Lucene search
K

221 matches found

OSV
OSV
added 2019/03/26 12:29 a.m.3 views

CVE-2019-10060

The Verix Multi-app Conductor application 2.7 for Verifone Verix suffers from a buffer overflow vulnerability that allows attackers to execute arbitrary code via a long configuration key value. An attacker must be able to download files to the device in order to exploit this vulnerability...

8.1CVSS7.8AI score0.01682EPSS
Exploits0References1
Prion
Prion
added 2019/03/26 12:29 a.m.14 views

Buffer overflow

The Verix Multi-app Conductor application 2.7 for Verifone Verix suffers from a buffer overflow vulnerability that allows attackers to execute arbitrary code via a long configuration key value. An attacker must be able to download files to the device in order to exploit this vulnerability...

6.8CVSS8.4AI score0.01682EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/03/25 11:54 p.m.21 views

CVE-2019-10060

The Verix Multi-app Conductor application 2.7 for Verifone Verix suffers from a buffer overflow vulnerability that allows attackers to execute arbitrary code via a long configuration key value. An attacker must be able to download files to the device in order to exploit this vulnerability...

8.4AI score0.01682EPSS
Exploits0References1
CVE
CVE
added 2019/03/25 11:54 p.m.44 views

CVE-2019-10060

The CVE-2019-10060 issue affects Verix Multi-app Conductor for Verifone Verix (version 2.7). The vulnerability is a buffer overflow in a configuration key value that enables arbitrary code execution and requires the attacker to download files to the device. Several connected sources (Red Hat, CNV...

8.1CVSS8.3AI score0.01682EPSS
Exploits0References1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/02/22 1:30 p.m.45 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Conductor

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ versions 8 used by IBM Spectrum Conductor with Spark 2.2.0, 2.2.1 and IBM Spectrum Conductor 2.3.0. IBM Spectrum Conductor has addressed the applicable CVEs. Vulnerability Details If you run your own Java code using the...

9CVSS0.7AI score0.07215EPSS
Exploits2Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/02/21 12:0 a.m.3 views

The vulnerability in the web interface of software for Cisco TelePresence Conductor, Cisco Expressway Series, and Cisco TelePresence Video Communication Server allows a perpetrator to compromise the integrity of protected information.

The vulnerability of the software web interface of Cisco TelePresence Conductor, Cisco Expressway Series, and Cisco TelePresence Video Communication Server lies in insufficiently checking incoming requests. Exploiting this vulnerability allows a malicious actor to compromise the integrity of...

5CVSS5.7AI score0.02125EPSS
Exploits0References3
Cvelist
Cvelist
added 2019/02/07 9:0 p.m.22 views

CVE-2019-1679 Cisco TelePresence Conductor, Cisco Expressway Series, and Cisco TelePresence Video Communication Server REST API Server-Side Request Forgery Vulnerability

A vulnerability in the web interface of Cisco TelePresence Conductor, Cisco Expressway Series, and Cisco TelePresence Video Communication Server VCS Software could allow an authenticated, remote attacker to trigger an HTTP request from an affected server to an arbitrary host. This type of attack ...

5CVSS5.3AI score0.02125EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2019/02/07 9:0 p.m.8 views

CVE-2019-1679 Cisco TelePresence Conductor, Cisco Expressway Series, and Cisco TelePresence Video Communication Server REST API Server-Side Request Forgery Vulnerability

A vulnerability in the web interface of Cisco TelePresence Conductor, Cisco Expressway Series, and Cisco TelePresence Video Communication Server VCS Software could allow an authenticated, remote attacker to trigger an HTTP request from an affected server to an arbitrary host. This type of attack ...

5CVSS7AI score0.02125EPSS
Exploits0References2
CVE
CVE
added 2019/02/07 9:0 p.m.75 views

CVE-2019-1679

Cisco TelePresence Conductor, Cisco Expressway Series, and Cisco TelePresence Video Communication Server (VCS) REST API are affected by CVE-2019-1679 due to insufficient access controls, enabling an authenticated, remote attacker to trigger an HTTP request from the vulnerable server to an arbitra...

5CVSS5.2AI score0.02125EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2019/02/06 12:0 a.m.4 views

PT-2019-1382 · Cisco · Cisco Telepresence Video Communication Server +2

Name of the Vulnerable Software and Affected Versions: Cisco TelePresence Conductor versions prior to XC4.3.4 Cisco Expressway Series versions prior to XC4.3.4 Cisco TelePresence Video Communication Server versions prior to XC4.3.4 Description: The issue is related to insufficient access controls...

5CVSS5.1AI score0.02125EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 1:42 a.m.25 views

Security Bulletin: Vulnerability in Apache Commons FileUpload DiskFileItem File Manipulation affects IBM Spectrum Conductor with Spark 2.2.0 (CVE-2016-1000031)

Summary A security vulnerability relating to remote code execution CVE-2016-1000031 has been reported against Apache Commons FileUpload DiskFileItem File Manipulation, which IBM Spectrum Conductor with Spark 2.2.0 uses as a framework for some services. Commons FileUpload 1.3.3 addresses this...

9.8CVSS0.2AI score0.34731EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 1:42 a.m.47 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Spectrum Conductor with Spark

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition used by IBM Spectrum Conductor with Spark. These issues were disclosed as part of the IBM Java updates in January 2018. Vulnerability Details CVEID: CVE-2018-2579 DESCRIPTION: An unspecified vulnerability in Oracle Ja...

8.3CVSS0.6AI score0.06905EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 1:38 a.m.45 views

Security Bulletin: A vulnerability in Apache Struts 2 affects IBM Spectrum Conductor with Spark (CVE-2017-9787, CVE-2017-9804, and CVE-2017-12611)

Summary Several security vulnerabilities CVE-2017-9787 S2-049 CVE-2017-9804 S2-050 CVE-2017-12611 S2-053 have been reported against Apache Struts 2, which IBM Spectrum Conductor with Spark uses as a framework for its WEBGUI service. Struts 2.3.34 addresses these vulnerabilities and can be applied...

9.8CVSS0.4AI score0.8802EPSS
Exploits28Affected Software1
Cisco
Cisco
added 2017/10/18 4:0 p.m.43 views

Cisco Expressway Series, Cisco TelePresence Video Communication Server, and Cisco TelePresence Conductor REST API Denial of Service Vulnerability

A vulnerability in the cluster database CDB management component of Cisco Expressway Series Software, Cisco TelePresence Video Communication Server VCS Software, and Cisco TelePresence Conductor Software could allow an authenticated, remote attacker to cause the CDB process on an affected system ...

4.3CVSS4.7AI score0.01649EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2015/06/30 12:0 a.m.8 views

The vulnerability of the microprogramming software of the Cisco TelePresence Conductor conference call control device allows a intruder to gain access to the device.

The vulnerability of the control interface for microprogramming-based conference communication devices like Cisco TelePresence Conductor is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow a malicious actor to gain access to the device using a...

10CVSS5.5AI score0.04341EPSS
Exploits0References5
Prion
Prion
added 2015/05/30 2:59 p.m.12 views

Design/Logic Flaw

Cisco Conductor for Videoscape 3.0 and Cisco Headend System Release allow remote attackers to inject arbitrary cookies via a crafted HTTP request, aka Bug ID CSCuh25408...

4.3CVSS7.2AI score0.01818EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2015/05/30 2:0 p.m.15 views

CVE-2015-0747

Cisco Conductor for Videoscape 3.0 and Cisco Headend System Release allow remote attackers to inject arbitrary cookies via a crafted HTTP request, aka Bug ID CSCuh25408...

6.7AI score0.01818EPSS
Exploits0References2
CVE
CVE
added 2015/05/30 2:0 p.m.43 views

CVE-2015-0747

CVE-2015-0747 affects Cisco Conductor for Videoscape 3.0 and Cisco Headend System Release. A remote attacker can inject arbitrary cookies by sending a crafted HTTP request due to improper input validation of an HTTP header, potentially taking control of an HTTP session. Cisco’s advisory confirms ...

4.3CVSS6.9AI score0.01818EPSS
Exploits0References2Affected Software3
Cisco
Cisco
added 2015/05/29 8:9 p.m.23 views

Cisco Conductor for Videoscape and Cisco Headend System Release HTTP Injection Vulnerability

A vulnerability in the Cisco Conductor for Videoscape and Cisco Headend System Releases could allow an unauthenticated, remote attacker to inject arbitrary HTTP cookies via an HTTP request. The vulnerability is due to improper input validation of an HTTP request header. An attacker could exploit...

4.3CVSS6.5AI score0.01818EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2015/03/20 12:0 a.m.39 views

Cisco TelePresence Conductor Login Security Bypass Vulnerability

According to its self-reported version number, the Cisco TelePresence Conductor on the remote host contains an vulnerability due to inadequate validation of parameters passed during the login process. A remote attacker, using a crafted request and knowledge of a valid user name, can bypass...

10CVSS5.6AI score0.04341EPSS
Exploits0References3
Rows per page
Query Builder