Vulnerabilities > Netflix > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-03-23 CVE-2021-28099 Use of Insufficiently Random Values vulnerability in Netflix Hollow
In Netflix OSS Hollow, since the Files.exists(parent) is run before creating the directories, an attacker can pre-create these directories with wide permissions.
local
low complexity
netflix CWE-330
4.4
2020-12-03 CVE-2020-2323 Missing Authorization vulnerability in Netflix Chaos Monkey 0.3/0.4
Jenkins Chaos Monkey Plugin 0.4 and earlier does not perform permission checks in an HTTP endpoint, allowing attackers with Overall/Read permission to access the Chaos Monkey page and to see the history of actions.
network
low complexity
netflix CWE-862
5.3
2020-11-09 CVE-2020-9300 Unspecified vulnerability in Netflix Dispatch
The Access Control issues include allowing a regular user to view a restricted incident, user role escalation to admin, users adding themselves as a participant in a restricted incident, and users able to view restricted incidents via the search feature.
network
low complexity
netflix
4.0
2019-06-21 CVE-2019-10028 Improper Input Validation vulnerability in Netflix Dial Reference
Denial of Service (DOS) in Dial Reference Source Code Used before June 18th, 2019.
network
low complexity
netflix CWE-20
5.0
2017-08-09 CVE-2015-7764 Insufficient Entropy vulnerability in Netflix Lemur 0.1.4
Lemur 0.1.4 does not use sufficient entropy in its IV when encrypting AES in CBC mode.
network
low complexity
netflix CWE-331
5.0
2017-03-26 CVE-2017-7266 Open Redirect vulnerability in Netflix Security Monkey
Netflix Security Monkey before 0.8.0 has an Open Redirect.
network
netflix CWE-601
5.8