CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2322
https://notcve.org/view.php?id=CVE-2020-2322
03 Dec 2020 — Jenkins Chaos Monkey Plugin 0.3 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to generate load and to generate memory leaks. Jenkins Chaos Monkey Plugin versiones 0.3 y anteriores, no llevan a cabo comprobaciones de permisos en varios endpoints HTTP, lo que permite a atacantes con permiso Overall/Read generar carga y generar pérdidas de memoria • http://www.openwall.com/lists/oss-security/2020/12/03/2 • CWE-862: Missing Authorization •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-9299
https://notcve.org/view.php?id=CVE-2020-9299
09 Nov 2020 — There were XSS vulnerabilities discovered and reported in the Dispatch application, affecting name and description parameters of Incident Priority, Incident Type, Tag Type, and Incident Filter. This vulnerability can be exploited by an authenticated user. Se detectaron y reportaron vulnerabilidades de tipo XSS en la aplicación Dispatch, que afectaron los parámetros name y description de Incident Priority, Incident Type, Tag Type, e Incident Filter. Esta vulnerabilidad puede ser explotada por un usuario... • https://github.com/Netflix/dispatch/releases/tag/v20201106 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-9300
https://notcve.org/view.php?id=CVE-2020-9300
09 Nov 2020 — The Access Control issues include allowing a regular user to view a restricted incident, user role escalation to admin, users adding themselves as a participant in a restricted incident, and users able to view restricted incidents via the search feature. If your install has followed the secure deployment guidelines the risk of this is lowered, as this may only be exploited by an authenticated user. Los problemas de Control de Acceso incluyen permitir a un usuario normal visualizar un incidente restringido, ... • https://github.com/Netflix/dispatch/releases/tag/v20201106 •
CVSS: 9.8EPSS: 0%CPEs: 17EXPL: 0CVE-2020-9297
https://notcve.org/view.php?id=CVE-2020-9297
14 Jul 2020 — Netflix Titus, all versions prior to version v0.1.1-rc.274, uses Java Bean Validation (JSR 380) custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary data in the error message template being passed to ConstraintValidatorContext.buildConstraintViolationWithTemplate() argument, they will be able to run arbitrary Java code. Netflix Titus, todas las versiones anter... • https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2020-002.md • CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-9296
https://notcve.org/view.php?id=CVE-2020-9296
16 Jun 2020 — Netflix Titus uses Java Bean Validation (JSR 380) custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary data in the error message template being passed to ConstraintValidatorContext.buildConstraintViolationWithTemplate() argument, they will be able to run arbitrary Java code. Netflix Titus utiliza comprobadores de restricción personalizados de Java Bean Validat... • https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2020-002.md • CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-10028
https://notcve.org/view.php?id=CVE-2019-10028
21 Jun 2019 — Denial of Service (DOS) in Dial Reference Source Code Used before June 18th, 2019. Denegación de servicio (DOS) en el código fuente usado de Dial Reference antes del 18 de junio de 2019. • https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2019-002.md •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7764
https://notcve.org/view.php?id=CVE-2015-7764
09 Aug 2017 — Lemur 0.1.4 does not use sufficient entropy in its IV when encrypting AES in CBC mode. Lemur 0.1.4 no emplea la suficiente entropía en su vector de inicialización cuando cifra AES en modo CBC. • http://www.openwall.com/lists/oss-security/2015/10/20/3 • CWE-331: Insufficient Entropy •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7266
https://notcve.org/view.php?id=CVE-2017-7266
26 Mar 2017 — Netflix Security Monkey before 0.8.0 has an Open Redirect. The logout functionality accepted the "next" parameter which then redirects to any domain irrespective of the Host header. Netflix Security Monkey en versiones anteriores a 0.8.0 tiene un Open Redirect. La funcionalidad de cierre de sesión aceptó el parámetro "next" que entonces redirige a cualquier dominio independientemente del encabezado del Host. • http://www.securityfocus.com/bid/97088 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •