Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-05 | CVE-2017-1000093 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Poll SCM Poll SCM Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. | 8.8 |
| 2017-10-05 | CVE-2017-1000092 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins GIT Git Plugin connects to a user-specified Git repository as part of form validation. | 7.5 |
| 2017-10-05 | CVE-2017-1000090 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Role-Based Authorization Strategy Role-based Authorization Strategy Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. | 8.8 |
| 2017-10-05 | CVE-2017-1000086 | Missing Authorization vulnerability in Jenkins Periodic Backup The Periodic Backup Plugin did not perform any permission checks, allowing any user with Overall/Read access to change its settings, trigger backups, restore backups, download backups, and also delete all previous backups via log rotation. | 8.0 |
| 2017-10-04 | CVE-2017-8048 | In Cloud Foundry capi-release versions 1.33.0 and later, prior to 1.42.0 and cf-release versions 268 and later, prior to 274, the original fix for CVE-2017-8033 introduces an API regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by pushing a specially crafted application. | 7.8 |
| 2017-10-04 | CVE-2017-1541 | Improper Input Validation vulnerability in IBM AIX A flaw in the AIX 5.3, 6.1, 7.1, and 7.2 JRE/SDK installp and updatep packages prevented the java.security, java.policy and javaws.policy files from being updated correctly. | 7.3 |
| 2017-10-04 | CVE-2017-15011 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in QT The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and SugarSync, are configured for remote access and allow remote attackers to cause a denial of service (application crash) via an unspecified string. | 7.5 |
| 2017-10-04 | CVE-2017-15010 | Resource Exhaustion vulnerability in Salesforce Tough-Cookie A ReDoS (regular expression denial of service) flaw was found in the tough-cookie module before 2.3.3 for Node.js. | 7.5 |
| 2017-10-04 | CVE-2017-12820 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Sentinel LDK RTE Firmware 7.50 Arbitrary memory read from controlled memory pointer in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to remote denial of service. | 7.5 |
| 2017-10-04 | CVE-2017-12818 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Sentinel LDK RTE Firmware 7.50 Stack overflow in custom XML-parser in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to remote denial of service. | 7.5 |