NuytsTech Security

Monthly Archive: February 2019

CVE-2019-7309

In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit...

CVE-2016-10741

In the Linux kernel before 4.9.3, fs/xfs/xfs_aops.c allows local users to cause a denial of service (system crash) because there is a race condition between direct and memory-mapped I/O (associated with a hole) that...

CVE-2018-5498

Clustered Data ONTAP versions 9.0 through 9.4 are susceptible to a vulnerability which allows remote authenticated attackers to cause a Denial of Service (DoS) in NFS and SMB environments. Exploitation of this vulnerability will...

CVE-2018-18988

LCDS Laquis SCADA prior to version 4.1.0.4150 allows execution of script code by opening a specially crafted report format file. This may allow remote code execution, data exfiltration, or cause a system crash. Date...

CVE-2018-16493

A path traversal vulnerability was found in module static-resource-server 1.7.2 that allows unauthorized read access to any file on the server by appending slashes in the URL. Date published : 2019-02-01 https://hackerone.com/reports/432600

CVE-2018-16492

A prototype pollution vulnerability was found in module extend

CVE-2018-16491

A prototype pollution vulnerability was found in node.extend

CVE-2018-16490

A prototype pollution vulnerability was found in module mpath

CVE-2018-16489

A prototype pollution vulnerability was found in just-extend

CVE-2018-16487

A prototype pollution vulnerability was found in lodash

CVE-2018-16486

A prototype pollution vulnerability was found in defaults-deep

CVE-2018-16485

Path Traversal vulnerability in module m-server