CVE-2019-10657

Grandstream GWN7000 (pre-1.0.6.32) and GWN7610 (pre-1.0.8.18) are affected by CVE-2019-10657. Remote authenticated users can disclose passwords via a /ubus/uci.apply config request, enabling potential information disclosure. Root cause details are not fully elaborated in the provided documents. A...

Design/Logic Flaw

An issue was discovered in flatCore 1.4.7. acp/acp.php allows remote authenticated administrators to upload arbitrary .php files, related to the addons feature...

PT-2019-11970 · Grandstream · Grandstream Gwn7000 +1

Name of the Vulnerable Software and Affected Versions: Grandstream GWN7000 versions prior to 1.0.6.32 Grandstream GWN7610 versions prior to 1.0.8.18 Description: The issue allows remote authenticated users to discover passwords via a "/ubus/uci.apply" config request. This could potentially lead t...

PT-2019-11975 · Grandstream · Grandstream Ucm6204

Name of the Vulnerable Software and Affected Versions: Grandstream UCM6204 version 1.0.19.20 and earlier Description: The issue allows remote authenticated users to execute arbitrary code via shell metacharacters in the file-backup parameter to the "/cgi" API endpoint. Recommendations: For...

CVE-2019-7251

An Integer Signedness issue for a return code in the respjsipsdprtp module in Digium Asterisk versions 15.7.1 and earlier and 16.1.1 and earlier allows remote authenticated users to crash Asterisk via a specially crafted SDP protocol violation...

openSUSE Security Update : salt (openSUSE-2019-1019)

This update for salt fixes the following issues : Security issues fixed : - CVE-2018-15750: Fixed directory traversal vulnerability in salt-api bsc1113698. - CVE-2018-15751: Fixed remote authentication bypass in salt-apinetapi that allows to execute arbitrary commands bsc1113699. Non-security...

CVE-2019-10014

In DedeCMS 5.7SP2, member/resetpassword.php allows remote authenticated users to reset the passwords of arbitrary users via a modified id parameter, because the key parameter is not properly validated...

CVE-2015-3965

Hospira Symbiq Infusion System 3.13 and earlier allows remote authenticated users to trigger "unanticipated operations" by leveraging "elevated privileges" for an unspecified call to an incorrectly exposed function...

CVE-2018-15906

SolarWinds Serv-U FTP Server 15.1.6 allows remote authenticated users to execute arbitrary code by leveraging the Import feature and modifying a CSV file...

CVE-2019-6600

In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8, when remote authentication is enabled for administrative users and all external users are granted the "guest" role, unsanitized values can be reflected to the client via the login page. This can lead t...

CVE-2019-6600

In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8, when remote authentication is enabled for administrative users and all external users are granted the "guest" role, unsanitized values can be reflected to the client via the login page. This can lead t...

Cross site scripting

In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8, when remote authentication is enabled for administrative users and all external users are granted the "guest" role, unsanitized values can be reflected to the client via the login page. This can lead t...

CVE-2019-6600

In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8, when remote authentication is enabled for administrative users and all external users are granted the "guest" role, unsanitized values can be reflected to the client via the login page. This can lead t...

F5 Networks BIG-IP : BIG-IP Configuration utility vulnerability (K23734425)

When remote authentication is enabled for administrative users and all external users are granted the guest role, unsanitized values can be reflected to the client via the login page. This can lead to a cross-site scripting attack against unauthenticated clients. CVE-2019-6600 Impact BIG-IP This...

CVE-2019-3784 Cloud Foundry Stratos contains a Session Collision Vulnerability

Cloud Foundry Stratos, versions prior to 2.3.0, contains an insecure session that can be spoofed. When deployed on cloud foundry with multiple instances using the default embedded SQLite database, a remote authenticated malicious user can switch sessions to another user with the same session id...

CVE-2019-3775

Cloud Foundry UAA, versions prior to v70.0, allows a user to update their own email address. A remote authenticated user can impersonate a different user by changing their email address to that of a different user...

CVE-2018-20238

Various rest resources in Atlassian Crowd before version 3.2.7 and from version 3.3.0 before version 3.3.4 allow remote attackers to authenticate using an expired user session via an insufficient session expiration vulnerability...

CVE-2018-5498

Clustered Data ONTAP versions 9.0 through 9.4 are susceptible to a vulnerability which allows remote authenticated attackers to cause a Denial of Service DoS in NFS and SMB environments. Exploitation of this vulnerability will allow a remote authenticated attacker to cause a Denial of Service DoS...

Information Disclosure

openstack-nova is vulnerable to information disclosure attacks. The vulnerability exists as OpenStack Compute Nova before 2013.1.3 and Havana before havana-2 does not properly enforce the os-flavor-access:ispublic property, which allows remote authenticated users to obtain sensitive information...

CVE-2018-15458

A vulnerability in the Shell Access Filter feature of Cisco Firepower Management Center FMC, when used in conjunction with remote authentication, could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service DoS condition. The vulnerability occur...