CVE-2019-12660

CVE-2019-12660 describes a vulnerability in the CLI of Cisco IOS XE Software where an authenticated, local attacker can write to the device’s memory due to improper input validation and command authorization. The attack could enable modification of the device configuration, leading to an insecure...

F5 BIG-IP ASM Information Disclosure Vulnerability

F5 BIG-IP ASM is a Web Application Firewall WAF from F5 USA that provides secure remote access, protects email, and simplifies Web access control while enhancing network and application performance. A security vulnerability exists in the F5 BIG-IP ASM. An attacker could exploit the vulnerability ...

F5 BIG-IP and F5 Enterprise Manager Information Disclosure Vulnerability

F5 BIG-IP and F5 Enterprise Manager are both products of F5 Corporation, U.S.A. F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, load balancing, etc. F5 Enterprise Manager is an application delivery platform that provides a...

CVE-2019-6649

CVE-2019-6649 affects F5 BIG-IP (and Enterprise Manager) configurations using non-default ConfigSync settings. Affected versions include BIG-IP 12.1.x, 11.5.x–11.6.x, 13.0.x–13.1.x, 14.0.x, 14.1.x, 15.0.0 and Enterprise Manager 3.1.1. The issue allows exposure of sensitive information and the abi...

OpenSSL Vulnerabilities Oct 2018 - Jul 2019

SUMMARY Symantec Network Protection products using affected versions of OpenSSL are susceptible to multiple vulnerabilities. An attacker can recover DSA, ECDH, and ECDSA private keys through timing side-channel attacks. A remote attacker can also decrypt encrypted ciphertext and modify OpenSSL...

CVE-2019-1912

A vulnerability in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an unauthenticated, remote attacker to upload arbitrary files. The vulnerability is due to incomplete authorization checks in the web management interface. An attacker could exploit this...

CVE-2019-1912 Cisco Small Business 220 Series Smart Switches Authentication Bypass Vulnerability

A vulnerability in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an unauthenticated, remote attacker to upload arbitrary files. The vulnerability is due to incomplete authorization checks in the web management interface. An attacker could exploit this...

Vulnerability fixed in OpenSSL

The developers of OpenSSL have mitigated a vulnerability. The vulnerability consists of some implementations of OpenSSL, the configuration file and possibly executables of OpenSSL can be modified by a local malicious person logged in as a user logged in. The developers indicate that the number of...

Cisco SD-WAN Solution Privilege Permission and Access Control Issues Vulnerability

Cisco SD-WAN Solution is a set of network extension solutions from Cisco. A privilege-granting and access-control issue vulnerability exists in Cisco SD-WAN Solution versions prior to 18.4.0, which stems from the program failing to properly authorize user actions. A remote attacker can exploit th...

CVE-2019-11892

A potential improper access control vulnerability exists in the JSON-RPC interface of the Bosch Smart Home Controller SHC before 9.8.905 that may result in reading or modification of the SHC's configuration or triggering and restoring backups. In order to exploit the vulnerability, the adversary...

CVE-2017-17544

CVE-2017-17544 describes a privilege-escalation in Fortinet FortiOS where authenticated admin users can elevate themselves to super_admin by restoring a modified configuration. Affected FortiOS versions include 6.0.0–6.0.6, 5.6.0–5.6.10, and 5.4 and earlier. Connected sources corroborate that the...

PT-2019-16966 · Ibm · Ibm Qradar Siem

Name of the Vulnerable Software and Affected Versions: IBM QRadar SIEM version 7.3.2 Description: The issue allows a user to bypass authentication, exposing certain functionality. This could lead to information disclosure or modification of application configuration. Recommendations: For IBM QRad...

Cobham Satcom Sailor 800 and 900 Access Control Error Vulnerabilities

The Cobham Satcom Sailor 800 and Cobham Satcom Sailor 900 are both shipboard maritime satellite broadband terminals from Cobham UK. An access control error vulnerability exists in the Cobham Satcom Sailor 800 and 900. A remote attacker could exploit this vulnerability to write to the system's...

The vulnerability of Cisco Meraki network device’s microprogramming software, related to deficiencies in access control, allows attackers to modify configuration files.

The vulnerability of Cisco Meraki network devices’ microprogramming software is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to modify configuration files remotely...

Multiple RICOH Interactive Whiteboard Products Restricted Lifting Vulnerability

RICOH Interactive Whiteboard D2200 and others are multifunction printer devices from Ricoh, Japan. A security vulnerability exists in multiple RICOH Interactive Whiteboard products. The vulnerability can be exploited by an attacker to log in to the administrator settings page and modify the...

Authentication flaw

The SV3C HD Camera L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B is affected by an improper authentication vulnerability that allows requests to be made to back-end CGI scripts without a valid session. This vulnerability could be used to read and modify the...

Martem TELEM GW6/GWM Privilege Vulnerability

Martem TELEM GW6/GWM are both data processor products of Martem Estonia. A security vulnerability exists in previous versions of Martem TELEM GW6/GWM 2.0.87-4018403-k4. An attacker can exploit the vulnerability by connecting to the RTU using default credentials to modify/upload new system...

CVE-2018-13800

A vulnerability has been identified in SIMATIC S7-1200 CPU family version 4 All versions V4.2.3. The web interface could allow a Cross-Site Request Forgery CSRF attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by a...

CVE-2018-0453

A vulnerability in the Sourcefire tunnel control channel protocol in Cisco Firepower System Software running on Cisco Firepower Threat Defense FTD sensors could allow an authenticated, local attacker to execute specific CLI commands with root privileges on the Cisco Firepower Management Center FM...

JVN#00344155: Multiple vulnerabilities in Denbun

Denbun provided by NEOJAPAN Inc. is a WebMail System. Denbun contains multiple vulnerabilities listed below. Hard-coded credentials for user account CWE-798 - CVE-2018-0680 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H| Base Score: 9.8 CVSS v2|...