Linux Kernel Information Disclosure and Denial of Service Vulnerabilities

Description Linux Kernel is prone to an information-disclosure vulnerability and a denial-of-service vulnerability Successfully exploiting these issues may allow an attacker to gain access to sensitive information or cause denial of service conditions. Linux kernel versions through 5.3.12 are...

Cisco DNA Spaces: Connector CVE-2019-15995 SQL Injection Vulnerability

Description Cisco DNA Spaces: Connector is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent...

Lenovo CCSDK CVE-2019-6184 Unspecified Local Privilege Escalation Vulnerability

Description Lenovo CCSDK is prone to an unspecified local privilege-escalation vulnerability. Local attackers can exploit this issue to gain elevated privileges. Technologies Affected Lenovo CCSDK Recommendations Permit local access for trusted individuals only. Where possible, use restricted...

Fortinet FortiOS CVE-2019-6693 Hardcoded Cryptographic Key Vulnerability

Description Fortinet FortiOS is prone to a hardcoded cryptographic key vulnerability. Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks. Versions prior to Fortinet FortiOS 5.6.11, 6.0.7 and 6.2.1 are vulnerable. Technologies Affected Fortinet...

Unbound IPSEC Module CVE-2019-18934 Arbitrary Shell Command Injection Vulnerability

Description Unbound IPSEC Module is prone to a command-injection vulnerability. An attacker can exploit this issue to execute arbitrary shell commands on the affected system. Unbound versions 1.6.4 through 1.9.4 are vulnerable. Technologies Affected Unbound Unbound 1.6.10 Unbound Unbound 1.6.4...

WordPress Unspecified Directory Traversal Vulnerability

Description WordPress is prone to an unspecified directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. Remote attackers may use a specially crafted request with directory-traversal sequences '../' to retrieve sensitive information or execute...

Lenovo ThinkPad USB-C Dock CVE-2019-6176 Unspecified Denial of Service Vulnerability

Description Lenovo ThinkPad USB-C Dock is prone to a unspecified denial-of-service vulnerability. Successful exploits may allow an attacker to cause denial-of-service conditions. Lenovo ThinkPad USB-C Dock version 3.7.2 is vulnerable; other versions may also be affected. Technologies Affected...

Google Android Camera CVE-2019-2234 Multiple Security Bypass Vulnerabilities

Description Google Android is prone to multiple security-bypass vulnerabilities. An attacker can exploit these issues to bypass certain security restrictions and perform unauthorized actions, or gain access to sensitive information; this may lead to further attacks. Technologies Affected Google...

WordPress Jetpack Plugin Unspecified Security Vulnerability

Description The Jetpack plugin for WordPress is prone to an unspecified security vulnerability. Successfully exploiting this issue will allow attackers to perform unauthorized actions; this may aid in launching further attacks. Jetpack 5.1 through 7.9 are vulnerable. Technologies Affected WordPre...

Lenovo LenovoPaper CVE-2019-6191 Unspecified Local Privilege Escalation Vulnerability

Description Lenovo LenovoPaper software is prone to an unspecified local privilege-escalation vulnerability. Local attackers can exploit this issue to gain elevated privileges. Technologies Affected Lenovo LenovoPaper Recommendations Permit local access for trusted individuals only. Where possibl...

Lenovo System Interface Foundation Multiple Security Vulnerabilities

Description Lenovo System Interface Foundation is prone to multiple security vulnerabilities. An attacker can exploit these issues to execute arbitrary code or gain elevated privileges on the affected system. Versions prior to Lenovo System Interface Foundation 1.1.18.3 are vulnerable. Technologi...

Microsoft Outlook for Android CVE-2019-1460 Spoofing Vulnerability

Description Microsoft Outlook for Android is prone to a security vulnerability that may allow attackers to conduct spoofing attacks. An attacker can exploit this issue to conduct spoofing attacks and perform unauthorized actions; other attacks are also possible. Technologies Affected Microsoft...

WordPress WP Maintenance Plugin CVE-2019-19979 Cross Site Request Forgery Vulnerability

Description The WP Maintenance Plugin for WordPress is prone to a cross-site request-forgery vulnerability. An attacker can exploit this issue to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. WP Maintenance versions prior to 5.0...

Critical System Protection Authentication Bypass

SUMMARY Symantec has released an update to address an issue that was discovered in the Critical System Protection CSP product. AFFECTED PRODUCTS Critical System Protection CSP --- CVE | Affected Versions | Remediation CVE-2019-18374 | 8.0, 8.0 HF1 & 8.0 MP1 | Upgrade to 8.0 MP1 HF1 ISSUES...

Ansible Tower CVE-2019-14890 Information Disclosure Vulnerability

Description Ansible Tower is prone to an information-disclosure vulnerability. An attacker can exploit this issue to obtain sensitive information. That may aid in further attacks. Ansible Tower version 3.6.0 is vulnerable; other versions may also be affected. Technologies Affected Redhat Ansible...

Moodle CVE-2019-14879 Security Bypass Vulnerability

Description Moodle is prone to a security-bypass vulnerability. Successfully exploiting this issue will allow attackers to bypass security restrictions and perform unauthorized actions; this may aid in launching further attacks. Moodle version 3.7 through 3.7.2, 3.6 through 3.6.6, 3.5 through 3.5...

Linux Kernel Multiple Memory Leak Denial of Service Vulnerabilities

Description Linux Kernel is prone to multiple denial-of-service vulnerabilities. Successful exploitation of these issues to execute arbitrary code, and to cause excessive memory consumption, resulting in a denial-of-service condition. Linux kernel versions prior to 5.3.9 are vulnerable...

Linux Kernel Multiple Memory Leak Denial of Service Vulnerabilities

Description Linux Kernel is prone to multiple denial-of-service vulnerabilities. Successful exploitation of these issues will cause excessive memory consumption, resulting in a denial-of-service condition. Linux kernel versions prior to 5.3.4 are vulnerable. Technologies Affected Linux kernel 2.6...

Moodle CVE-2019-14883 Remote Security Vulnerability

Description Moodle is prone to a remote security vulnerability. An attacker can leverage this issue to perform unauthorized actions. This may aid in further attacks. Moodle 3.7 through 3.7.2 and 3.6 through 3.6.6 versions are vulnerable. Technologies Affected Moodle Moodle 3.6 Moodle Moodle 3.6.1...

Moodle CVE-2019-14880 Security Bypass Vulnerability

Description Moodle is prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks. Versions prior to Moodle 3.5.9, 3.6.7 and 3.7.3 are vulnerable. Technologies Affected Moodle...

Linux Kernel Multiple Memory Leak Denial of Service Vulnerabilities

Description Linux Kernel is prone to multiple denial-of-service vulnerabilities. Successful exploitation of these issues to execute arbitrary code, and to cause excessive memory consumption, resulting in a denial-of-service condition. Linux kernel versions prior to 5.3.11 are vulnerable...

Moodle CVE-2019-14881 Cross Site Scripting Vulnerability

Description Moodle is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attack...

Moodle CVE-2019-14882 Open Redirection Vulnerability

Description Moodle is prone to an open-redirection vulnerability because it fails to properly sanitize user-supplied input. An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to a...

Apache Shiro CVE-2019-12422 Information Disclosure Vulnerability

Description Apache Shiro is prone to an information-disclosure vulnerability. Successfully exploiting this issue may allow an attacker to obtain sensitive information that may aid in further attacks. Versions prior to Apache Shiro 1.4.2 are vulnerable. Technologies Affected Apache Apache Shiro...

Linux Kernel CVE-2019-19079 Memory Leak Denial of Service Vulnerability

Description Linux Kernel is prone to a denial-of-service vulnerability. Successful exploitation of this issue will cause excessive memory consumption, resulting in a denial-of-service condition. Linux kernel versions prior to 5.3 are vulnerable. Technologies Affected Linux kernel 2.6.0 Linux kern...

Linux Kernel CVE-2019-19338 Incomplete Fix Information Disclosure Vulnerability

Description Linux Kernel is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Linux kernel 2.0.0 Linux kernel 2.0.1 Linux kernel 2.0.10 Linux kernel 2.0.11 Linux kerne...

Linux Kernel CVE-2019-19049 Memory Leak Denial of Service Vulnerability

Description Linux Kernel is prone to a denial-of-service vulnerability. Successful exploitation of this issue will cause excessive memory consumption, resulting in a denial-of-service condition. Linux kernel versions prior to 5.3.10 are vulnerable. Technologies Affected Linux kernel 2.6.0 Linux...

Google Chrome Prior to 78.0.3904.108 Multiple Security Vulnerabilities

Description Google Chrome is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of the browser or cause denial-of-service conditions. Versions prior to Chrome 78.0.3904.108 are vulnerable. Technologies Affected Google Chrome...

Moodle CVE-2019-14884 Cross Site Scripting Vulnerability

Description Moodle is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attack...

FasterXML Jackson CVE-2019-10172 Multiple XML External Entity Injection Vulnerabilities

Description FasterXML Jackson is prone to multiple XML External Entity injection vulnerabilities. Attackers can exploit these issues to obtain potentially sensitive information or cause a denial-of-service condition. This may lead to further attacks. Technologies Affected FasterXML Jackson...

Multiple Cloud Foundry Products CVE-2019-11289 Denial of Service Vulnerability

Description Multiple Cloud Foundry Products are prone to a denial-of-service vulnerability. Attackers can exploit this issue to crash the affected application, denying service to legitimate users. Technologies Affected Cloud Foundry Routing OSS 0.118.0 Cloud Foundry Routing OSS 0.121.0 Cloud...

Linux Kernel CVE-2019-19076 Memory Leak Denial of Service Vulnerability

Description Linux Kernel is prone to a denial-of-service vulnerability. Successful exploitation of this issue will cause excessive memory consumption, resulting in a denial-of-service condition. Linux kernel versions prior to 5.3.6 are vulnerable. Technologies Affected Linux kernel 2.6.0 Linux...

Symantec Norton App Lock CVE-2019-18373 Local Security Bypass Vulnerability

Description Symantec Norton App Lock for Android is prone to a local security-bypass vulnerability. Local attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. Norton App Lock versions prior to 1.4.0.503 are...

Apache Atlas CVE-2019-10070 HTML Injection Vulnerability

Description Apache Atlas is prone to an HTML injection vulnerability because it fails to sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based...

F5 BIG-IP APM CVE-2019-6661 Denial of Service Vulnerability

Description F5 BIG-IP APM is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause excessive resource consumption, resulting in a denial-of-service condition. BIG-IP APM 14.1.0 through 14.1.2, 14.0.0 through 14.0.1, 13.0.0 through 13.1.3, 12.1.0 through 12.1.4, and...

Multiple F5 BIG-IP Products CVE-2019-6664 Remote Security Vulnerability

Description Multiple F5 BIG-IP Products are prone to a remote security vulnerability. An attacker can leverage this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. Technologies Affected F5 BIG-IP AAM 14.1.0 F5 BIG-IP AAM 15.0.0 F5 BIG-IP AF...

Lexmark Services Monitor CVE-2019-16758 Directory Traversal Vulnerability

Description Lexmark Services Monitor is prone to a directory-traversal vulnerability. Remote attackers may use a specially crafted request with directory-traversal sequences '../' to retrieve sensitive information. This may aid in further attacks. Lexmark Services Monitor 2.27.4.0.39 is vulnerabl...

Multiple F5 BIG-IP Products CVE-2019-6662 Multiple Information Disclosure Vulnerabilities

Description Multiple F5 BIG-IP Products are prone to multiple information-disclosure vulnerabilities. Successfully exploiting these issues may allow attackers to obtain sensitive information. This may lead to other attacks. Technologies Affected F5 BIG-IP AAM 13.1.0 F5 BIG-IP AAM 13.1.1 F5 BIG-IP...

Fortinet FortiClient for Linux Multiple Local Security Vulnerabilities

Description Fortinet FortiClient for Linux is prone to multiple local security vulnerabilities. An attacker may exploit these issues to inject and execute arbitrary system-commands with root privileges, overwrite system-files, gain elevated privileges or cause denial of service conditions. Versio...

Multiple Kubernetes Sidecar Containers CVE-2019-11255 Unauthorized Access Vulnerability

Description Multiple Kubernetes Sidecar Containers are prone to an unauthorized access vulnerability. An attacker can exploit this issue to gain unauthorized access and perform unintended actions. This may lead to further attacks. Technologies Affected Kubernetes external-provisioner 0.4.1...

Symantec Endpoint Protection Multiple Issues

SUMMARY Symantec has released updates to address issues that were discovered in the Symantec Endpoint Protection SEP, Symantec Endpoint Protection Manager SEPM, Symantec Endpoint Protection Small Business Edition SEP SBE and Symantec Mail Security for MS Exchange SMSMSE products. AFFECTED PRODUCT...

Symantec Endpoint Protection CVE-2019-12758 Local Code Execution Vulnerability

Description Symantec Endpoint Protection is prone to a local code-execution vulnerability. A local attacker can leverage this issue to execute arbitrary code in the context of affected application. Failed attempts may lead to denial-of-service conditions. Symantec Endpoint Protection versions pri...

Infinispan CVE-2019-10174 Privilege Escalation Vulnerability

Description Infinispan is prone to a privilege-escalation vulnerability. A remote attacker can exploit this issue to gain elevated privileges and perform unauthorized actions on an affected system. Technologies Affected Redhat Enterprise Application Platform Continuous Delivery Redhat JBoss Data...

Multiple Siemens Products CVE-2019-18250 Security Bypass Vulnerability

Description Multiple Siemens Products are prone to a security vulnerability. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. Technologies Affected Siemens Nucleus NET Siemens Nucleus RTOS Siemens Nucleus ReadyStart...

Multiple Siemens Products CVE-2019-10936 Denial of Service Vulnerability

Description Multiple Siemens products are prone to a denial-of-service vulnerability. Attackers can exploit this issue to crash the affected device, denying service to legitimate users. Technologies Affected Siemens SIMATIC CFU PA Siemens SIMATIC ET 200AL Siemens SIMATIC ET 200M Siemens SIMATIC E...

Philips IntelliBridge EC40 and EC80 CVE-2019-18241 Unauthorized Access Vulnerability

Description Philips IntelliBridge EC40 and EC80 is prone to an unauthorized-access vulnerability. Attackers can exploit this issue to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. Technologies Affected Philips IntelliBridge EC40 Philips IntelliBridge...

Symantec Endpoint Protection CVE-2019-18372 Local Privilege Escalation Vulnerability

Description Symantec Endpoint Protection is prone to a local privilege escalation vulnerability. A local attacker can leverage this issue to gain elevated privileges. Symantec Endpoint Protection SEP versions prior to 14.2 RU2 are vulnerable. Technologies Affected Symantec Endpoint Protection 11...

Teamviewer CVE-2019-18251 Remote Security Vulnerability

Description Teamviewer is prone to a remote security vulnerability. An attacker can leverage this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. Teamviewer 5.0.8703 QS is vulnerable. Technologies Affected Omron CX-Supervisor 3.4.1 Omron...

Symantec Endpoint Protection CVE-2019-12756 Local Security Bypass Vulnerability

Description Symantec Endpoint Protection is prone to a local security-bypass vulnerability. Local attackers can exploit this vulnerability to bypass certain security restrictions and gain access to possibly sensitive information. Versions prior to Symantec Endpoint Protection 14 RU2 are vulnerabl...

Siemens SIMATIC S7-1200 CVE-2019-13945 Local Unauthorized Access Vulnerability

...