вторник, 29 септември 2020 г.

Weekly Update: a new vulnerability is published on the National Vulnerability Database (15 items)


New vulnerabilities from the NVD: CVE-2018-1985

IBM Trusteer Rapport/Apex 3.6.1908.22 contains an unused legacy driver which could allow a user with administrator privileges to cause a buffer overflow that would result in a kernel panic. IBM X-Force ID: 154207.
Published at: August 24, 2020 at 07:15PM
View on website

August 24, 2020 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-14904

A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected.
Published at: August 26, 2020 at 06:15AM
View on website

August 26, 2020 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-18847

Enterprise Access Client Auto-Updater allows for Remote Code Execution prior to version 2.0.1.
Published at: August 26, 2020 at 05:15PM
View on website

August 26, 2020 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-4692

IBM Security Guardium Data Encryption (GDE) 3.0.0.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 171829.
Published at: August 26, 2020 at 10:15PM
View on website

August 26, 2020 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-4691

IBM Security Guardium Data Encryption (GDE) 3.0.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171828.
Published at: August 26, 2020 at 10:15PM
View on website

August 26, 2020 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-4689

IBM Security Guardium Data Encryption (GDE) 3.0.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 171826.
Published at: August 26, 2020 at 10:15PM
View on website

August 26, 2020 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-4688

IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 171825.
Published at: August 26, 2020 at 10:15PM
View on website

August 26, 2020 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-4686

IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 171822.
Published at: August 26, 2020 at 10:15PM
View on website

August 26, 2020 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-1501

IBM Security Guardium 10.5, 10.6, and 11.0 could allow an unauthorized user to obtain sensitive information due to missing security controls. IBM X-Force ID: 141226.
Published at: August 26, 2020 at 10:15PM
View on website

August 26, 2020 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-10518

A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22 and was fixed in 2.21.6, 2.20.15, and 2.19.21. The underlying issues contributing to this vulnerability were identified both internally and through the GitHub Security Bug Bounty program.
Published at: August 28, 2020 at 01:15AM
View on website

August 28, 2020 at 03:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-10517

An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to determine the names of unauthorized private repositories given their numerical IDs. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22 and was fixed in versions 2.21.6, 2.20.15, and 2.19.21. This vulnerability was reported via the GitHub Bug Bounty program.
Published at: August 28, 2020 at 01:15AM
View on website

August 28, 2020 at 03:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-4579

IBM Resilient SOAR 38 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 167236.
Published at: August 28, 2020 at 06:15PM
View on website

August 28, 2020 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-4533

IBM Resilient SOAR V38.0 users may experience a denial of service of the SOAR Platform due to a insufficient input validation. IBM X-Force ID: 165589.
Published at: August 28, 2020 at 06:15PM
View on website

August 28, 2020 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-19499

Grafana <= 6.4.3 has an Arbitrary File Read vulnerability, which could be exploited by an authenticated attacker that has privileges to modify the data source configurations.
Published at: August 28, 2020 at 06:15PM
View on website

August 28, 2020 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-18392

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Published at: August 28, 2020 at 06:15PM
View on website

August 28, 2020 at 07:36PM

via National Vulnerability Database


Няма коментари:

Публикуване на коментар