Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2019-5715
PUBLISHED: 2019-04-11

All versions of SilverStripe 3 prior to 3.6.7 and 3.7.3, and all versions of SilverStripe 4 prior to 4.0.7, 4.1.5, 4.2.4, and 4.3.1 allows Reflected SQL Injection through Form and DataObject.

CVE-2019-7219
PUBLISHED: 2019-04-11

Unauthenticated reflected cross-site scripting (XSS) exists in Zarafa WebAccess 7.2.0-48204. NOTE: this is a discontinued product. The issue was fixed in later Zarafa WebAccess versions; however, some former Zarafa WebAccess customers use the related Kopano product instead.

CVE-2019-9733
PUBLISHED: 2019-04-11

An issue was discovered in JFrog Artifactory 6.7.3. By default, the access-admin account is used to reset the password of the admin account in case an administrator gets locked out from the Artifactory console. This is only allowable from a connection directly from localhost, but providing a X-Forwa…

CVE-2019-9974
PUBLISHED: 2019-04-11

diag_tool.cgi on DASAN H660RM GPON routers with firmware 1.03-0022 lacks any authorization check, which allows remote attackers to run a ping command via a GET request to enumerate LAN devices or crash the router with a DoS attack.

CVE-2019-9975
PUBLISHED: 2019-04-11

DASAN H660RM devices with firmware 1.03-0022 use a hard-coded key for logs encryption. Data stored using this key can be decrypted by anyone able to access this key.

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Top
%d bloggers like this: