CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2019-19085
https://notcve.org/view.php?id=CVE-2019-19085
18 Nov 2019 — A persistent cross-site scripting (XSS) vulnerability in Octopus Server 3.4.0 through 2019.10.5 allows remote authenticated attackers to inject arbitrary web script or HTML. Una vulnerabilidad de tipo cross-site scripting (XSS) persistente en Octopus Server versiones 3.4.0 hasta 2019.10.5, tiene a atacantes autenticados remotos inyectar script web o HTML arbitrario. • https://github.com/OctopusDeploy/Issues/issues/5961 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-15508
https://notcve.org/view.php?id=CVE-2019-15508
23 Aug 2019 — In Octopus Tentacle versions 3.0.8 to 5.0.0, when a web request proxy is configured, an authenticated user (in certain limited OctopusPrintVariables circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 5.0.1. The fix was back-ported to 4.0.7. En las versiones 3.0.8 a 5.0.0 de Octopus Tentacle, cuando se configura un proxy de solicitud web, un usuario autenticado (en determinadas circunstancias limitadas de OctopusPrintVaria... • https://github.com/OctopusDeploy/Issues/issues/5750 • CWE-312: Cleartext Storage of Sensitive Information CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-5748
https://notcve.org/view.php?id=CVE-2019-5748
09 Jan 2019 — In Traccar Server version 4.2, protocol/SpotProtocolDecoder.java might allow XXE attacks. En la versión 4.2 de Traccar Server, protocol/SpotProtocolDecoder.java podría permitir ataques de XEE (XML External Entity). • https://github.com/traccar/traccar/commit/d7f6c53fd88635885914013649b6807ec53227bf • CWE-611: Improper Restriction of XML External Entity Reference •