сряда, 27 февруари 2019 г.

Weekly Update: a new vulnerability is published on the National Vulnerability Database (6 items)


New vulnerabilities from the NVD: CVE-2016-10742

Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x before 3.2.10rc1, and 3.3.x and 3.4.x before 3.4.4rc1 allows open redirect via the request parameter.
Published at: February 17, 2019 at 06:29PM
View on website

February 17, 2019 at 08:44PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-15380

A vulnerability in the cluster service manager of Cisco HyperFlex Software could allow an unauthenticated, adjacent attacker to execute commands as the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by connecting to the cluster service manager and injecting commands into the bound process. A successful exploit could allow the attacker to run commands on the affected host as the root user. This vulnerability affects Cisco HyperFlex Software releases prior to 3.5(2a).
Published at: February 21, 2019 at 01:29AM
View on website

February 21, 2019 at 04:57AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2013-7469

Seafile through 6.2.11 always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks.
Published at: February 21, 2019 at 05:29AM
View on website

February 21, 2019 at 08:57AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2013-5654 (yingzhipython)

Vulnerability in YingZhi Python Programming Language v1.9 allows arbitrary anonymous uploads to the phone's storage
Published at: February 15, 2019 at 11:29PM
View on website

February 21, 2019 at 10:57PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2014-10079

In Vembu StoreGrid 4.4.x, the front page of the server web interface leaks the private IP address in the "ipaddress" hidden form value of the HTML source code, which is disclosed because of incorrect processing of an index.php/ trailing slash.
Published at: February 23, 2019 at 04:29PM
View on website

February 23, 2019 at 06:42PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2014-10078

Vembu StoreGrid 4.4.x has XSS in interface/registercustomer/onlineregsuccess.php, interface/registerreseller/onlineregfailure.php, interface/registerclient/onlineregfailure.php, and interface/registercustomer/onlineregfailure.php.
Published at: February 23, 2019 at 04:29PM
View on website

February 23, 2019 at 06:42PM

via National Vulnerability Database

National Vulnerability Database

Manage this Applet


Няма коментари:

Публикуване на коментар