Total
8119 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-10057 | 1 Lexmark | 50 Cs31x, Cs31x Firmware, Cs41x and 47 more | 2024-11-21 | N/A |
| Various Lexmark products have CSRF. | ||||
| CVE-2019-1010112 | 1 Phpcoo | 1 Oecms | 2024-11-21 | N/A |
| OECMS v4.3.R60321 and v4.3 later is affected by: Cross Site Request Forgery (CSRF). The impact is: The victim clicks on adding an administrator account. The component is: admincp.php. The attack vector is: network connectivity. The fixed version is: v4.3. | ||||
| CVE-2019-1010096 | 1 Domainmod | 1 Domainmod | 2024-11-21 | N/A |
| DomainMOD v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can change the read-only user to admin. The component is: admin/users/edit.php?uid=2. The attack vector is: After the administrator logged in, open the html page. | ||||
| CVE-2019-1010095 | 1 Domainmod | 1 Domainmod | 2024-11-21 | N/A |
| DomainMOD v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can add the administrator account. The component is: admin/users/add.php. The attack vector is: After the administrator logged in, open the html page. | ||||
| CVE-2019-1010094 | 1 Domainmod | 1 Domainmod | 2024-11-21 | N/A |
| domainmod v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can change admin password. The component is: http://127.0.0.1/settings/password/ http://127.0.0.1/admin/users/add.php http://127.0.0.1/admin/users/edit.php?uid=2. The attack vector is: After the administrator logged in, open the html page. | ||||
| CVE-2019-1010054 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | N/A |
| Dolibarr 7.0.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: allow malitious html to change user password, disable users and disable password encryptation. The component is: Function User password change, user disable and password encryptation. The attack vector is: admin access malitious urls. | ||||
| CVE-2019-1003098 | 1 Jenkins | 1 Openid | 2024-11-21 | N/A |
| A cross-site request forgery vulnerability in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpl#doValidate form validation method allows attackers to initiate a connection to an attacker-specified server. | ||||
| CVE-2019-1003092 | 1 Jenkins | 1 Nomad | 2024-11-21 | N/A |
| A cross-site request forgery vulnerability in Jenkins Nomad Plugin in the NomadCloud.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server. | ||||
| CVE-2019-1003090 | 1 Jenkins | 1 Soasta Cloudtest | 2024-11-21 | N/A |
| A cross-site request forgery vulnerability in Jenkins SOASTA CloudTest Plugin in the CloudTestServer.DescriptorImpl#doValidate form validation method allows attackers to initiate a connection to an attacker-specified server. | ||||
| CVE-2019-1003086 | 1 Jenkins | 1 Chef Sinatra | 2024-11-21 | N/A |
| A cross-site request forgery vulnerability in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server. | ||||
| CVE-2019-1003084 | 1 Jenkins | 1 Zephyr Enterprise Test Management | 2024-11-21 | N/A |
| A cross-site request forgery vulnerability in Jenkins Zephyr Enterprise Test Management Plugin in the ZeeDescriptor#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server. | ||||
| CVE-2019-1003082 | 1 Jenkins | 1 Gearman | 2024-11-21 | N/A |
| A cross-site request forgery vulnerability in Jenkins Gearman Plugin in the GearmanPluginConfig#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server. | ||||
| CVE-2019-1003080 | 1 Jenkins | 1 Openshift Deployer | 2024-11-21 | N/A |
| A cross-site request forgery vulnerability in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptor#doCheckLogin form validation method allows attackers to initiate a connection to an attacker-specified server. | ||||
| CVE-2019-1003078 | 1 Jenkins | 1 Vmware Lab Manager Slaves | 2024-11-21 | N/A |
| A cross-site request forgery vulnerability in Jenkins VMware Lab Manager Slaves Plugin in the LabManager.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server. | ||||
| CVE-2019-1003076 | 1 Jenkins | 1 Audit To Database | 2024-11-21 | N/A |
| A cross-site request forgery vulnerability in Jenkins Audit to Database Plugin in the DbAuditPublisherDescriptorImpl#doTestJdbcConnection form validation method allows attackers to initiate a connection to an attacker-specified server. | ||||
| CVE-2019-1003058 | 1 Jenkins | 1 Ftp Publisher | 2024-11-21 | N/A |
| A cross-site request forgery vulnerability in Jenkins FTP publisher Plugin in the FTPPublisher.DescriptorImpl#doLoginCheck method allows attackers to initiate a connection to an attacker-specified server. | ||||
| CVE-2019-1003046 | 1 Jenkins | 1 Fortify On Demand Uploader | 2024-11-21 | N/A |
| A cross-site request forgery vulnerability in Jenkins Fortify on Demand Uploader Plugin 3.0.10 and earlier allows attackers to initiate a connection to an attacker-specified server. | ||||
| CVE-2019-1003044 | 1 Jenkins | 1 Slack Notification | 2024-11-21 | N/A |
| A cross-site request forgery vulnerability in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2019-1003022 | 1 Jenkins | 1 Monitoring | 2024-11-21 | N/A |
| A denial of service vulnerability exists in Jenkins Monitoring Plugin 1.74.0 and earlier in PluginImpl.java that allows attackers to kill threads running on the Jenkins master. | ||||
| CVE-2019-1003017 | 1 Jenkins | 1 Job Import | 2024-11-21 | N/A |
| A data modification vulnerability exists in Jenkins Job Import Plugin 3.0 and earlier in JobImportAction.java that allows attackers to copy jobs from a preconfigured other Jenkins instance, potentially installing additional plugins necessary to load the imported job's configuration. | ||||