неделя, 10 май 2020 г.

Weekly Update: a new vulnerability is published on the National Vulnerability Database (13 items)

New vulnerabilities from the NVD: CVE-2016-11022

NETGEAR Prosafe WC9500 5.1.0.17, WC7600 5.1.0.17, and WC7520 2.5.0.35 devices allow a remote attacker to execute code with root privileges via shell metacharacters in the reqMethod parameter to login_handler.php.
Published at: March 23, 2020 at 05:15PM
View on website

March 23, 2020 at 06:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-19127

An authentication bypass vulnerability is present in the standalone SITS:Vision 9.7.0 component of Tribal SITS in its default configuration, related to unencrypted communications sent by the client each time it is launched. This occurs because the Uniface TLS Driver is not enabled by default. This vulnerability allows attackers to gain access to credentials or execute arbitrary SQL queries on the SITS backend as long as they have access to the client executable or can intercept traffic from a user who does.
Published at: March 25, 2020 at 05:15PM
View on website

March 25, 2020 at 06:41PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-18626

Harris Ormed Self Service before 2019.1.4 allows an authenticated user to view W-2 forms belonging to other users via an arbitrary empNo value to the ORMEDMIS/Data/PY/T4W2Service.svc/RetrieveW2EntriesForEmployee URI, thus exposing sensitive information including employee tax information, social security numbers, home addresses, and more.
Published at: March 25, 2020 at 08:15PM
View on website

March 25, 2020 at 10:40PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-15796

Python-apt doesn't check if hashes are signed in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py or in `_fetch_archives()` of apt/cache.py in version 1.9.3ubuntu2 and earlier. This allows downloads from unsigned repositories which shouldn't be allowed and has been fixed in verisions 1.9.5, 1.9.0ubuntu1.2, 1.6.5ubuntu0.1, 1.1.0~beta1ubuntu0.16.04.7, 0.9.3.5ubuntu3+esm2, and 0.8.3ubuntu7.5.
Published at: March 26, 2020 at 03:15PM
View on website

March 26, 2020 at 04:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-15795

python-apt only checks the MD5 sums of downloaded files in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py in version 1.9.0ubuntu1 and earlier. This allows a man-in-the-middle attack which could potentially be used to install altered packages and has been fixed in versions 1.9.0ubuntu1.2, 1.6.5ubuntu0.1, 1.1.0~beta1ubuntu0.16.04.7, 0.9.3.5ubuntu3+esm2, and 0.8.3ubuntu7.5.
Published at: March 26, 2020 at 03:15PM
View on website

March 26, 2020 at 04:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2015-8536

MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow cross-site request forgery.
Published at: March 27, 2020 at 05:15PM
View on website

March 27, 2020 at 06:41PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2015-8535

MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A directory traversal vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow a user to execute arbitrary code with elevated privileges.
Published at: March 27, 2020 at 05:15PM
View on website

March 27, 2020 at 06:41PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2015-8534

MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow a user to execute arbitrary code with elevated privileges.
Published at: March 27, 2020 at 05:15PM
View on website

March 27, 2020 at 06:41PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2015-7336

MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow the signature check of an update to be bypassed.
Published at: March 27, 2020 at 05:15PM
View on website

March 27, 2020 at 06:41PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2015-7335

MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A race condition was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow a user to execute arbitrary code with elevated privileges.
Published at: March 27, 2020 at 05:15PM
View on website

March 27, 2020 at 06:41PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2015-7334

MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type COMMAND type could allow a user to execute arbitrary code with elevated privileges.
Published at: March 27, 2020 at 05:15PM
View on website

March 27, 2020 at 06:41PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2015-7333

MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type INF and INF_BY_COMPATIBLE_ID command types could allow a user to execute arbitrary code with elevated privileges.
Published at: March 27, 2020 at 05:15PM
View on website

March 27, 2020 at 06:41PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2015-5684

MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A buffer overflow vulnerability was reported, (fixed and publicly disclosed in 2015) in the Lenovo Service Engine (LSE), affecting various versions of BIOS for Lenovo Notebooks, that could allow a remote user to execute arbitrary code on the system.
Published at: March 27, 2020 at 05:15PM
View on website

March 27, 2020 at 06:41PM

via National Vulnerability Database


Няма коментари:

Публикуване на коментар