Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19594PUBLISHED: 2019-12-05reset/modules/fotoliaFoto/multi_upload.php in the RESET.PRO Adobe Stock API Integration for PrestaShop 1.6 and 1.7 allows remote attackers to execute arbitrary code by uploading a .php file.
CVE-2019-19595PUBLISHED: 2019-12-05reset/modules/advanced_form_maker_edit/multiupload/upload.php in the RESET.PRO Adobe Stock API integration 4.8 for PrestaShop allows remote attackers to execute arbitrary code by uploading a .php file.
CVE-2019-3690PUBLISHED: 2019-12-05The chkstat tool in the permissions package followed symlinks before commit a9e1d26cd49ef9ee0c2060c859321128a6dd4230 (please also check the additional hardenings after this fix). This allowed local attackers with control over a path that is traversed by chkstat to escalate privileges.
CVE-2013-0243PUBLISHED: 2019-12-05haskell-tls-extra before 0.6.1 has Basic Constraints attribute vulnerability may lead to Man in the Middle attacks on TLS connections
CVE-2018-10021PUBLISHED: 2019-12-05
Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints to arbitrary hosts. Impacted API servers will follow the redirect as a GET request with client-certificate c...
User Rank: Strategist
7/10/2018 | 12:46:40 PM