Cisco SPA100 Denial of Service Vulnerability

The Cisco SPA100 Series is an analog phone adapter from Cisco that allows your standard analog phone to access Internet telephony services through an RJ-11 phone port. A denial of service vulnerability exists in the web-based management interface of Cisco SPA100 Series 1.4.1 SR3 and earlier. The...

CVE-2019-5473

An authentication issue was discovered in GitLab that allowed a bypass of email verification. This was addressed in GitLab 12.1.2 and 12.0.4...

CVE-2019-5473

An authentication issue was discovered in GitLab that allowed a bypass of email verification. This was addressed in GitLab 12.1.2 and 12.0.4...

CVE-2019-5473

Removed by vendor...

CVE-2019-5473

GitLab CVE-2019-5473: an authentication issue allows bypassing email verification. Affected deployments prior to GitLab 12.0.4/12.1.2; remediation is to upgrade to GitLab 12.0.4 or 12.1.2 (or later). Multiple advisories and reports (Red Hat, Ubuntu, Debian, OSV, CVE lists, and a HackerOne writeup...

PT-2019-17695 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 12.0.4 GitLab versions prior to 12.1.2 Description: An authentication issue was discovered that allowed a bypass of email verification. Recommendations: For versions prior to 12.0.4, update to version 12.0.4 or later...

cPanel Input Validation Error Vulnerability (CNVD-2019-29015)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. An authorization issue vulnerability exists in versions prior to cPanel 55.9999.141. The vulnerability stems from a lack of...

CVE-2019-13416

CVE-2019-13416 affects floragunn Search Guard (Search Guard) prior to version 24.3. When Cross Cluster Search (CCS) is enabled, authenticated users can be authorized on the local cluster regardless of their roles on remote clusters, effectively bypassing remote-role checks. Affected component: Se...

CVE-2016-10836

cPanel before 55.9999.141 allows arbitrary file-read operations during authentication with caldav SEC-108...

thunderbird security update

60.8.0-1.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 60.8.0-1 - Updated to 60.8.0 60.7.2-3 - Rebuild to fix rhbz1725919 - Thunderbird fails to authenticate with gmail with ssl/tls and OAuth2...

CVE-2017-6900

An issue was discovered in Riello NetMan 204 14-2 and 15-2. The issue is with the login script and wrongpass Python script used for authentication. When calling wrongpass, the variables $VAL0 and $VAL1 should be enclosed in quotes to prevent the potential for Bash command injection. Further to...

CVE-2019-7228

The ABB IDAL HTTP server mishandles format strings in a username or cookie during the authentication process. Attempting to authenticate with the username %25s%25p%25x%25n will crash the server. Sending %08x.AAAA.%08x.%08x will log memory content from the stack...

PT-2019-10041 · Ibm · Ibm Maximo Asset Management

Name of the Vulnerable Software and Affected Versions: IBM Maximo Asset Management version 7.6 Description: The issue allows an authenticated user to replace a target page with a phishing site, potentially enabling the attacker to obtain highly sensitive information. Recommendations: For IBM Maxi...

CVE-2018-19879

An issue was discovered in /cgi-bin/luci on Teltonika RTU9XX e.g., RUT950 R31.04.89 before R00.05.00.5 devices. The authentication functionality is not protected from automated tools used to make login attempts to the application. An anonymous attacker has the ability to make unlimited login...

PT-2019-19433 · Nagios · Nagios Im

Name of the Vulnerable Software and Affected Versions: Nagios IM versions prior to 2.2.7 Description: The issue allows authenticated users to execute arbitrary code due to API key problems. Recommendations: For versions prior to 2.2.7, update to version 2.2.7 or later to resolve the issue...

Authorization

A vulnerability in the user account management interface of Cisco NX-OS Software could allow an authenticated, local attacker to gain elevated privileges on an affected device. The vulnerability is due to an incorrect authorization check of user accounts and their associated Group ID GID. An...

Microsoft SharePoint Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint...

Cross-Site Scripting (XSS) in PAN-OS External Dynamic Lists

A Cross-Site Scripting XSS vulnerability exists in the PAN-OS External Dynamic Lists. Ref. PAN-106776; CVE-2019-1565 Successful exploitation of this issue may allow an attacker that is authenticated in Next Generation Firewall with write privileges to External Dynamic List configuration to inject...

CVE-2018-19557

An issue was discovered in arcms through 2018-03-19. No authentication is required for index/main, user/useradd, or img/images...

CVE-2018-19557

The CVE-2018-19557 issue affects arcms (a CMS based on layui/arphp). Affected versions up to 2018-03-19 allow access to index/main, user/useradd, and img/images without authentication due to a lack of authentication checks, enabling unauthorized access. Public sources (NVD/NVD-derived entries and...