» 2019 » 9월

CVE-2019-12942

Posted on 2019년 9월 11일2019년 9월 11일 by admin

CVE-2019-12942

TTLock devices do not properly block guest access in certain situations where the network connection to the cloud is unavailable.

Source: CVE-2019-12942

CVE-2019-12943

Posted on 2019년 9월 11일2019년 9월 11일 by admin

CVE-2019-12943

TTLock devices do not properly restrict password-reset attempts, leading to incorrect access control and disclosure of sensitive information about valid account names.

Source: CVE-2019-12943

CVE-2019-11669

Posted on 2019년 9월 11일2019년 9월 11일 by admin

CVE-2019-11669

Modifiable read only check box In Micro Focus Service Manager, versions 9.60p1, 9.61, 9.62. This vulnerability could be exploited to allow unauthorized modification of data.

Source: CVE-2019-11669

CVE-2019-11668

Posted on 2019년 9월 11일2019년 9월 11일 by admin

CVE-2019-11668

HTTP cookie in Micro Focus Service manager, Versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. And Micro Focus Service Manager Chat Server, versions 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. And Micro Focus Service Manager Chat Service 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62.

Source: CVE-2019-11668

CVE-2019-10256

Posted on 2019년 9월 11일2019년 9월 11일 by admin

CVE-2019-10256

An authentication bypass vulnerability in VIVOTEK IPCam versions prior to 0x13a was found.

Source: CVE-2019-10256

CVE-2019-12996

Posted on 2019년 9월 11일2019년 9월 11일 by admin

CVE-2019-12996

In Mendix 7.23.5 and earlier, the Excel importer module is vulnerable to SSRF, which allows attackers to craft requests from Mendix servers to any destination on the internet or a Mendix internal network, perform port scanning, and disclose lists of files located on Mendix servers.

Source: CVE-2019-12996

CVE-2019-11497

Posted on 2019년 9월 11일2019년 9월 11일 by admin

CVE-2019-11497

An issue was discovered in Couchbase Server 5.0.0. When creating a new remote cluster reference in Couchbase for XDCR, an invalid certificate is accepted. (The correct behavior is to validate the certificate against the remote cluster.)

Source: CVE-2019-11497

CVE-2019-11496

Posted on 2019년 9월 11일2019년 9월 11일 by admin

CVE-2019-11496

An issue was discovered in Couchbase Server 5.0.0. Editing bucket settings resets credentials, and leads to authorization without credentials.

Source: CVE-2019-11496

CVE-2019-11495

Posted on 2019년 9월 11일2019년 9월 11일 by admin

CVE-2019-11495

Couchbase Server 5.1.1 generates insufficiently random numbers. The product hosts many network services by default. One of those services is an epmd service, which allows for node integration between Erlang instances. This service is protected by a single 16-character password. Unfortunately, this password is not generated securely due to an insufficient random seed, and can be reasonably brute-forced by an attacker to execute code against a remote system.

Source: CVE-2019-11495

CVE-2019-14457

Posted on 2019년 9월 11일2019년 9월 11일 by admin

CVE-2019-14457

VIVOTEK IP Camera devices with firmware before 0x20x have a stack-based buffer overflow via a crafted HTTP header.

Source: CVE-2019-14457