Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-10-05 CVE-2017-1000093 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Poll SCM
Poll SCM Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks.
network
low complexity
jenkins CWE-352
8.8
2017-10-05 CVE-2017-1000092 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins GIT
Git Plugin connects to a user-specified Git repository as part of form validation.
network
high complexity
jenkins CWE-352
7.5
2017-10-05 CVE-2017-1000090 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Role-Based Authorization Strategy
Role-based Authorization Strategy Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks.
network
low complexity
jenkins CWE-352
8.8
2017-10-05 CVE-2017-1000086 Missing Authorization vulnerability in Jenkins Periodic Backup
The Periodic Backup Plugin did not perform any permission checks, allowing any user with Overall/Read access to change its settings, trigger backups, restore backups, download backups, and also delete all previous backups via log rotation.
network
low complexity
jenkins CWE-862
8.0
2017-10-04 CVE-2017-8048 In Cloud Foundry capi-release versions 1.33.0 and later, prior to 1.42.0 and cf-release versions 268 and later, prior to 274, the original fix for CVE-2017-8033 introduces an API regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by pushing a specially crafted application.
local
low complexity
cloudfoundry pivotal
7.8
2017-10-04 CVE-2017-1541 Improper Input Validation vulnerability in IBM AIX
A flaw in the AIX 5.3, 6.1, 7.1, and 7.2 JRE/SDK installp and updatep packages prevented the java.security, java.policy and javaws.policy files from being updated correctly.
network
low complexity
ibm CWE-20
7.3
2017-10-04 CVE-2017-15011 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in QT
The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and SugarSync, are configured for remote access and allow remote attackers to cause a denial of service (application crash) via an unspecified string.
network
low complexity
qt CWE-119
7.5
2017-10-04 CVE-2017-15010 Resource Exhaustion vulnerability in Salesforce Tough-Cookie
A ReDoS (regular expression denial of service) flaw was found in the tough-cookie module before 2.3.3 for Node.js.
network
low complexity
salesforce CWE-400
7.5
2017-10-04 CVE-2017-12820 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Sentinel LDK RTE Firmware 7.50
Arbitrary memory read from controlled memory pointer in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to remote denial of service.
network
low complexity
sentinel CWE-119
7.5
2017-10-04 CVE-2017-12818 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Sentinel LDK RTE Firmware 7.50
Stack overflow in custom XML-parser in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to remote denial of service.
network
low complexity
sentinel CWE-119
7.5