Misconfigured Ladders Database Exposed 13M User Records

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2019-11766
PUBLISHED: 2019-05-05

dhcp6.c in dhcpcd before 6.11.7 and 7.x before 7.2.2 has a buffer over-read in the D6_OPTION_PD_EXCLUDE feature.

CVE-2019-11767
PUBLISHED: 2019-05-05

Server side request forgery (SSRF) in phpBB before 3.2.6 allows checking for the existence of files and services on the local network of the host through the remote avatar upload function.

CVE-2019-3400
PUBLISHED: 2019-05-03

The labels gadget in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the jql parameter.

CVE-2019-3805
PUBLISHED: 2019-05-03

A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any …

CVE-2019-3894
PUBLISHED: 2019-05-03

It was discovered that the ElytronManagedThread in Wildfly’s Elytron subsystem in versions from 11 to 16 stores a SecurityIdentity to run the thread as. These threads do not necessarily terminate if the keep alive time has not expired. This could allow a shared thread to use the wrong security ident…

Read moreā€¦

Leave a Reply