Weekly Update: a new vulnerability is published on the National Vulnerability Database (8 items)

New vulnerabilities from the NVD: CVE-2017-0938 Denial of Service attack in airMAX < 8.3.2 , airMAX < 6.0.7 and EdgeMAX < 1.9.7 allow attackers to use the Discovery Protocol in amplification attacks. Published at: February 13, 2019 at 12:29AM View on website February 13, 2019 at 02:15AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-0696 OpenAM (Open Source Edition) 13.0 and later does not properly manage sessions, which allows remote authenticated attackers to change the security questions and reset the login password via unspecified vectors. Published at: February 13, 2019 at 08:29PM View on website February 13, 2019 at 10:59PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2017-1695 IBM QRadar SIEM 7.2 and 7.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 134177. Published at: February 15, 2019 at 10:29PM View on website February 16, 2019 at 12:59AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-4617 Vulnerability in Easy2map-photos WordPress Plugin v1.09 MapPinImageUpload.php and MapPinIconSave.php allows path traversal when specifying file names creating files outside of the upload directory. Published at: February 15, 2019 at 11:29PM View on website February 16, 2019 at 02:59AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-4615 Vulnerability in Easy2map-photos WordPress Plugin v1.09 allows SQL Injection via unsanitized mapTemplateName, mapName, mapSettingsXML, parentCSSXML, photoCSSXML, mapCSSXML, mapHTML,mapID variables Published at: February 15, 2019 at 11:29PM View on website February 16, 2019 at 02:59AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2013-5654 Vulnerability in YingZhi Python Programming Language v1.9 allows arbitrary anonymous uploads to the phone's storage Published at: February 15, 2019 at 11:29PM View on website February 16, 2019 at 02:59AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2013-2565 A vulnerability in Mambo CMS v4.6.5 where the scripts thumbs.php, editorFrame.php, editor.php, images.php, manager.php discloses the root path of the webserver. Published at: February 15, 2019 at 11:29PM View on website February 16, 2019 at 02:59AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2013-2516 Vulnerability in FileUtils v0.7, Ruby Gem Fileutils <= v0.7 Command Injection vulnerability in user supplied url variable that is passed to the shell. Published at: February 15, 2019 at 11:29PM View on website February 16, 2019 at 02:59AM via National Vulnerability Database Manage this Applet