Intel Software Guard Extensions CVE-2019-0117 Local Information Disclosure Vulnerability

Description Intel Software Guard Extensions SGX is prone to a local information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. The following Intel products are affected: 6th Generation Intel Core processors 7th Generatio...

Adobe Illustrator CVE-2019-7962 DLL Loading Privilege Escalation Vulnerability

Description Adobe Illustrator is prone to a privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges. Adobe Illustrator CC version 23.1 and prior are vulnerable. Technologies Affected Adobe Illustrator CC 19 Adobe Illustrator CC 21 Adobe Illustrator CC 22...

SAP UI5 HTTP Handler CVE-2019-0388 Unspecified Content Spoofing Vulnerability

Description SAP UI5 HTTP Handler is prone to an unspecified content-spoofing vulnerability. Attackers can exploit this issue to manipulate and spoof content, which may aid in further attacks. Technologies Affected SAP SAPUI5 SAP UI 7.5 SAP UI 7.51 SAP UI 7.52 SAP UI 7.53 SAP UI 7.54 Recommendatio...

Microsoft Windows Graphics Component CVE-2019-1438 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Window...

Microsoft Windows DirectWrite CVE-2019-1432 Information Disclosure Vulnerability

Description Microsoft Windows is prone to an information-disclosure vulnerability. An attacker can leverage this issue to disclose sensitive information that may aid in further attacks. Technologies Affected Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1...

Microsoft Edge Chakra Scripting Engine CVE-2019-1428 Remote Memory Corruption Vulnerability

Description Microsoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft ChakraCore Microsoft...

Microsoft Windows Certificate Dialog CVE-2019-1388 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Window...

Microsoft Windows Media Foundation CVE-2019-1430 Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed attacks will cause denial-of-service conditions. Technologies Affected Microsoft Windows 10 Version 1903 f...

Microsoft Windows Hyper-V CVE-2019-0719 Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of an affected system. Technologies Affected Microsoft Hyper-V Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10...

Intel WIFI Drivers and PROSet/Wireless WiFi Software Multiple Memory Corruption Vulnerabilities

Description Intel WIFI Drivers and PROSet/Wireless WiFi Software are prone to multiple memory-corruption vulnerabilities. A local attacker can leverage these issues to gain elevated privileges, gain sensitive information and cause denial-of-service conditions. Intel WIFI Drivers and PROSet/Wirele...

Microsoft Windows Netlogon CVE-2019-1424 Security Bypass Vulnerability

Description Microsoft Windows Netlogon is prone to a security bypass vulnerability. Successfully exploiting this issue may allow attackers to bypass certain security restrictions and perform unauthorized actions by conducting a man-in-the-middle attack. This may lead to other attacks. Technologie...

Adobe Bridge CC APSB19-53 Multiple Unspecified Memory Corruption Vulnerabilities

Description Adobe Bridge CC is prone to multiple unspecified memory-corruption vulnerabilities. Attackers can exploit these issues to obtain sensitive information that may aid in further attacks. Adobe Bridge CC 9.1 is vulnerable. Technologies Affected Adobe Bridge CC 9.1 Recommendations Deploy...

Adobe Animate CVE-2019-7960 DLL Loading Local Privilege Escalation Vulnerability

Description Adobe Animate is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to gain elevated privileges. Animate 19.2.1 and prior are vulnerable. Technologies Affected Adobe Animate 14.2.0.20 Adobe Animate 15.0.0.173 Adobe Animate 15.0.1.179 Adobe...

SAP Diagnostics Agent CVE-2019-0390 Information Disclosure Vulnerability

Description SAP Diagnostics Agent is prone to an unspecified information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. SAP Diagnostic Agent LM-Service version 7.20 is vulnerable; other versions may also be...

Microsoft Visual Studio CVE-2019-1425 Remote Privilege Escalation Vulnerability

Description Microsoft Visual Studio is prone to a remote privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges. Technologies Affected Microsoft Visual Studio 2017 15.9 Microsoft Visual Studio 2019 16.0 Microsoft Visual Studio 2019 16.3 Recommendations...

Microsoft Windows Win32k CVE-2019-1434 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code in kernel mode with elevated privileges. Technologies Affected Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems...

Intel PROSet/Wireless WiFi Software Multiple Security Vulnerabilities

Description Intel PROSet/Wireless WiFi Software is prone to multiple security vulnerabilities. A local attacker can leverage these issues to gain elevated privileges, obtain sensitive information or cause denial-of-service conditions. Versions prior to Intel PROSet/Wireless WiFi Software 21.40 ar...

Multiple Intel Processors Side Channel CVE-2019-11135 Information Disclosure Vulnerability

Description Multiple Intel Processors are prone to a local information-disclosure vulnerability. A local attacker can leverage this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Citrix Hypervisor 8.0 Citrix XenServer 7.0 Citrix XenServer 7.1 LTSR CU2...

Microsoft Windows CVE-2019-1381 Local Information Disclosure Vulnerability

Description Microsoft Windows is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version...

SAP Quality Management CVE-2019-0393 Unspecified SQL Injection Vulnerability

Description SAP Quality Management is prone to an unspecified SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue to compromise the application, access or modify data, or exploit latent...

McAfee Total Protection CVE-2019-3648 Local Privilege Escalation Vulnerability

Description Multiple McAfee products are prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges. McAfee Total Protection MTP version 16.0.R22 and prior are vulnerable. Technologies Affected McAfee Total Protection 16.0.R17 McAfee Total...

Envoy CVE-2019-18836 Remote Denial of Service Vulnerability

Description Envoy is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause denial of service conditions. Technologies Affected Envoy Envoy 1.12.0 Istio Istio 1.3.0 Istio Istio 1.3.1 Istio Istio 1.3.2 Istio Istio 1.3.3 Recommendations Block external access ...

IBM Spectrum Protect Plus CVE-2019-4652 Insecure File Permission Vulnerability

Description IBM Spectrum Protect Plus is prone to insecure file-permission vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. IBM Spectrum Protect Plus versions 10.1.0 through 10.1....

Fortinet FortiOS CVE-2019-15705 Denial of Service Vulnerability

Description Fortinet FortiOS is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause denial-of-service conditions. Technologies Affected Fortinet FortiOS 4.3.10 Fortinet FortiOS 4.3.12 Fortinet FortiOS 4.3.13 Fortinet FortiOS 4.3.14 Fortinet FortiOS 4.3.8 Fortinet...

Fortinet FortiClient for macOS CVE-2019-15704 Local Information Disclosure Vulnerability

Description Fortinet FortiClient for macOS is prone to a local information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. Versions prior to FortiClient for macOS 6.0.8 and 6.2.1 are vulnerable. Technologies...

FriBidi CVE-2019-18397 Stack Buffer Overflow Vulnerability

...

Fuji Electric V-Server CVE-2019-18240 Multiple Heap Based Buffer Overflow Vulnerabilities

Description Fuji Electric V-Server is prone to multiple unspecified heap-based buffer overflow vulnerabilities. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions...

Multiple Medtronic Products ICSMA-19-311-01 Multiple Security Vulnerabilities

Description Multiple Medtronic Products are prone to multiple security vulnerabilities. Successful exploits may allow an attacker to bypass certain security restrictions and perform unauthorized actions or obtain sensitive information that may aid in launching further attacks. Technologies Affect...

OpenStack Mistral CVE-2019-3866 Local Information Disclosure Vulnerability

Description OpenStack Mistral is prone to a local information-disclosure vulnerability. An attacker may leverage this issue to obtain potentially sensitive information that may aid in further attacks. Technologies Affected OpenStack Mistral Redhat OpenStack Platform 10 Redhat OpenStack Platform...

Multiple Medtronic Products ICSMA-19-311-02 Multiple Security Vulnerabilities

Description Multiple Medtronic Products are prone to multiple security vulnerabilities. An attacker can exploit these issues to gain unauthorized access or obtain sensitive information that may aid in brute-force attacks. Other attacks are also possible. Technologies Affected Medtronic Valleylab...

Linux Kernel Use After Free and Multiple Memory Leak Denial of Service Vulnerabilities

Description Linux Kernel is prone to multiple denial-of-service vulnerabilities. Successful exploitation of these issues to execute arbitrary code, and to cause excessive memory consumption, resulting in a denial-of-service condition. Linux kernel versions through 5.3.9 are vulnerable. Technologi...

Linux Kernel Multiple Memory Leak Denial of Service Vulnerabilities

Description Linux Kernel is prone to multiple denial-of-service vulnerabilities. Successful exploitation of these issues will cause excessive memory consumption, resulting in a denial-of-service condition. Linux kernel versions prior to 5.3.5 are vulnerable. Technologies Affected Linux kernel 2.6...

PHP CVE-2019-11050 Denial of Service Vulnerability

Description PHP is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause denial-of-service condition. PHP versions prior to 7.4.1 are vulnerable. Technologies Affected PHP PHP 7.0.0 PHP PHP 7.0.1 PHP PHP 7.0.10 PHP PHP 7.0.11 PHP PHP 7.0.12 PHP PHP 7.0.13 PHP PHP...

Philips Tasy EMR CVE-2019-13557 Information Disclosure Vulnerability

Description Philips Tasy EMR is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain unauthorized access to sensitive information. This may lead to further attacks. Philips Tasy EMR version 3.02.1744 and prior are affected. Philips Tasy WebPortal version...

Multiple Cisco Products CVE-2019-15288 Remote Privilege Escalation Vulnerability

Description Multiple Cisco Products are prone to a remote privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges. The issue is being tracked by Cisco Bug ID CSCvq29901. Technologies Affected Cisco RoomOS Software Cisco TelePresence CE Software 8.0.0 Cis...

Cisco Web Security Appliance CVE-2019-15969 Cross Site Scripting Vulnerability

Description Cisco Web Security Appliance is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. Thi...

Drupal Open Social SA-CONTRIB-2019-075 Session Fixation Vulnerability

Description Drupal Open Social is prone to a session-fixation vulnerability. An attacker can exploit this issue to hijack an arbitrary session and gain unauthorized access to the affected application. Drupal Open Social 8.x-7.0, and 8.x-6.0 through 8.x-6.4 are vulnerable. Technologies Affected...

Apache CXF Denial of Service and Unauthorized Access Vulnerabilities

Description Apache CXF is prone to a denial-of-service vulnerability and an unauthorized access vulnerability. Attackers can exploit these issues to cause a denial-of-service condition and bypass certain security restrictions and gain unauthorized access; this may aid in launching further attacks...

Cisco Webex Meetings CVE-2019-15960 Remote Privilege Escalation Vulnerability

Description Cisco Webex Meetings is prone to a remote privilege-escalation vulnerability. A remote attacker can exploit this issue to gain elevated privileges on the affected devices. This issue is tracked by Cisco Bug ID CSCvq37564. Technologies Affected Cisco WebEx Meetings Cisco Webex Meetings...

Multiple Cisco Products CVE-2019-15289 Denial of Service Vulnerability

Description Multiple Cisco Products are prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. This issue is being tracked by Cisco Bug IDs CSCvq12177, CSCvq29889 and CSCvq65302. Technologies Affected Cisco RoomOS Software Cisco...

Multiple Cisco Products CVE-2019-15958 Remote Code Execution Vulnerability

Description Multiple Cisco Products are prone to an remote code-execution vulnerability. Successfully exploiting this issue will allow attackers to execute arbitrary code within the context of the application. This issue is being tracked by Cisco Bug IDs CSCvp79419, CSCvp79611 . Technologies...

Multiple Cisco WebEx Products Multiple Arbitrary Code Execution Vulnerabilities

Description Multiple Cisco WebEx products are prone to multiple local code-execution vulnerabilities. Successfully exploiting these issues will allow attackers to execute arbitrary code within the context of the application. These issues are being tracked by Cisco Bug IDs CSCvq32301, CSCvq36083,...

Multiple Cisco Products CVE-2019-15967 Local Security Bypass Vulnerability

Description Multiple Cisco Products are prone to a local security-bypass vulnerability. An attacker may exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. This issue is being tracked by Cisco Bug ID CSCvq29891. Technologi...

Cisco Wireless LAN Controller CVE-2019-15276 Denial of Service Vulnerability

Description Cisco Wireless LAN Controller is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause a restart to the device, resulting in denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCvp92098. Technologies Affected Cisco Wireles...

Atlassian Jira Service Desk Server and Data Center Multiple Security Vulnerabilities

Description Atlassian Jira Service Desk Server and Jira Service Desk Data Center are prone to multiple security vulnerabilities. An attacker can exploit these issues using directory-traversal characters ‘../’ to access or read arbitrary files outside of the restricted directory, or bypass certain...

Cisco Web Security Appliance CVE-2019-15956 Unauthorized Access Vulnerability

Description Cisco Web Security Appliance is prone to an unauthorized-access vulnerability. Attackers can exploit this issue to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCvp51493. Technologies Affected...

Cisco Small Business SPA500 Series IP Phones CVE-2019-15959 Local Command Injection Vulnerability

Description Cisco Small Business SPA500 Series IP Phones are prone to a local command-injection vulnerability. Local attackers can exploit this issue to execute arbitrary commands on the device in an elevated security context. This issue is being tracked by Cisco Bug ID CSCvp40755. Cisco Small...

Google Android System Component Multiple Security Vulnerabilities

Description Google Android is prone to multiple security vulnerabilities. An attacker can leverage these issues to gain sensitive information, elevate privileges or execute arbitrary code in the context of a privileged process. Failed attacks may cause a denial-of-service condition. These issues...

Cisco Industrial Network Director CVE-2019-15973 Cross Site Scripting Vulnerability

Description Cisco Industrial Network Director is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This ca...

Cisco Managed Services Accelerator CVE-2019-15974 Open Redirection Vulnerability

Description Cisco Managed Services Accelerator is prone to an open-redirection vulnerability because it fails to properly sanitize user-supplied input. An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link,...