CVE-2019-19108

An authentication weakness in the SNMP service in B&R Automation Runtime versions 2.96, 3.00, 3.01, 3.06 to 3.10, 4.00 to 4.63, 4.72 and above allows unauthenticated users to modify the configuration of B&R products via SNMP...

CVE-2019-19108

CVE-2019-19108 describes an authentication weakness in the SNMP service affecting B&R Automation Runtime (and Automation Studio) versions 2.96, 3.00, 3.01, 3.06–3.10, 4.00–4.63, 4.72 and above. The vulnerability allows unauthenticated users to modify device configuration via SNMP, with CVSS v3 ba...

CVE-2020-3261

A vulnerability in the web-based management interface of Cisco Mobility Express Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based managemen...

CVE-2020-3261

A vulnerability in the web-based management interface of Cisco Mobility Express Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based managemen...

CVE-2020-1630

A privilege escalation vulnerability in Juniper Networks Junos OS devices configured with dual Routing Engines RE, Virtual Chassis VC or high-availability cluster may allow a local authenticated low-privileged user with access to the shell to perform unauthorized configuration modification. This...

Privilege escalation

A privilege escalation vulnerability in Juniper Networks Junos OS devices configured with dual Routing Engines RE, Virtual Chassis VC or high-availability cluster may allow a local authenticated low-privileged user with access to the shell to perform unauthorized configuration modification. This...

ICSA-20-051-01_B&R Automation Studio and Automation Runtime

1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: B&R Industrial Automation GmbH Equipment: Automation Studio and Automation Runtime Vulnerability: Improper Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability may allow a...

PT-2020-10167 · Postgresql +1 · Postgresql +1

Name of the Vulnerable Software and Affected Versions: ManageEngine Applications Manager version 14 with Build 14360 Description: An issue was discovered in the integrated PostgreSQL component of ManageEngine Applications Manager, where a lack of file permission security allows malicious users in...

Cisco Unified Customer Voice Portal Privilege Permission and Access Control Issues Vulnerability

Cisco Unified Customer Voice Portal CVP is a solution that provides automated Internet Protocol IP-based customer self-service and call routing as a stand-alone Interactive Voice Response IVR system or integrated with a contact center. Operations, Administration, Maintenance and Provisioning OAMP...

Backdoor Vulnerability in FameView Configuration Monitoring System of Beijing Jiezhong Company

FameView configuration software is a high-performance configuration and monitoring software independently developed by Beijing Jiezhong Company based on the Windows operating system with many years of experience in engineering applications and services, providing economical and perfect automation...

F5 Networks BIG-IP : F5 iRules vulnerability (K30215839)

The version of F5 Networks BIG-IP installed on the remote host is prior to 11.6.5.2 / 12.1.5.1 / 13.1.3.2 / 14.0.1.1 / 14.1.2.3 / 15.0.1.3 / 15.1.0. It is, therefore, affected by a vulnerability as referenced in the K30215839 advisory. - On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2,...

F5 BIG-IP Elevation of Privilege Vulnerability

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. An elevation of privilege vulnerability exists in F5 BIG-IP, which can be exploited by an attacker to elevate privileges, modi...

Information disclosure

There is an information leak vulnerability in Huawei smart speaker Myna. When the smart speaker is paired with the cloud through Wi-Fi, the speaker incorrectly processes some data. Attackers can exploit this vulnerability to read and modify specific configurations of speakers through a series of...

CVE-2019-5271

CVE-2019-5271 affects Huawei Myna smart speaker. The vulnerability is an information leak arising when the device is paired with the cloud over Wi‑Fi, where data is mishandled during processing, allowing an attacker to read and modify specific configurations via a sequence of operations. Root cau...

CVE-2019-8125

A remote code execution vulnerability exists in Magento 1 prior to 1.9.x and 1.14.x. An authenticated admin user can modify configuration parameters via crafted support configuration. The modification can lead to remote code execution...

CVE-2008-5916

gitweb/gitweb.perl in gitweb in Git 1.6.x before 1.6.0.6, 1.5.6.x before 1.5.6.6, 1.5.5.x before 1.5.5.6, 1.5.4.x before 1.5.4.7, and other versions after 1.4.3 allows local repository owners to execute arbitrary commands by modifying the diff.external configuration variable and executing a craft...

Cisco IOS XE Software ASIC Register Write Vulnerability

According to its self-reported version, Cisco IOS XE Software is affected by a vulnerability. The vulnerability allows an authenticated, local attacker to write values to the underlying memory of an affected device. The vulnerability is due to improper input validation and authorization of specif...

CVE-2019-12681

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could...

Cisco IOS XE ASIC Register Write Vulnerability

Cisco IOS XE is a set of operating systems developed by Cisco for its network devices. An ASIC register write vulnerability exists in the CLI of Cisco IOS XE. The vulnerability stems from improper input validation and authorization of specific commands that a user can execute in the CLI. An...

CVE-2019-12660 Cisco IOS XE Software ASIC Register Write Vulnerability

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to write values to the underlying memory of an affected device. The vulnerability is due to improper input validation and authorization of specific commands that a user can execute within the CLI. An...