The vulnerability of the software-defined Cisco SD-WAN web interface, related to authentication process errors, allows a perpetrator to escalate their privileges.

The vulnerability of the software-defined Cisco SD-WAN Web UI is related to authentication process errors. Exploiting this vulnerability can allow a malicious actor to increase their privileges by sending specially crafted HTTP requests...

CVE-2019-1626

A vulnerability in the vManage web-based UI Web UI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to gain elevated privileges on an affected vManage device. The vulnerability is due to a failure to properly authorize certain user actions in the device configuration. An...

Cisco SD-WAN Solution Privilege Permission and Access Control Issues Vulnerability (CNVD-2019-25711)

Cisco SD-WAN Solution is a suite of network extension solutions from Cisco. the CLI is a command line interface. A privilege-granting and access control issue vulnerability exists in the CLI in Cisco SD-WAN Solution versions 18.3.6, 18.4.1, and 19.1.0, which can be exploited by a local attacker t...

CVE-2019-6582

A vulnerability has been identified in Siveillance VMS 2017 R2 All versions V11.2a, Siveillance VMS 2018 R1 All versions V12.1a, Siveillance VMS 2018 R2 All versions V12.2a, Siveillance VMS 2018 R3 All versions V12.3a, Siveillance VMS 2019 R1 All versions V13.1a. An attacker with network access t...

CVE-2019-6582

A vulnerability has been identified in Siveillance VMS 2017 R2 All versions V11.2a, Siveillance VMS 2018 R1 All versions V12.1a, Siveillance VMS 2018 R2 All versions V12.2a, Siveillance VMS 2018 R3 All versions V12.3a, Siveillance VMS 2019 R1 All versions V13.1a. An attacker with network access t...

Authorization

A vulnerability has been identified in Siveillance VMS 2017 R2 All versions V11.2a, Siveillance VMS 2018 R1 All versions V12.1a, Siveillance VMS 2018 R2 All versions V12.2a, Siveillance VMS 2018 R3 All versions V12.3a, Siveillance VMS 2019 R1 All versions V13.1a. An attacker with network access t...

Exposure of Sensitive Information to an Unauthorized Actor and SQL Injection in Spring Data JPA

This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Derived queries using any of the predicates ?startingWith?, ?endingWith? or ?containing? could return more results than anticipated when a maliciously crafted query parameter value is supplied. Also, LIKE...

GHSA-JGMR-WRWX-MGFJ Exposure of Sensitive Information to an Unauthorized Actor and SQL Injection in Spring Data JPA

This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Derived queries using any of the predicates ?startingWith?, ?endingWith? or ?containing? could return more results than anticipated when a maliciously crafted query parameter value is supplied. Also, LIKE...

Schweitzer Engineering Laboratories Software-Defined Network Switch Detection

Binary data 755350.prm...

CVE-2019-6493

SmartDefragDriver.sys 2.0 in IObit Smart Defrag 6 never frees an executable kernel pool that is allocated with user defined bytes and size when IOCTL 0x9C401CC0 is called. This kernel pointer can be leaked if the kernel pool becomes a "big" pool...

CVE-2019-6493

SmartDefragDriver.sys 2.0 in IObit Smart Defrag 6 never frees an executable kernel pool that is allocated with user defined bytes and size when IOCTL 0x9C401CC0 is called. This kernel pointer can be leaked if the kernel pool becomes a "big" pool...

Moderate: Red Hat Security Advisory: Red Hat Ceph Storage 2.5 security and bug fix update

An update for ceph and grafana is now available for Red Hat Ceph Storage 2.5 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

The vulnerability of the Command Line Interface (CLI) of Cisco SD-WAN-enabled software-defined networks allows attackers to elevate their privileges and modify device configuration files.

The vulnerability of the Command Line Interface CLI of Cisco SD-WAN software-defined networks is related to access control violations. Exploiting this vulnerability can allow attackers to enhance their privileges and modify device configuration files by sending specially crafted commands to the...

The vulnerability of the programmatically defined Cisco SD-WAN network, related to lack of access control, allows a hacker to bypass authentication procedures and gain access to system files.

The vulnerability of the programmatically defined Cisco SD-WAN network is related to lack of access control. Exploiting this vulnerability could allow a attacker to bypass authentication procedures and gain access to system files...

Policy Compliance Adds UDC Support for Cloud Agent

Qualys is extending the Cloud Agent capabilities for users of the Policy Compliance PC application by letting them define controls. Until now, the Cloud Agent could only assess Qualys PC’s “out of the box” controls. By adding support for user defined controls UDC, Qualys PC users now can use Clou...

MySQL User-Defined (Linux) x32 / x86_64 sys_exec Privilege Escalation

Exploit Title: MySQL User-Defined Linux x32 / x8664 sysexec function local privilege escalation exploit Date: 24/01/2019 Exploit Author: d7x Vendor Homepage: https://www.mysql.com Software Link: www.mysql.com Version: MySQL 4.x/5.x Tested on: Debian GNU/Linux 8.11 / mysql Ver 14.14 Distrib 5.5.60...

MySQL User-Defined (Linux) (x32x86_64) - sys_exec Local Privilege Escalation

MySQL User-Defined Linux x32x8664 - sysexec Local Privilege Escalation Exploit Title: MySQL User-Defined Linux x32 / x8664 sysexec function local privilege escalation exploit Date: 24/01/2019 Exploit Author: d7x Vendor Homepage: https://www.mysql.com Software Link: www.mysql.com Version: MySQL...

MySQL User-Defined (Linux) x32 / x86_64 - sys_exec Function Local Privilege Escalation Exploit

Exploit for linux platform in category local exploits Exploit Title: MySQL User-Defined Linux x32 / x8664 sysexec function local privilege escalation exploit Date: 24/01/2019 Exploit Author: d7x Vendor Homepage: https://www.mysql.com Software Link: www.mysql.com Version: MySQL 4.x/5.x Tested on:...

The vulnerability of the vContainer component in the programmatically defined Cisco SD-WAN network allows a attacker to trigger a service failure or execute arbitrary code with root privileges.

The vulnerability of the vContainer component in the programmatically defined Cisco SD-WAN network is caused by buffer overflow. Exploiting this vulnerability can allow a malicious actor to cause service failures or execute arbitrary code with root privileges by sending a specially crafted file...

Cisco SD-WAN Solution Privilege Permission and Access Control Vulnerability

Cisco vBond Orchestrator Software and other products are from Cisco. cisco vBond Orchestrator Software is a set of security network extension management software. vEdge 100 Series Routers is a 100 series router product. SD-WAN Solution is a set of network extension solution running in it. A...