CVE-2018-16494
- EPSS 0.83%
- Veröffentlicht 26.05.2021 19:15:08
- Zuletzt bearbeitet 21.11.2024 03:52:51
In VOS and overly permissive "umask" may allow for authorized users of the server to gain unauthorized access through insecure file permissions that can result in an arbitrary read, write, or execution of newly created files and directories. Insecure...
CVE-2018-16495
- EPSS 0.3%
- Veröffentlicht 26.05.2021 19:15:08
- Zuletzt bearbeitet 21.11.2024 03:52:52
In VOS user session identifier (authentication token) is issued to the browser prior to authentication but is not changed after the user successfully logs into the application. Failing to issue a new session ID following a successful login introduces...
CVE-2018-16499
- EPSS 0.07%
- Veröffentlicht 26.05.2021 19:15:08
- Zuletzt bearbeitet 21.11.2024 03:52:52
In VOS compromised, an attacker at network endpoints can possibly view communications between an unsuspecting user and the service using man-in-the-middle attacks. Usage of unapproved SSH encryption protocols or cipher suites also violates the Data P...
CVE-2019-25030
- EPSS 0.05%
- Veröffentlicht 26.05.2021 19:15:08
- Zuletzt bearbeitet 21.11.2024 04:39:46
In Versa Director, Versa Analytics and VOS, Passwords are not hashed using an adaptive cryptographic hash function or key derivation function prior to storage. Popular hashing algorithms based on the Merkle-Damgardconstruction (such as MD5 and SHA-1)...