lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 30 Jul 2019 15:13:14 +0000 From: David Dillard <David.Dillard@...itas.com> To: "fulldisclosure@...lists.org" <fulldisclosure@...lists.org> Subject: [FD] VTS19-002: Multiple Vulnerabilities in Veritas Resiliency Platform (VRP) Four vulnerabilities have been fixed in VRP 3.4 HF1, one of which is of critical severity. Directory traversal vulnerability related to uploading application bundles CVE-2019-14415 Critical severity Arbitrary command execution vulnerability with root privilege related to DNS server configuration CVE-2019-14416 High severity Arbitrary command execution vulnerability with root privilege related to resiliency plans and custom scripts CVE-2019-14417 High severity A persistent cross-site scripting (XSS) vulnerability allows a malicious VRP user to inject malicious script into another user's browser, related to resiliency plans functionality. CVE-2019-14418 Medium severity https://www.veritas.com/content/support/en_US/security/VTS19-002.html _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists