FreeIPA CVE-2019-10195 Information Disclosure Vulnerability

Description FreeIPA is prone to a information-disclosure vulnerability. The attackers can exploit this issue to obtain sensitive information that may lead to further attacks. FreeIPA version 4.6.x through and prior to 4.6.7, 4.7.x through and prior to4.7.4 and 4.8.x through and prior to 4.8.3 are...

ABB Relion 650 and 670 Series CVE-2019-18247 Denial Of Service Vulnerability

Description ABB Relion 650 and 670 Series are prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause a device to reboot, denying service to legitimate users. The following versions of ABB Relion series are vulnerable: ABB Relion 650 series versions 1.3.0.5 and prior...

Multiple Dell Products DSA-2019-164 Multiple Security Vulnerabilities

Description Multiple Dell products are prone to the following vulnerabilities: 1. A cross-site scripting vulnerability 2. An authentication-bypass vulnerability 3. A session fixation vulnerability An attacker may leverage these issues to execute arbitrary script code in the browser of the victim...

FreeIPA CVE-2019-14867 Denial of Service Vulnerability

Description FreeIPA is prone to a denial-of-service vulnerability. Attackers can exploit this issue to execute arbitrary code or crash the affected application, denying service to legitimate users. FreeIPA versions 4.6 prior to 4.6.7, versions 4.7 prior to 4.7.4 and versions 4.8 prior to 4.8.3 ar...

IBM Case Manager CVE-2019-4426 Cross Site Scripting Vulnerability

Description IBM Case Manager is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the...

Siemens Polarion Multiple Cross Site Scripting and HTML Injection Vulnerabilities

Description Siemens Polarion is prone to multiple cross-site scripting vulnerabilities and an HTML-injection vulnerability. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based...

Multiple QNAP Products NAS-201911-25 Multiple Security Vulnerabilities

Description Multiple QNAP products are prone to multiple security vulnerabilities. An attacker can exploit these issues to gain unauthorized access to the affected device, inject and execute arbitrary code and read or write arbitrary files on the device. Technologies Affected Qnap Photo Station...

Linux Kernel CVE-2019-19241 Privilege Escalation Vulnerability

Description Linux Kernel is prone to a privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges. Linux Kernel version 5.3 is vulnerable; other versions may also be affected. Technologies Affected Linux kernel 5.3 Recommendations Permit local access for...

Dell EMC RSA Authentication Manager CVE-2019-18574 HTML Injection Vulnerability

Description Dell EMC RSA Authentication Manager is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based...

IBM Sterling B2B Integrator CVE-2019-4387 SQL Injection Vulnerability

Description IBM Sterling B2B Integrator is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying...

Kaspersky Protection extension for Google Chrome CVE-2019-15684 Unauthorized Access Vulnerability

Description Kaspersky Protection extension for Google Chrome is prone to an unauthorized-access vulnerability. Attackers can exploit this issue to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. Kaspersky Protection extension for Google Chrome versions...

Fortinet FortiGate CVE-2019-6697 HTML Injection Vulnerability

Description Fortinet FortiGate is prone to an HTML injection vulnerability because it fails to sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based...

Multiple Kaspersky Products Multiple Security Vulnerabilities

Description Multiple Kaspersky Products are prone to the following security vulnerabilities: 1. Multiple arbitrary command-execution vulnerabilities 2. An information-disclosure vulnerability 3. A security-bypass vulnerability An attacker can exploit these issues to execute arbitrary commands,...

Symantec Critical System Protection CVE-2019-18374 Unspecified Authentication Bypass Vulnerability

Description Symantec Critical System Protection is prone to an unspecified authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. Symantec Critical System Protection CSP...

DotNetNuke Unauthorized Access Vulnerability

Description DotNetNuke is prone to an unauthorized-access vulnerability. Attackers can exploit this issue to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. DotNetNuke versions 7.0.0 through 9.3.2 are vulnerable. Technologies Affected DotNetNuke...

Linux Kernel 'marvell/mwifiex/tdls.c' Local Heap Buffer Overflow Vulnerability

Description Linux Kernel is prone to a local heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker can exploit this issue to cause a denial-of-service condition or to execute...

Linux Kernel Multiple Heap Buffer Overflow Vulnerabilities

Description Linux Kernel is prone to multiple heap-based buffer-overflow vulnerabilities because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Attackers can exploit these issues to execute arbitrary code within the context of the...

Multiple Pivotal RabbitMQ Products CVE-2019-11291 Cross Site Scripting Vulnerability

Description Multiple Pivotal RabbitMQ products are prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected...

Pivotal RabbitMQ CVE-2019-11287 Remote Denial of Service Vulnerability

Description Pivotal RabbitMQ is prone to a remote denial-of-service vulnerability because it fails to sufficiently bounds check user supplied data. Attackers can exploit this issue to crash the affected application, denying service to legitimate users. Technologies Affected Pivotal RabbitMQ for P...

Linux Kernel CVE-2019-19227 Null Pointer Dereference Multiple Denial of Service Vulnerabilities

Description Linux Kernel is prone to multiple denial-of-service vulnerabilities. Attackers can exploit these issues to cause denial-of-service conditions. Linux Kernel versions prior to 5.1 are vulnerable. Technologies Affected Linux kernel 3.0 Linux kernel 3.0-rc1 Linux kernel 3.0.1 Linux kernel...

SQLite CVE-2019-19317 Denial of Service Vulnerability

Description SQLite is prone to a denial of service vulnerability. Attackers can exploit this issue to cause denial-of-service conditions. SQLite 3.30.1 is vulnerable; other versions may also be affected. Technologies Affected SQLite SQLite 3.30.1 Recommendations Block external access at the netwo...

Dell EMC SMR CVE-2019-18580 Deserialization Remote Code Execution Vulnerability

Description Dell EMC Storage Monitoring and Reporting SMR is prone to a remote-code execution vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions. Dell...

Joomla! Core Multiple SQL Injection and Information Disclosure Vulnerabilities

Description Joomla! Core is prone to an information-disclosure vulnerability and SQL-injection vulnerability. An attacker can exploit these issues to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database and gain access to sensitive...

phpMyAdmin CVE-2019-19617 Multiple Information Disclosure Vulnerabilities

Description phpMyAdmin is prone to multiple information-disclosure vulnerabilities. An attacker can exploit these issues to gain access to sensitive information that may aid in further attacks. Versions prior to phpMyAdmin 4.9.2 are vulnerable. Technologies Affected phpMyAdmin phpMyAdmin 4.7.7...

IBM Spectrum Protect CVE-2019-4406 Local Denial of Service Vulnerability

Description IBM Spectrum Protect is prone to local denial-of-service vulnerability. Successful exploits will allow local attackers to cause a denial-of-service conditions. Technologies Affected IBM Spectrum Protect 7.1.0.0 IBM Spectrum Protect 7.1.6.6 IBM Spectrum Protect 7.1.6.7 IBM Spectrum...

Asterisk Open Source CVE-2019-18976 Denial of Service Vulnerability

Description Asterisk Open Source is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to crash the application, resulting in a denial-of-service condition. Technologies Affected Asterisk Certified Asterisk 13.21 Asterisk Certified Asterisk 13.21-cert Asterisk...

Multiple Cloud Foundry Products CVE-2019-11290 Information Disclosure Vulnerability

Description Multiple Cloud Foundry Products are prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. The following products are affected: Cloud Foundry UAA versions prior to 74.8.0 Cloud Found...

Multiple Jenkins Plugins Multiple Security Vulnerabilities

...

Asterisk Manager Interface CVE-2019-18610 Arbitrary Command Execution Vulnerability

Description Asterisk Manager Interface is prone to an arbitrary command-execution vulnerability. An attacker can exploit this issue to execute arbitrary system command on the affected system. This may aid in further attacks. The following Asterisk products are affected: Asterisk Open Source...

Multiple Asterisk Products CVE-2019-18790 Authorization Bypass Vulnerability

Description Multiple Asterisk Products are prone to an authorization-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. The following products are affected: Versions prior to...

Linux Kernel CVE-2019-14898 Incomplete Fix Local Race Condition Vulnerability

Description The Linux Kernel is prone to a local race-condition vulnerability. An attacker can exploit this issue to obtain sensitive information and cause a denial-of-service condition. This may lead to other attacks. Technologies Affected Linux kernel 2.6.38 Linux kernel 2.6.38.2 Linux kernel...

Multiple Fortinet Products CVE-2018-9195 Hardcoded Cryptographic Key Vulnerability

Description Multiple Fortinet products are prone to a hard-coded cryptographic key vulnerability. An attacker can exploit this issue to perform man-in-the-middle attacks and obtain sensitive information. Successful exploits will lead to other attacks. The following Fortinet products are affected:...

Cisco SD-WAN Solution CVE-2019-16002 Cross Site Request Forgery Vulnerability

Description Cisco SD-WAN Solution is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. This issue is being tracked by Cisco Bu...

Cisco Webex Teams for Windows CVE-2019-16001 DLL Loading Arbitrary Code Execution Vulnerability

Description Cisco Webex Teams for Windows is prone to a local arbitrary code-execution vulnerability. A local attacker can leverage this issue to execute arbitrary code. Failed exploit attempts will result in a denial of service condition. This issue is being tracked by Cisco Bug ID CSCvq87642...

Cisco Email Security Appliance CVE-2019-15988 Remote Security Bypass Vulnerability

Description Cisco Email Security Appliance is prone to a remote security-bypass vulnerability. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCvq09347. Technologies...

Cisco Small Business RV Series Routers CVE-2019-15990 Information Disclosure Vulnerability

Description Cisco Small Business RV Series Routers are prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCvq76840. Technologies Affected Cisco RV016...

McAfee Client Proxy CVE-2019-3654 Local Authentication Bypass Vulnerability

Description McAfee Client Proxy is prone to a local authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism. This may aid in further attacks. McAfee Client Proxy MCP versions prior to 3.0.0 are vulnerable. Technologies Affected McAfee Client...

Cisco Email Security Appliance CVE-2019-15971 Remote Security Bypass Vulnerability

Description Cisco Email Security Appliance is prone to a remote security-bypass vulnerability. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCvh88851. Technologies...

Multiple QNAP Products NAS-201911-20 Multiple Security Vulnerabilities

Description Multiple QNAP products are prone to multiple security vulnerabilities. An attacker may leverage these issues to execute arbitrary commands or gain unauthorized access to the affected device. Technologies Affected Qnap Helpdesk 1.0.06 Qnap Helpdesk 1.1.01 Qnap Helpdesk 1.2.0 Qnap...

HP ThinPro Linux Multiple Security Vulnerabilities

Description HP ThinPro Linux is prone to multiple security vulnerabilities. A local attacker can exploit these issues to obtain sensitive information,execute arbitrary code and gain elevated privileges. This may aid in further attacks. Technologies Affected HP ThinPro Linux x86 6.2 HP ThinPro Lin...

Cisco Stealthwatch Enterprise CVE-2019-15994 Cross Site Scripting Vulnerability

Description Cisco Stealthwatch Enterprise is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. Th...

Cisco Unified Communications Domain Manager CVE-2019-15968 HTML Injection Vulnerability

Description Cisco Unified Communications Domain Manager is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing...

Cisco Webex Centers CVE-2019-15987 Information Disclosure Vulnerability

Description Cisco Webex Centers are prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. This issue is being tracked by Cisco Bug IDs CSCvq81213 and CSCvq81230. Cisco Webex Event Center, Cisco Webex...

IBM Operations Analytics - Log Analysis Multiple Security Vulnerabilities

Description IBM Operations Analytics - Log Analysis is prone to multiple security vulnerabilities. Successful exploits will allow an attacker to obtain sensitive information, insert a crafted host header to navigate the victim to the attacker's domain or compromise the affected application. Other...

Cisco Unity Express CVE-2019-15986 Local Command Injection Vulnerability

Description Cisco Unity Express is prone to a local command-injection vulnerability. A local attacker can exploit this issue to execute arbitrary commands on the underlying OS with root privileges. This issue is being tracked by Cisco Bug ID CSCvq54120. Versions prior to Cisco Unity Express 10.1...

ISC BIND CVE-2019-6477 Remote Denial of Service Vulnerability

Description ISC BIND is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. Technologies Affected ISC Bind 9.11.0 ISC Bind 9.11.2 ISC Bind 9.11.3 ISC Bind 9.11.4 ISC Bind 9.11.5 ISC Bind 9.11.6 ISC Bind 9.11.7 ISC Bind 9.11...

Cisco Unified Communications Manager CVE-2019-15972 SQL Injection Vulnerability

Description Cisco Unified Communications Manager is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit...

Cisco IOS XR Software CVE-2019-15998 Security Bypass Vulnerability

Description Cisco IOS XR Software is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass the access control list and perform unauthorized actions. This issue is being tracked by Cisco Bug ID CSCvp91299. Technologies Affected Cisco IOS XR Software 6.5.1 Cisco IOS...

Cisco DNA Spaces Connector CVE-2019-15997 Local Command Injection Vulnerability

Description Cisco DNA Spaces Connector is prone to a local command-injection vulnerability. A local attacker can exploit this issue to execute arbitrary commands on the underlying OS with root privileges. This issue is being tracked by Cisco Bug ID CSCvp27714. Versions prior to Cisco DNA Spaces...

ClamAV CVE-2019-15961 Denial of Service Vulnerability

Description ClamAV is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. Versions prior to ClamAV 0.102.1 and 0.101.5 are vulnerable. Technologies Affected Cisco ClamAV 0.100 Cisco ClamAV 0.101 Cisco ClamAV 0.101.4 Cisco ClamAV...