6 Ways DevOps Can Supercharge Security
From DHS/US-CERT’s National Vulnerability Database CVE-2018-14417
PUBLISHED: 2018-08-04
A command injection vulnerability was found in the web administration console in SoftNAS Cloud before 4.0.3. In particular, the snserv script did not sanitize the ‘recentVersion’ parameter from the snserv endpoint, allowing an unauthenticated attacker to execute arbitrary commands with root permissi…
CVE-2018-14473
PUBLISHED: 2018-08-04
OCS Inventory 2.4.1 lacks a proper XML parsing configuration, allowing the use of external entities. This issue can be exploited by an attacker sending a crafted HTTP request in order to exfiltrate information or cause a Denial of Service.
CVE-2018-14497
PUBLISHED: 2018-08-04
Tenda D152 ADSL routers allow XSS via a crafted SSID.
CVE-2018-14541
PUBLISHED: 2018-08-04
PHP Scripts Mall Basic B2B Script 2.0.0 has Reflected and Stored XSS via the First name, Last name, Address 1, City, State, and Company name fields.
CVE-2018-14593
PUBLISHED: 2018-08-04
An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.9, 5.0.x through 5.0.28, and 4.0.x through 4.0.30. An attacker who is logged into OTRS as an agent may escalate their privileges by accessing a specially crafted URL.
Read More HERE