Security Vulnerabilities - CVEs Published In July 2019
It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum.
CVSS Score
4.3
EPSS Score
0.001
Published
2019-07-02
A path traversal flaw was found in spacewalk-proxy, all versions through 2.9, in the way the proxy processes cached client tokens. A remote, unauthenticated attacker could use this flaw to test the existence of arbitrary files, if they have access to the proxy's filesystem, or can execute arbitrary code in the context of the httpd process.
CVSS Score
8.1
EPSS Score
0.071
Published
2019-07-02
An out-of-bounds read vulnerability has been identified in Fuji Electric Alpha7 PC Loader Versions 1.1 and prior, which may crash the system.
CVSS Score
6.6
EPSS Score
0.001
Published
2019-07-02
fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstream.DirWriter() function is vulnerable.
CVSS Score
7.5
EPSS Score
0.004
Published
2019-07-02
Read the Docs before 3.5.1 has an Open Redirect if certain user-defined redirects are used. This affects private instances of Read the Docs (in addition to the public readthedocs.org web sites).
CVSS Score
6.1
EPSS Score
0.002
Published
2019-07-02
An issue was discovered on D-Link DCS-1130 and DCS-1100 devices. The binary rtspd in /sbin folder of the device handles all the rtsp connections received by the device. It seems that the binary loads at address 0x00012CF4 a flag called "Authenticate" that indicates whether a user should be authenticated or not before allowing access to the video feed. By default, the value for this flag is zero and can be set/unset using the HTTP interface and network settings tab as shown below. The device requires that a user logging to the HTTP management interface of the device to provide a valid username and password. However, the device does not enforce the same restriction by default on RTSP URL due to the checkbox unchecked by default, thereby allowing any attacker in possession of external IP address of the camera to view the live video feed. The severity of this attack is enlarged by the fact that there more than 100,000 D-Link devices out there.
CVSS Score
7.5
EPSS Score
0.039
Published
2019-07-02
An issue was discovered on D-Link DCS-1130 devices. The device provides a crossdomain.xml file with no restrictions on who can access the webserver. This allows an hosted flash file on any domain to make calls to the device's webserver and pull any information that is stored on the device. In this case, user's credentials are stored in clear text on the device and can be pulled easily. It also seems that the device does not implement any cross-site scripting forgery protection mechanism which allows an attacker to trick a user who is logged in to the web management interface into executing a cross-site flashing attack on the user's browser and execute any action on the device provided by the web management interface which steals the credentials from tools_admin.cgi file's response and displays it inside a Textfield.
CVSS Score
8.8
EPSS Score
0.018
Published
2019-07-02
Linear eMerge E3-Series devices allow File Inclusion.
CVSS Score
7.5
EPSS Score
0.906
Published
2019-07-02
Linear eMerge E3-Series devices allow XSS.
CVSS Score
6.1
EPSS Score
0.58
Published
2019-07-02
CVE-2019-7256
Linear eMerge E3-Series devices allow Command Injections.
Known exploited
CVSS Score
9.8
EPSS Score
0.944
Published
2019-07-02