State Farm Reports Credential-Stuffing Attack

State Farm Reports Credential-Stuffing Attack
Enterprise VulnerabilitiesFrom DHS/US-CERT's National Vulnerability Database CVE-2019-11776PUBLISHED: 2019-08-09

In Eclipse BIRT versions 1.0 to 4.7, the Report Viewer allows Reflected XSS in URL parameter. Attacker can execute the payload in victim's browser context.

CVE-2019-12259PUBLISHED: 2019-08-09

Wind River VxWorks 6.9 and vx7 has an array index error in the IGMPv3 client component. There is an IPNET security vulnerability: DoS via NULL dereference in IGMP parsing.

CVE-2019-12263PUBLISHED: 2019-08-09

Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP component (issue 4 of 4). There is an IPNET security vulnerability: TCP Urgent Pointer state confusion due to race condition.

CVE-2019-12265PUBLISHED: 2019-08-09

Wind River VxWorks 6.5, 6.6, 6.7, 6.8, 6.9.3 and 6.9.4 has a Memory Leak in the IGMPv3 client component. There is an IPNET security vulnerability: IGMP Information leak via IGMPv3 specific membership report.

CVE-2019-14433PUBLISHED: 2019-08-09

An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may be leaked in the response, and could include sensitive ...




Support the originator by clicking the read the rest link below.