MidnightBSD

Advisories for carbonblack

CVE-2014-1615 MEDIUM

Multiple cross-site request forgery (CSRF) vulnerabilities in Carbon Black before 4.1.0 allow remote attackers to hijack the authentication of administrators for requests that add new administrative users and have other unspecified action, as demonstrated by a request to api/user.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
carbonblack carbon_black 4.1.0
carbonblack carbon_black 4.0.3
carbonblack carbon_black *
CVE-2016-9568 HIGH

A security design issue can allow an unprivileged user to interact with the Carbon Black Sensor and perform unauthorized actions.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-254,

Products Affected

Vendor Product Version
carbonblack carbon_black 5.1.1.60603
CVE-2016-9569 MEDIUM

The cbstream.sys driver in Carbon Black 5.1.1.60603 allows local users with admin privileges to cause a denial of service (out-of-bounds read and system crash) via a large counter value in an 0x62430028 IOCTL call.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
carbonblack carbon_black 5.1.1.60603
CVE-2016-9570 MEDIUM

cb.exe in Carbon Black 5.1.1.60603 allows attackers to cause a denial of service (out-of-bounds read, invalid pointer dereference, and application crash) by leveraging access to the NetMon named pipe.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-476,

Products Affected

Vendor Product Version
carbonblack carbon_black 5.1.1.60603
CVE-2018-10407 MEDIUM

An issue was discovered in Carbon Black Cb Response. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-347,

Products Affected

Vendor Product Version
carbonblack carbon_black_cb *