Symantec Critical System Protection 8.0 < 8.0 MP2 Authentication Bypass (SYMSA1498)

The version of Symantec Critical System Protection SCSP installed on the remote Windows host is 8.0 prior to 8.0 MP2. It is, therefore, affected by an unspecified authentication bypass vulnerability. C Tenable Network Security, Inc, include"compat.inc"; if description scriptid131765;...

Symantec Critical System Protection (CSP) Authentication Bypass Vulnerability

Symantec Critical System Protection CSP is a set of critical system protection security software from Symantec Symantec. The software includes virus detection, intrusion detection and firewall features. An authentication bypass vulnerability exists in Symantec CSP version 8.0, 8.0 HF1 and 8.0 MP1...

CVE-2019-18374

Symantec Critical System Protection CSP, versions 8.0, 8.0 HF1 & 8.0 MP1, may be susceptible to an authentication bypass vulnerability, which is a type of issue that can potentially allow a threat actor to circumvent existing authentication controls...

Symantec Critical System Protection CVE-2019-18374 Unspecified Authentication Bypass Vulnerability

Description Symantec Critical System Protection is prone to an unspecified authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. Symantec Critical System Protection CSP...

Critical System Protection Authentication Bypass

SUMMARY Symantec has released an update to address an issue that was discovered in the Critical System Protection CSP product. AFFECTED PRODUCTS Critical System Protection CSP --- CVE | Affected Versions | Remediation CVE-2019-18374 | 8.0, 8.0 HF1 & 8.0 MP1 | Upgrade to 8.0 MP1 HF1 ISSUES...

CVE-2019-1863

Cisco IMC Privilege Escalation (CVE-2019-1863) affects the web-based management interface of Cisco Integrated Management Controller. The root cause is insufficient authorization enforcement, allowing an authenticated user with read-only privileges to change critical configurations with administra...

CVE-2019-6616

On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, administrative users with TMSH access can overwrite critical system files on BIG-IP which can result in bypass of whitelist / blacklist restrictions enforced by appliance mode...

CVE-2019-1647 Cisco SD-WAN Solution Unauthorized Access Vulnerability

A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, adjacent attacker to bypass authentication and have direct unauthorized access to other vSmart containers. The vulnerability is due to an insecure default configuration of the affected system. An attacker could exploit thi...

Cisco Digital Network Architecture Center Certification Bypass Vulnerability

Cisco Digital Network Architecture Center DNA Center is a set of digital network architecture solutions from the U.S. company Cisco Cisco. The program can extend and protect devices, applications, etc. within the network. An authentication bypass vulnerability exists in Cisco DNA Center version...

yum-utils: reposync: improper path validation may lead to directory traversal

A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path...

Path traversal

A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path...

CVE-2018-10897

A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path...

CVE-2017-13214

In the hardware HEVC decoder, some media files could cause a page fault. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android...

CVE-2017-13211

In btascanresultscbimpl of btifblescanner.cc, there is possible resource exhaustion if a large number of repeated BLE scan results are received. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not neede...

Hardcoded credentials

In the hardware HEVC decoder, some media files could cause a page fault. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android...

CVE-2017-13193

In ihevcddecode.c there is a possible infinite loop due to bytes for an sps of unsupported resolution resulting in the same sps being fed in over and over. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction i...

Design/Logic Flaw

In ihevcddecode.c there is a possible infinite loop due to bytes for an sps of unsupported resolution resulting in the same sps being fed in over and over. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction i...

Denial of service

In the ihevcddecode function of ihevcddecode.c, there is an infinite loop due to an incomplete frame error. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android...

CVE-2017-13192

In the ihevcdparsesliceheader function of ihevcdparsesliceheader.c a slice address of zero after the first slice could result in an infinite loop. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not...

Design/Logic Flaw

In the ihevcdparsesliceheader function of ihevcdparsesliceheader.c a slice address of zero after the first slice could result in an infinite loop. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not...