CVE-2019-19394
https://notcve.org/view.php?id=CVE-2019-19394
Northern.tech CFEngine Enterprise before 3.10.7, 3.11.x and 3.12.x before 3.12.3, 3.13.x, and 3.14.x allows XSS. This is fixed in 3.10.7, 3.12.3, and 3.15.0. Se encontró un problema en Arista EOS. Los paquetes ARP malformados específicos pueden impactar el software mediante el reenvío de paquetes VxLAN. Este problema se encuentra en el código EOS VxLAN de Arista, que puede permitir a los atacantes bloquear el agente VxlanSwFwd. • https://cfengine.com/company/blog-detail/cve-2019-19394-mission-portal-javascript-injection-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-9929
https://notcve.org/view.php?id=CVE-2019-9929
Northern.tech CFEngine Enterprise 3.12.1 has Insecure Permissions. Northern.tech CFEngine Enterprise 3.12.1 tiene permisos no seguros • https://cfengine.com/company/blog-detail/cve-2019-9929-internal-authentication-secrets-leaked-in-logs https://cfengine.com/product/latest-release • CWE-532: Insertion of Sensitive Information into Log File •
CVE-2006-2248
https://notcve.org/view.php?id=CVE-2006-2248
Xeneo Web Server 2.2.22.0 allows remote attackers to obtain the source code of script files via crafted requests containing dot, space, and slash characters in the file extension. • http://secunia.com/advisories/19325 http://secunia.com/secunia_research/2006-20/advisory http://www.osvdb.org/25283 http://www.securityfocus.com/bid/17858 http://www.vupen.com/english/advisories/2006/1682 https://exchange.xforce.ibmcloud.com/vulnerabilities/26294 •
CVE-2002-1248 – Northern Solutions Xeneo Web Server 2.1/2.2 - Denial of Service
https://notcve.org/view.php?id=CVE-2002-1248
Northern Solutions Xeneo Web Server 2.1.0.0, 2.0.759.6, and other versions before 2.1.5 allows remote attackers to cause a denial of service (crash) via a GET request for a "%" URI. El Sevidor Web Northern Solutions Xeneo 2.1.0.0, 2.0.759.6 y otras versiones anteriores a 2.1.5 permite a atacantes remotos causar una denegación de servicio (caída) mediante una petición GET a una URL "%" • https://www.exploit-db.com/exploits/21982 http://marc.info/?l=bugtraq&m=103642597302308&w=2 http://www.idefense.com/advisory/11.04.02b.txt http://www.iss.net/security_center/static/10534.php http://www.securityfocus.com/bid/6098 •