CVE-2018-20916

cPanel before 70.0.23 allows Stored XSS via a WHM Edit MX Entry SEC-370...

Cross site scripting

cPanel before 70.0.23 allows Stored XSS via a WHM Edit MX Entry SEC-370...

CVE-2018-20916

cPanel before 70.0.23 allows Stored XSS via a WHM Edit MX Entry SEC-370...

CVE-2018-20916

CVE-2018-20916 affects cPanel prior to 70.0.23. The vulnerability is a Stored XSS in WHM via the Edit MX Entry, caused by lack of proper validation of client-side data in the web application. Impact stated as attacker-controlled scripts executed in the victim’s browser. Remediation: upgrade to 70...

Linux Kernel 4.10 < 5.1.17 - 'PTRACE_TRACEME' pkexec Local Privilege Escalation

// Linux 4.10 // - added known helper paths // - added search for suitable helpers // - added automatic targeting // - changed target suid exectuable from passwd to pkexec // https://github.com/bcoles/kernel-exploits/tree/master/CVE-2019-13272 // --- // Tested on: // - Ubuntu 16.04.5 kernel...

CVE-2019-12502

There is a lack of CSRF countermeasures on MOBOTIX S14 MX-V4.2.1.61 cameras, as demonstrated by adding an admin account via the /admin/access URI...

Cross site request forgery (csrf)

There is a lack of CSRF countermeasures on MOBOTIX S14 MX-V4.2.1.61 cameras, as demonstrated by adding an admin account via the /admin/access URI...

CVE-2019-12502

The CVE-2019-12502 entry concerns MOBOTIX S14 MX-V4.2.1.61 cameras with a lack of CSRF countermeasures, demonstrated by the ability to add an admin account via the /admin/access URI. This is documented across multiple sources (NVD, Red Hat, Nessus plugin, etc.) and indicates a cross-site request ...

CVE-2019-6489

The vulnerability CVE-2019-6489 affects Lexmark devices: CX, MX, X, XC, XM, XS, and 6500e printers. The public description states that, prior to 2019-02-11, remote attackers could erase stored shortcuts, implying an issue with how input is handled by the device. Connected sources align on the sam...

CVE-2019-7674

The CVE concerns MOBOTIX S14 MX-V4.2.1.61 devices where the /admin/access endpoint accepts a request to set the password to a fixed value (the string “aaaaa”). This represents an authentication weakness enabling password change by an authorized or potentially any user, depending on access control...

CVE-2019-7674

An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. /admin/access accepts a request to set the "aaaaa" password, considered insecure for some use cases, from a user...

Juniper Junos MX Malformed Packet - DOS (JSA10900)

Receipt of a malformed packet on MX Series devices with dynamic vlan configuration can trigger an uncontrolled recursion loop in the Broadband Edge subscriber management daemon bbe-smgd, and lead to high CPU usage and a crash of the bbe-smgd service. Repeated receipt of the same packet can result...

CVE-2019-0001

Receipt of a malformed packet on MX Series devices with dynamic vlan configuration can trigger an uncontrolled recursion loop in the Broadband Edge subscriber management daemon bbe-smgd, and lead to high CPU usage and a crash of the bbe-smgd service. Repeated receipt of the same packet can result...

CVE-2019-0001

Receipt of a malformed packet on MX Series devices with dynamic vlan configuration can trigger an uncontrolled recursion loop in the Broadband Edge subscriber management daemon bbe-smgd, and lead to high CPU usage and a crash of the bbe-smgd service. Repeated receipt of the same packet can result...

Design/Logic Flaw

Receipt of a malformed packet on MX Series devices with dynamic vlan configuration can trigger an uncontrolled recursion loop in the Broadband Edge subscriber management daemon bbe-smgd, and lead to high CPU usage and a crash of the bbe-smgd service. Repeated receipt of the same packet can result...

Design/Logic Flaw

A certain crafted HTTP packet can trigger an uninitialized function pointer deference vulnerability in the Packet Forwarding Engine manager fxpc on all EX, QFX and MX Series devices in a Virtual Chassis configuration. This issue can result in a crash of the fxpc daemon or may potentially lead to...

CVE-2019-0001

CVE-2019-0001 affects Juniper Networks Junos OS on MX Series with dynamic VLANs. A malformed packet can trigger an uncontrolled recursion in the Broadband Edge subscriber management daemon (bbe-smgd), causing high CPU and a crash, with repeated packets leading to extended DoS. Affected Junos rele...

CVE-2019-0001 Junos OS: MX Series: uncontrolled recursion and crash in Broadband Edge subscriber management daemon (bbe-smgd).

Receipt of a malformed packet on MX Series devices with dynamic vlan configuration can trigger an uncontrolled recursion loop in the Broadband Edge subscriber management daemon bbe-smgd, and lead to high CPU usage and a crash of the bbe-smgd service. Repeated receipt of the same packet can result...

CVE-2018-0058

Receipt of a specially crafted IPv6 exception packet may be able to trigger a kernel crash vmcore, causing the device to reboot. The issue is specific to the processing of Broadband Edge BBE client route processing on MX Series subscriber management platforms, introduced by the Tomcat Next...

CVE-2018-0058

Receipt of a specially crafted IPv6 exception packet may be able to trigger a kernel crash vmcore, causing the device to reboot. The issue is specific to the processing of Broadband Edge BBE client route processing on MX Series subscriber management platforms, introduced by the Tomcat Next...