MariaDB 10.0.0 < 10.0.15 Multiple Vulnerabilities

The version of MariaDB installed on the remote host is prior to 10.0.15. It is, therefore, affected by multiple vulnerabilities as referenced in the 10.0.15 advisory. - Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect...

CVE-2019-12623

A vulnerability in the web server functionality of Cisco Enterprise Network Functions Virtualization Infrastructure Software NFVIS could allow an authenticated, remote attacker to perform file enumeration on an affected system. The vulnerability is due to the web server responding with different...

CVE-2019-14362

Openbravo ERP prior to 3.0PR19Q1.3 is affected by a Directory Traversal vulnerability. The issue allows remote authenticated attackers to replace a file on the server via the getAttachmentDirectoryForNewAttachment inpKey value. Affected component is Openbravo ERP (web application) with directory ...

CVE-2019-2799

Vulnerability in the Oracle ODBC Driver component of Oracle Database Server PRIVILEGE CANNOT BE NONE FOR AUTHENTICATED ATTACKS. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Difficult to exploit vulnerability allows low privileged attacker having None privilege wi...

CVE-2018-16117

Sophos XG firewall  Admin Portal (17.0.8 MR-8) contains a shell escape vulnerability in /webconsole/Controller where the POST parameter dbName can be tainted with shell metacharacters. An authenticated remote attacker can execute arbitrary OS commands on the device. The CVE is CVE-2018-16117; CV...

CVE-2019-1818

A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network EPN Manager software could allow an authenticated, remote attacker to download and view files within the application that should be restricted. This vulnerability is due to...

Oracle VM VirtualBox 5.2.x < 5.2.28 / 6.0.x < 6.0.6 (Apr 2019 CPU)

The version of Oracle VM VirtualBox running on the remote host is 5.2.x prior to 5.2.28 or 6.0.x prior to 6.0.6. It is, therefore, affected by multiple vulnerabilities as noted in the April 2019 Critical Patch Update advisory : - Multiple unspecified vulnerabilities in the Core component of Oracl...

Cross site scripting

A stored XSS vulnerability exists in the web interface on D-Link DSL-3782 devices with firmware 1.01 that allows authenticated attackers to inject a JavaScript or HTML payload inside the ACL page. The injected payload would be executed in a user's browser when "/cgi-bin/NewGUI/Acl.asp" is request...

CVE-2018-17989

CVE-2018-17989 affects D-Link DSL-3782 devices (firmware 1.01). A stored XSS vulnerability exists in the device’s web interface, allowing an authenticated attacker to inject a JavaScript/HTML payload into the ACL page. The payload executes when the browser requests "/cgi-bin/New_GUI/Acl.asp". Acc...

CVE-2019-1698

A vulnerability in the web-based user interface of Cisco Internet of Things Field Network Director IoT-FND Software could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External...

UBUNTU-CVE-2018-18065

setkey in agent/helpers/tablecontainer.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service...

CVE-2018-17013

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services e.g., inetd, HTTP, DNS, and UPnP via long JSON data for protocol wan wanrate...

Design/Logic Flaw

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services e.g., inetd, HTTP, DNS, and UPnP via long JSON data for protocol wan wanrate...

CVE-2018-17005

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services e.g., inetd, HTTP, DNS, and UPnP via long JSON data for firewall dmz enable...

CVE-2018-17006

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services e.g., inetd, HTTP, DNS, and UPnP via long JSON data for firewall lanmanage mac2...

CVE-2018-17013

TP-Link TL-WR886N devices (versions 6.0 2.3.4 and 7.0 1.1.0) are affected by a Denial of Service flaw where authenticated attackers can crash router services (inetd, HTTP, DNS, UPnP) by sending long JSON data to the protocol wan wan_rate. The issue arises in the handling of the wan_rate field, ac...

CVE-2018-17004

CVE-2018-17004 affects TP-Link TL-WR886N devices, specifically version 6.0 2.3.4 and 7.0 1.1.0. The issue allows authenticated attackers to crash router services (inetd, HTTP, DNS, UPnP) by sending long JSON data for the wlan_access name. This can impact availability of router services (as indica...

CVE-2018-17012

The CVE-2018-17012 issue affects TP-Link TL-WR886N devices (firmware versions 6.0 2.3.4 and 7.0 1.1.0). The root cause involves processing of long JSON data for hosts_info set_block_flag up_limit, which can cause authenticated attackers to crash router services such as inetd, HTTP, DNS, and UPnP....

CVE-2018-17007

CVE-2018-17007 affects TP-Link TL-WR886N devices (versions 6.0 2.3.4 and 7.0 1.1.0). Authenticated attackers can crash router services (inetd, HTTP, DNS, UPnP) by sending unusually long JSON data to the wireless wlan_wds_2g SSID. CVSS data from NVD indicates Network attack, Low complexity, Privil...

CVE-2018-17018

CVE-2018-17018 affects TP-Link TL-WR886N devices (versions 6.0 2.3.4 and 7.0 1.1.0). Authenticated attackers can crash router services (inetd, HTTP, DNS, UPnP) by sending long JSON data for the time_switch name. The impact described is partial availability loss of those services. The available so...