Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2019-15657
PUBLISHED: 2019-08-26

In eslint-utils before 1.4.1, the getStaticValue function can execute arbitrary code.

CVE-2019-15658
PUBLISHED: 2019-08-26

connect-pg-simple before 6.0.1 allows SQL injection if tableName or schemaName is untrusted data.

CVE-2019-15651
PUBLISHED: 2019-08-26

wolfSSL 4.1.0 has a one-byte heap-based buffer over-read in DecodeCertExtensions in wolfcrypt/src/asn.c because reading the ASN_BOOLEAN byte is mishandled for a crafted DER certificate in GetLength_ex.

CVE-2019-15055
PUBLISHED: 2019-08-26

MikroTik RouterOS through 6.44.5 and 6.45.x through 6.45.3 improperly handles the disk name, which allows authenticated users to delete arbitrary files. Attackers can exploit this vulnerability to reset credential storage, which allows them access to the management interface as an administrator with…

CVE-2019-15497
PUBLISHED: 2019-08-26

Black Box iCOMPEL 9.2.3 through 11.1.4, as used in ONELAN Net-Top-Box 9.2.3 through 11.1.4 and other products, has default credentials that allow remote attackers to access devices remotely via SSH, HTTP, HTTPS, and FTP.

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Top
%d bloggers like this: