Monthly Archive: July 2019

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, a cwpsrv-xxx cookie allows a normal user to craft and upload a session file to the /tmp directory, and use it to become the root user....

In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. A remote attacker who compromises a SSH...

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 6 of 6). Date published : 2019-07-16 http://www.securityfocus.com/bid/109133 https://support.citrix.com/article/CTX251987

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 5 of 6). Date published : 2019-07-16 http://www.securityfocus.com/bid/109133 http://packetstormsecurity.com/files/153638/Citrix-SD-WAN-Appliance-10.2.2-Authentication-Bypass-Remote-Command-Execution.html

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow Directory Traversal. Date published : 2019-07-16 http://www.securityfocus.com/bid/109133 https://support.citrix.com/search?searchQuery=%2A&lang=en&sort=relevance&prod=&pver=&ct=Security+Bulletin

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow SQL Injection. Date published : 2019-07-16 http://www.securityfocus.com/bid/109133 http://packetstormsecurity.com/files/153638/Citrix-SD-WAN-Appliance-10.2.2-Authentication-Bypass-Remote-Command-Execution.html

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 4 of 6). Date published : 2019-07-16 http://www.securityfocus.com/bid/109133 https://support.citrix.com/article/CTX251987

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 3 of 6). Date published : 2019-07-16 http://www.securityfocus.com/bid/109133 https://support.citrix.com/article/CTX251987

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 2 of 6). Date published : 2019-07-16 http://www.securityfocus.com/bid/109133 https://support.citrix.com/article/CTX251987

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 1 of 6). Date published : 2019-07-16 http://www.securityfocus.com/bid/109133 https://support.citrix.com/article/CTX251987

In HT2 Labs Learning Locker 3.15.1, it’s possible to inject malicious HTML and JavaScript code into the DOM of the website via the PATH_INFO to the dashboards/ URI. Date published : 2019-07-16 https://github.com/miruser/Roche-CVEs/blob/master/CVE-2019-12834.md

A vulnerability was discovered in DNS resolver of knot resolver before version 4.1.0 which allows remote attackers to downgrade DNSSEC-secure domains to DNSSEC-insecure state, opening possibility of domain hijack using attacks against insecure DNS...

A vulnerability was discovered in DNS resolver component of knot resolver through version 3.2.0 before 4.1.0 which allows remote attackers to bypass DNSSEC validation for non-existence answer. NXDOMAIN answer would get passed through to...

Linaro/OP-TEE OP-TEE Prior to version v3.4.0 is affected by: Boundary checks. The impact is: This could lead to corruption of any memory which the TA can access. The component is: optee_os. The fixed version...