CVE-2019-15277

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint CE Software could allow an authenticated, local attacker to execute code with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating as the...

CVE-2019-12699

Multiple vulnerabilities in the CLI of Cisco FXOS Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to execute commands on the underlying operating system OS with root privileges. These vulnerabilities are due to insufficient input validation. A...

CVE-2019-12672

A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker with physical access to an affected device to execute arbitrary code on the underlying operating system OS with root privileges. The vulnerability is due to insufficient file location validatio...

CVE-2019-12670

A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker within the IOx Guest Shell to modify the namespace container protections on an affected device. The vulnerability is due to insufficient file permissions. An attacker could exploit this...

CVE-2019-3763

The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain an information exposure vulnerability. The Office 365 user password may get logged in a plain text format in the Office 365 connector debug log file. An authenticated...

CVE-2019-12532

Improper access control in the Insyde software tools may allow an authenticated user to potentially enable escalation of privilege, or information disclosure via local access. This is a software vulnerability, not a firmware issue. Affected tools include: H2OFFT version 3.025.28,...

CVE-2019-5631

The Rapid7 InsightAppSec broker suffers from a DLL injection vulnerability in the 'prunsrv.exe' component of the product. If exploited, a local user of the system who must already be authenticated to the operating system can elevate their privileges with this vulnerability to the privilege level ...

CVE-2019-1959

Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to read arbitrary files on the underlying operating system OS of an affected device. For more information about these vulnerabilities, see the Details section of this adviso...

CVE-2019-1960

Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to read arbitrary files on the underlying operating system OS of an affected device. For more information about these vulnerabilities, see the Details section of this adviso...

CVE-2019-1945

Multiple vulnerabilities in the smart tunnel functionality of Cisco Adaptive Security Appliance ASA could allow an authenticated, local attacker to elevate privileges to the root user or load a malicious library file while the tunnel is being established. For more information about these...

CVE-2019-1932

A vulnerability in Cisco Advanced Malware Protection AMP for Endpoints for Windows could allow an authenticated, local attacker with administrator privileges to execute arbitrary code. The vulnerability is due to insufficient validation of dynamically loaded modules. An attacker could exploit thi...

CVE-2019-1893

A vulnerability in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system OS of an affected device as root. The vulnerability is due to insufficient input validation of a configuration file...

CVE-2019-3962

Content Injection vulnerability in Tenable Nessus prior to 8.5.0 may allow an authenticated, local attacker to exploit this vulnerability by convincing another targeted Nessus user to view a malicious URL and use Nessus to send fraudulent messages. Successful exploitation could allow the...

CVE-2019-4154

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 158519...

PT-2019-16934 · Ibm · Ibm Db2

Name of the Vulnerable Software and Affected Versions: IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server versions 9.7, 10.1, 10.5, and 11.1 Description: The issue is a buffer overflow that could allow an authenticated local attacker to execute arbitrary code on the system as root...

PT-2019-2562 · Ibm · Ibm Db2

Name of the Vulnerable Software and Affected Versions: IBM DB2 versions 9.7 through 11.1 Description: The issue is related to a buffer overflow in the database management system, which could allow an authenticated local attacker to execute arbitrary code on the system with root privileges...

CVE-2019-1630

A vulnerability in the firmware signature checking program of Cisco Integrated Management Controller IMC could allow an authenticated, local attacker to cause a buffer overflow, resulting in a denial of service DoS condition. The vulnerability is due to insufficient checking of an input buffer. A...

CVE-2019-1628

A vulnerability in the web server of Cisco Integrated Management Controller IMC could allow an authenticated, local attacker to cause a buffer overflow, resulting in a denial of service DoS condition on an affected device. The vulnerability is due to incorrect bounds checking. An attacker could...

CVE-2019-0180

Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access...

CVE-2019-0164

Improper permissions in the installer for IntelR Turbo Boost Max Technology 3.0 driver version 1.0.0.1035 and before may allow an authenticated user to potentially enable escalation of privilege via local access...