Cisco Unified Customer Voice Portal Privilege Permission and Access Control Issues Vulnerability

Cisco Unified Customer Voice Portal CVP is a solution that provides automated Internet Protocol IP-based customer self-service and call routing as a stand-alone Interactive Voice Response IVR system or integrated with a contact center. Operations, Administration, Maintenance and Provisioning OAMP...

Backdoor Vulnerability in FameView Configuration Monitoring System of Beijing Jiezhong Company

FameView configuration software is a high-performance configuration and monitoring software independently developed by Beijing Jiezhong Company based on the Windows operating system with many years of experience in engineering applications and services, providing economical and perfect automation...

F5 Networks BIG-IP : F5 iRules vulnerability (K30215839)

The version of F5 Networks BIG-IP installed on the remote host is prior to 11.6.5.2 / 12.1.5.1 / 13.1.3.2 / 14.0.1.1 / 14.1.2.3 / 15.0.1.3 / 15.1.0. It is, therefore, affected by a vulnerability as referenced in the K30215839 advisory. - On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2,...

F5 BIG-IP Elevation of Privilege Vulnerability

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. An elevation of privilege vulnerability exists in F5 BIG-IP, which can be exploited by an attacker to elevate privileges, modi...

Information disclosure

There is an information leak vulnerability in Huawei smart speaker Myna. When the smart speaker is paired with the cloud through Wi-Fi, the speaker incorrectly processes some data. Attackers can exploit this vulnerability to read and modify specific configurations of speakers through a series of...

CVE-2019-5271

CVE-2019-5271 affects Huawei Myna smart speaker. The vulnerability is an information leak arising when the device is paired with the cloud over Wi‑Fi, where data is mishandled during processing, allowing an attacker to read and modify specific configurations via a sequence of operations. Root cau...

CVE-2019-8125

A remote code execution vulnerability exists in Magento 1 prior to 1.9.x and 1.14.x. An authenticated admin user can modify configuration parameters via crafted support configuration. The modification can lead to remote code execution...

CVE-2008-5916

gitweb/gitweb.perl in gitweb in Git 1.6.x before 1.6.0.6, 1.5.6.x before 1.5.6.6, 1.5.5.x before 1.5.5.6, 1.5.4.x before 1.5.4.7, and other versions after 1.4.3 allows local repository owners to execute arbitrary commands by modifying the diff.external configuration variable and executing a craft...

Cisco IOS XE Software ASIC Register Write Vulnerability

According to its self-reported version, Cisco IOS XE Software is affected by a vulnerability. The vulnerability allows an authenticated, local attacker to write values to the underlying memory of an affected device. The vulnerability is due to improper input validation and authorization of specif...

CVE-2019-12681

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could...

Cisco IOS XE ASIC Register Write Vulnerability

Cisco IOS XE is a set of operating systems developed by Cisco for its network devices. An ASIC register write vulnerability exists in the CLI of Cisco IOS XE. The vulnerability stems from improper input validation and authorization of specific commands that a user can execute in the CLI. An...

CVE-2019-12660

CVE-2019-12660 describes a vulnerability in the CLI of Cisco IOS XE Software where an authenticated, local attacker can write to the device’s memory due to improper input validation and command authorization. The attack could enable modification of the device configuration, leading to an insecure...

CVE-2019-12660 Cisco IOS XE Software ASIC Register Write Vulnerability

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to write values to the underlying memory of an affected device. The vulnerability is due to improper input validation and authorization of specific commands that a user can execute within the CLI. An...

F5 BIG-IP ASM Information Disclosure Vulnerability

F5 BIG-IP ASM is a Web Application Firewall WAF from F5 USA that provides secure remote access, protects email, and simplifies Web access control while enhancing network and application performance. A security vulnerability exists in the F5 BIG-IP ASM. An attacker could exploit the vulnerability ...

F5 BIG-IP and F5 Enterprise Manager Information Disclosure Vulnerability

F5 BIG-IP and F5 Enterprise Manager are both products of F5 Corporation, U.S.A. F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, load balancing, etc. F5 Enterprise Manager is an application delivery platform that provides a...

CVE-2019-6649

CVE-2019-6649 affects F5 BIG-IP (and Enterprise Manager) configurations using non-default ConfigSync settings. Affected versions include BIG-IP 12.1.x, 11.5.x–11.6.x, 13.0.x–13.1.x, 14.0.x, 14.1.x, 15.0.0 and Enterprise Manager 3.1.1. The issue allows exposure of sensitive information and the abi...

OpenSSL Vulnerabilities Oct 2018 - Jul 2019

SUMMARY Symantec Network Protection products using affected versions of OpenSSL are susceptible to multiple vulnerabilities. An attacker can recover DSA, ECDH, and ECDSA private keys through timing side-channel attacks. A remote attacker can also decrypt encrypted ciphertext and modify OpenSSL...

CVE-2019-1912

A vulnerability in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an unauthenticated, remote attacker to upload arbitrary files. The vulnerability is due to incomplete authorization checks in the web management interface. An attacker could exploit this...

CVE-2019-1912 Cisco Small Business 220 Series Smart Switches Authentication Bypass Vulnerability

A vulnerability in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an unauthenticated, remote attacker to upload arbitrary files. The vulnerability is due to incomplete authorization checks in the web management interface. An attacker could exploit this...

Vulnerability fixed in OpenSSL

The developers of OpenSSL have mitigated a vulnerability. The vulnerability consists of some implementations of OpenSSL, the configuration file and possibly executables of OpenSSL can be modified by a local malicious person logged in as a user logged in. The developers indicate that the number of...