ASA-2019-00602 – Jenkins Dynatrace Application Monitoring Plugin: Cross-Site Request Forgery

Dynatrace Application Monitoring Plugin did not require POST requests on a method implementing form validation. This CSRF vulnerability allowed attackers to initiate a connection test to an attacker-specified server with attacker-specified username and password.

ASA-2019-00473 – Mikrotik RouterOS: Memory exhaustion via a crafted POST request

This vulnerability is similar to the CVE-2018-1157. An authenticated user can cause the www binary to consume all memory via a crafted POST request to /jsproxy/upload. It's because of the incomplete fix for the CVE-2018-1157.