Known Vulnerabilities for products from Netflix
Listed below are 14 of the newest known vulnerabilities associated with the vendor "Netflix".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-40171 json | Dispatch is an open source security incident management tool. The server response includes the JWT Secret Key used for signin... | 7.5 - HIGH | 2023-08-17 | 2023-08-24 |
| CVE-2023-30797 json | Netflix Lemur before version 1.3.2 used insufficiently random values when generating default credentials. The insufficientl... | 7.5 - HIGH | 2023-04-19 | 2023-05-01 |
| CVE-2022-27177 json | A Python format string issue leading to information disclosure and potentially remote code execution in ConsoleMe for all ver... | 9.8 - CRITICAL | 2022-04-01 | 2022-04-11 |
| CVE-2021-28100 json | Priam uses File.createTempFile, which gives the permissions on that file -rw-r--r--. An attacker with read access to the loca... | 5.5 - MEDIUM | 2021-03-23 | 2021-03-26 |
| CVE-2021-28099 json | In Netflix OSS Hollow, since the Files.exists(parent) is run before creating the directories, an attacker can pre-create thes... | 4.4 - MEDIUM | 2021-03-23 | 2023-08-08 |
| CVE-2020-9300 json | The Access Control issues include allowing a regular user to view a restricted incident, user role escalation to admin, users... | 6.5 - MEDIUM | 2020-11-09 | 2020-11-18 |
| CVE-2020-9299 json | There were XSS vulnerabilities discovered and reported in the Dispatch application, affecting name and description parameters... | 5.4 - MEDIUM | 2020-11-09 | 2020-11-17 |
| CVE-2020-9297 json | Netflix Titus, all versions prior to version v0.1.1-rc.274, uses Java Bean Validation (JSR 380) custom constraint validators.... | 9.8 - CRITICAL | 2020-07-14 | 2021-07-21 |
| CVE-2020-9296 json | Netflix Titus uses Java Bean Validation (JSR 380) custom constraint validators. When building custom constraint violation err... | 9.8 - CRITICAL | 2020-06-16 | 2022-10-29 |
| CVE-2020-2323 json | Jenkins Chaos Monkey Plugin 0.4 and earlier does not perform permission checks in an HTTP endpoint, allowing attackers with O... | 5.3 - MEDIUM | 2020-12-03 | 2023-10-25 |
| CVE-2020-2322 json | Jenkins Chaos Monkey Plugin 0.3 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers ... | 7.5 - HIGH | 2020-12-03 | 2023-10-25 |
| CVE-2019-10028 json | Denial of Service (DOS) in Dial Reference Source Code Used before June 18th, 2019. | 7.5 - HIGH | 2019-06-21 | 2021-07-21 |
| CVE-2017-7266 json | Netflix Security Monkey before 0.8.0 has an Open Redirect. The logout functionality accepted the "next" parameter which then ... | Not Provided | 2017-03-26 | 2025-04-20 |
| CVE-2015-7764 json | Lemur 0.1.4 does not use sufficient entropy in its IV when encrypting AES in CBC mode. | 7.5 - HIGH | 2017-08-09 | 2019-12-11 |
Known software with vulnerabilities from Netflix
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Netflix | Chaos Monkey | 0.4 |
| Application | Netflix | Conductor | 0.0.1 |
| Application | Netflix | Dial Reference | 6-18-2019 |
| Application | Netflix | Dispatch | - |
| Application | Netflix | Lemur | 0.1.4 |
| Application | Netflix | Security Monkey | 0.3.4 |
| Application | Netflix | Titus | - |