat to user privacy, since it can possibly leak their IP address and the fact that they are using the product. This also affects Dash Core through 0.14.0.3 and Private Instant Verified Transactions (PIVX) through 3.4.0. | |||||
| CVE-2019-16721 | 1 5none | 1 Nonecms | 2024-11-21 | 5.8 MEDIUM | 6.5 MEDIUM |
| NoneCMS v1.3 has CSRF in public/index.php/admin/admin/dele.html, as demonstrated by deleting the admin user. | |||||
| CVE-2019-16719 | 1 Wtcms Project | 1 Wtcms | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| WTCMS 1.0 allows index.php?g=admin&m=index&a=index CSRF with resultant XSS. | |||||
| CVE-2019-16706 | 1 Kkcms Project | 1 Kkcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| kkcms v1.3 has a CSRF vulnerablity that can add an user account via admin/cms_user_add.php. | |||||
| CVE-2019-16678 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| admin/urlrule/add.html in YzmCMS 5.3 allows CSRF with a resultant denial of service by adding a superseding route. | |||||
| CVE-2019-16677 | 1 Idreamsoft | 1 Icms | 2024-11-21 | 5.8 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in idreamsoft iCMS V7.0. admincp.php?app=members&do=del allows CSRF. | |||||
| CVE-2019-16667 | 1 Netgate | 1 Pfsense | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| diag_command.php in pfSense 2.4.4-p3 allows CSRF via the txtCommand or txtRecallBuffer field, as demonstrated by executing OS commands. This occurs because csrf_callback() produces a "CSRF token expired" error and a Try Again button when a CSRF token is missing. | |||||
| CVE-2019-16660 | 1 Joyplus Project | 1 Joyplus | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| joyplus-cms 1.6.0 has admin_ajax.php?action=savexml&tab=vodplay CSRF. | |||||
| CVE-2019-16659 | 1 Tuzicms | 1 Tuzicms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| TuziCMS 2.0.6 has index.php/manage/link/do_add CSRF. | |||||
| CVE-2019-16658 | 1 Tuzicms | 1 Tuzicms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| TuziCMS 2.0.6 has index.php/manage/notice/do_add CSRF. | |||||
| CVE-2019-16575 | 1 Jenkins | 1 Alauda Kubernetes Support | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery vulnerability in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing the Kubernetes service account token or credentials stored in Jenkins. | |||||
| CVE-2019-16573 | 1 Jenkins | 1 Alauda Devops Pipeline | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery vulnerability in Jenkins Alauda DevOps Pipeline Plugin 2.3.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2019-16570 | 1 Jenkins | 1 Rapiddeploy | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery vulnerability in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers to connect to an attacker-specified web server. | |||||
| CVE-2019-16569 | 1 Jenkins | 1 Mantis | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins Mantis Plugin 0.26 and earlier allows attackers to connect to an attacker-specified web server using attacker-specified credentials. | |||||
| CVE-2019-16565 | 1 Jenkins | 1 Team Concert | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery vulnerability in Jenkins Team Concert Plugin 1.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2019-16560 | 1 Jenkins | 1 Websphere Deployer | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery vulnerability in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers to perform connection tests and determine whether files with an attacker-specified path exist on the Jenkins master file system. | |||||
| CVE-2019-16553 | 1 Jenkins | 1 Build Failure Analyzer | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery vulnerability in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers to have Jenkins evaluate a computationally expensive regular expression. | |||||
| CVE-2019-16551 | 1 Jenkins | 1 Gerrit Trigger | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery vulnerability in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials. | |||||
| CVE-2019-16550 | 1 Jenkins | 1 Maven | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents. | |||||
| CVE-2019-16548 | 1 Jenkins | 1 Google Compute Engine | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery vulnerability in Jenkins Google Compute Engine Plugin 4.1.1 and earlier in ComputeEngineCloud#doProvision could be used to provision new agents. | |||||