CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38379
https://notcve.org/view.php?id=CVE-2021-38379
The Hub in CFEngine Enterprise 3.6.7 through 3.18.0 has Insecure Permissions that allow local Information Disclosure. El Hub en CFEngine Enterprise versiones 3.6.7 hasta 3.18.0, presenta permisos no seguros que permiten una divulgación local de información • https://cfengine.com/blog/2021/cve-2021-38379-and-cve-2021-36756 https://docs.cfengine.com/docs/3.18/enterprise-cfengine-guide.html • CWE-276: Incorrect Default Permissions •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2019-19394
https://notcve.org/view.php?id=CVE-2019-19394
Northern.tech CFEngine Enterprise before 3.10.7, 3.11.x and 3.12.x before 3.12.3, 3.13.x, and 3.14.x allows XSS. This is fixed in 3.10.7, 3.12.3, and 3.15.0. Se encontró un problema en Arista EOS. Los paquetes ARP malformados específicos pueden impactar el software mediante el reenvío de paquetes VxLAN. Este problema se encuentra en el código EOS VxLAN de Arista, que puede permitir a los atacantes bloquear el agente VxlanSwFwd. • https://cfengine.com/company/blog-detail/cve-2019-19394-mission-portal-javascript-injection-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2019-9929
https://notcve.org/view.php?id=CVE-2019-9929
Northern.tech CFEngine Enterprise 3.12.1 has Insecure Permissions. Northern.tech CFEngine Enterprise 3.12.1 tiene permisos no seguros • https://cfengine.com/company/blog-detail/cve-2019-9929-internal-authentication-secrets-leaked-in-logs https://cfengine.com/product/latest-release • CWE-532: Insertion of Sensitive Information into Log File •