Vulnerabilities > Netflix > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-23 | CVE-2021-28099 | Use of Insufficiently Random Values vulnerability in Netflix Hollow In Netflix OSS Hollow, since the Files.exists(parent) is run before creating the directories, an attacker can pre-create these directories with wide permissions. | 4.4 |
| 2020-12-03 | CVE-2020-2323 | Missing Authorization vulnerability in Netflix Chaos Monkey 0.3/0.4 Jenkins Chaos Monkey Plugin 0.4 and earlier does not perform permission checks in an HTTP endpoint, allowing attackers with Overall/Read permission to access the Chaos Monkey page and to see the history of actions. | 5.3 |
| 2020-11-09 | CVE-2020-9300 | Unspecified vulnerability in Netflix Dispatch The Access Control issues include allowing a regular user to view a restricted incident, user role escalation to admin, users adding themselves as a participant in a restricted incident, and users able to view restricted incidents via the search feature. | 4.0 |
| 2019-06-21 | CVE-2019-10028 | Improper Input Validation vulnerability in Netflix Dial Reference Denial of Service (DOS) in Dial Reference Source Code Used before June 18th, 2019. | 5.0 |
| 2017-08-09 | CVE-2015-7764 | Insufficient Entropy vulnerability in Netflix Lemur 0.1.4 Lemur 0.1.4 does not use sufficient entropy in its IV when encrypting AES in CBC mode. | 5.0 |
| 2017-03-26 | CVE-2017-7266 | Open Redirect vulnerability in Netflix Security Monkey Netflix Security Monkey before 0.8.0 has an Open Redirect. | 5.8 |