SEC Consult Vulnerability Lab Security Advisory < 20190124-0 >
===
title: Cross-site scripting
product: CA Automic Workload Automation Web Interface (AWI)
(formerly Automic Auto
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2019-1-24-1 iTunes 12.9.3 for Windows
iTunes 12.9.3 for Windows is now available and addresses the
following:
AppleKeyStore
Available for: Windows 7 and later
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Advisory: Cisco RV320 Unauthenticated Configuration Export
RedTeam Pentesting discovered that the configuration of a Cisco RV320
router may be exported without authentication through the device's web
interface.
Details
===
Product: Cisco RV320 Dual Gigabit WAN VPN Router, possibly others
Advisory: Cisco RV320 Command Injection
RedTeam Pentesting discovered a command injection vulnerability in the
web-based certificate generator feature of the Cisco RV320 router.
Details
===
Product: Cisco RV320 Dual Gigabit WAN VPN Router, possibly others
Affected Versions: 1.4.2.15 and
Advisory: Cisco RV320 Unauthenticated Diagnostic Data Retrieval
RedTeam Pentesting discovered that the Cisco RV320 router exposes
sensitive diagnostic data without authentication through the device's
web interface.
Details
===
Product: Cisco RV320 Dual Gigabit WAN VPN Router, possibly