Cisco Small Business RV Series Routers CVE-2019-15271 Arbitrary Command Execution Vulnerability

Description Cisco Small Business RV Series Routers are prone to an arbitrary command-execution vulnerability. An attacker can exploit this issue to execute arbitrary commands on the affected device with root privileges. This issue is being tracked by Cisco Bug IDs CSCvq95596, CSCvq97028,...

Cisco Small Business RV Series Routers CVE-2019-15957 Remote Command Injection Vulnerability

Description Cisco Small Business RV Series Routers are prone to a remote command injection vulnerability. Successfully exploiting this issue may allow an attacker to execute arbitrary commands with root privileges in the context of the affected device. This issue is being tracked by Cisco Bug IDs...

Multiple Veritas Products CVE-2019-18780 Arbitrary Command Injection Vulnerability

Description Multiple Veritas products are prone to an arbitrary command-injection vulnerability because they fail to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary shell commands in the context of the affected application. Failed exploit attempts...

Artifex Ghostscript CVE-2019-14869 Remote Privilege Escalation Vulnerability

Description Ghostscript is prone to a remote privilege-escalation vulnerability. A remote attacker can exploit this issue to gain elevated privileges and access arbitrary files or execute arbitrary commands on the affected system. Versions prior to Ghostscript 9.50 are vulnerable. Technologies...

Joomla! Core CVE-2019-18674 Information Disclosure Vulnerability

Description Joomla! Core is prone to a remote information-disclosure vulnerability. Attackers can exploit this issue to gain access to sensitive information that may aid in further attacks. Joomla! Core versions 3.6.0 through 3.9.12 are vulnerable. Technologies Affected Joomla Joomla! 3.2 Joomla...

Multiple Trend Micro Products Multiple Security Vulnerabilities

Description Multiple Trend Micro Products are prone to the following security vulnerabilities: 1. An information-disclosure vulnerability 2. An arbitrary file-deletion vulnerability An attacker can exploit this issue to obtain sensitive information or delete arbitrary files from the affected...

Linux Kernel Multiple Security Vulnerabilities

Description Linux Kernel is prone to the following security vulnerabilities: 1. A security-bypass vulnerability 2. A local privilege-escalation vulnerability An attacker can exploit these issues to bypass certain security restrictions and perform unauthorized actions or gain elevated privileges...

Linux Kernel CVE-2019-18786 Information Disclosure Vulnerability

Description Linux kernel is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Linux kernel versions through 5.3.8 are vulnerable. Technologies Affected Linux kernel 2.0.0 Linux kernel 2.0.1...

SQLite CVE-2019-16168 Denial of Service Vulnerability

Description SQLite is prone to a denial of service vulnerability. Attackers can exploit this issue to cause denial-of-service conditions. SQLite 3.29.0 and prior versions are vulnerable. Technologies Affected Oracle Communications Design Studio 7.3.4.3.0 Oracle Communications Design Studio...

Squid Multiple Security Vulnerabilities

Description Squid is prone to the following vulnerabilities: 1. Multiple buffer-overflow vulnerabilities. 2. An information disclosure vulnerability. 3. A cross-site request-forgery vulnerability. 4. An HTTP request-splitting vulnerability 5. A security-bypass vulnerability. Successful...

Google Android Media Framework Multiple Local Privilege Escalation Vulnerabilities

Description Google Android is prone to multiple local privilege-escalation vulnerabilities. A local attacker can exploit these issues to execute arbitrary code with elevated privileges within the context of the privileged process. These issues are being tracked by Android Bug IDs A-137283376,...

Google Android System Component CVE-2019-2036 Privilege Escalation Vulnerability

Description Google Android is prone to a privilege-escalation vulnerability. An attackers may exploit this issue to gain elevated privileges. This issue are being tracked by Android Bug ID A-79703832. Technologies Affected Google Android 10.0 Google Android 8.0 Google Android 8.1 Google Android 9...

Red Hat '389-ds-base' CVE-2019-14824 Security Bypass Vulnerability

Description Red Hat '389-ds-base' is prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions, obtain sensitive information and perform unauthorized actions. This may aid in further attacks. Technologies Affected Redhat 389-ds-base Redhat...

Google Android Framework Component Multiple Information Disclosure Vulnerabilities

Description Google Android is prone to multiple information-disclosure vulnerabilities. An attacker can exploit these issues to gain access to sensitive information; this may lead to further attacks. This issue is being tracked by Android Bug IDs A-135269143, A-135270103. Technologies Affected...

Dell EMC iDRAC CVE-2019-3764 Unauthorized Access Vulnerability

Description Dell EMC iDRAC is prone to an unauthorized-access vulnerability. Attackers can exploit this issue to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. The following Dell products are affected: Dell EMC iDRAC8 versions prior to 2.70.70.70 are...

Apache NiFi Multiple Information Disclosure Vulnerabilities

Description Apache NiFi is prone to multiple information-disclosure vulnerabilities. Attackers can exploit this issue to obtain potentially sensitive information. This may lead to further attacks. Apache NiFi versions 1.3.0 through 1.9.2 are vulnerable. Technologies Affected Apache Nifi 1.3.0...

IBM Security Secret Server CVE-2019-4634 Multiple Information Disclosure Vulnerabilities

Description IBM Security Secret Server is prone to multiple information-disclosure vulnerabilities. Remote attackers can exploit these issues to obtain sensitive information that may lead to further attacks. Technologies Affected IBM Security Secret Server 10.4.0 IBM Security Secret Server 10.5.0...

Google Pixel CVE-2019-2210 Privilege Escalation Vulnerability

Description Google Pixel is prone to a privilege-escalation vulnerability. An attackers may exploit this issue to gain elevated privileges. This issue are being tracked by Android Bug ID A-139148442. Technologies Affected Google Android 10.0 Google Android 9.0 Google Pixel 2 Google Pixel 2 XL...

IBM QRadar SIEM CVE-2019-4470 Unspecified Cross Site Scripting Vulnerability

Description IBM QRadar SIEM is prone to an unspecified cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based...

Apache Impala CVE-2019-10084 Authorization Bypass Vulnerability

Description Apache Impla is prone to a authorization-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions or gain elevated privileges; this may aid in launching further attacks. Apache Impala versions 2.7.0 through 3.2.0...

Google Android Binder Multiple Local Privilege Escalation Vulnerabilities

Description Google Android is prone to multiple local privilege-escalation vulnerabilities. Local attackers can exploit these issues to gain elevated privileges. These issues are being tracked by Android Bug IDs A-133758011, A-136210786. Technologies Affected Google Android Recommendations Permit...

Google Android Library CVE-2019-2201 Remote Code Execution Vulnerability

Description Google Android is prone to a remote code execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the affected application. This issue is being tracked by Android bug ID A-120551338. Technologies Affected Google Android 10.0 Google Androi...

Google Android Framework Multiple Security Vulnerabilities

Description Google Android is prone to the following security vulnerabilities: 1. Multiple privilege-escalation vulnerabilities 2. Multiple information-disclosure vulnerabilities An attacker can exploit these issues to gain elevated privileges or gain access to sensitive information; this may...

PHP 'ReflectionNamedType' Denial of Service Vulnerability

Description PHP is prone to a denial-of-service vulnerability. Successful exploits may allow the attacker to crash the affected application resulting in denial-of-service condition. Versions prior to PHP 7.4.0 are vulnerable. Technologies Affected PHP PHP 7.3.0 PHP PHP 7.3.1 PHP PHP 7.3.10 PHP PH...

Redhat Quay CVE-2019-3865 HTML Injection Vulnerability

Description Redhat Quay is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-bas...

Redhat Quay CVE-2019-3864 Security Bypass Vulnerability

Description Redhat Quay is prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks. Technologies Affected Redhat Quay 3 Recommendations Block external access at the network...

Symantec Endpoint Protection SONAR Component CVE-2019-12752 Security Bypass Vulnerability

Description Symantec Endpoint Protection is prone to a security-bypass vulnerability. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. Symantec Endpoint Protection versions prior to 12.0.2 are vulnerable. Technologi...

F5 BIG-IP AFM CVE-2019-6658 SQL Injection Vulnerability

Description F5 BIG-IP AFM is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied input before using it in an SQL query. An attacker can exploit this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the...

Apple Xcode Multiple Memory Corruption Vulnerabilities

Description Apple Xcode is prone to multiple memory corruption vulnerabilities. A remote attacker can leverage these issues to execute arbitrary code in the context of the user running the application. Failed exploit attempts may result in a denial-of-service condition. Versions prior to Xcode 11...

Honeywell equIP/Performance Series IP Cameras/Recorders Authentication Bypass Vulnerability

Description Honeywell Tuxedo Touch Controller is prone to a remote authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks. Technologies Affected Honeywell BD3PR1 Honeywell...

Advantech WISE-PaaS/RMM Multiple Security Vulnerabilities

...

Xen CVE-2019-18423 Denial of Service Vulnerability

Description Xen is prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash hypervisor, denying service to legitimate users. Xen version 4.8 and later are vulnerable. Technologies Affected Xen Xen 4.10 Xen Xen 4.10.0 Xen Xen 4.10.1 Xen Xen 4.10.2 Xen Xen 4.11.0 Xen...

Google Chrome Prior to 78.0.3904.87 Multiple Security Vulnerabilities

Description Google Chrome is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of the browser or cause denial-of-service conditions. Versions prior to Chrome 78.0.3904.87 are vulnerable. Technologies Affected Google Chrome...

Multiple F5 BIG-IP Products CVE-2019-6657 Cross Site Scripting Vulnerability

Description Multiple F5 BIG-IP Products are prone to a cross-site scripting vulnerability because they fail to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site...

libarchive CVE-2019-18408 Arbitrary Code Execution Vulnerability

Description libarchive is prone to an arbitrary code-execution vulnerability. Attackers may leverage this issue to execute arbitrary code on the affected system. Failed attacks will cause denial-of-service conditions. Technologies Affected Ubuntu Ubuntu Linux 14.04 ESM Ubuntu Ubuntu Linux 16.04 L...

Xen CVE-2019-18424 Privilege Escalation Vulnerability

Description Xen is prone to a privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges on the affected system. Technologies Affected Citrix Hypervisor 8.0 Citrix XenServer 7.0 Citrix XenServer 7.1 LTSR CU2 Citrix XenServer 7.6 Xen Xen 3.2.0 Xen Xen 3.2.1...

Xen CVE-2019-18420 Denial of Service Vulnerability

Description Xen is prone to a denial-of-service vulnerability. Attackers can exploit this issue to crash the affected application, denying service to legitimate users. Xen Xen version 4.6 and later are vulnerable. Technologies Affected Xen Xen 4.10 Xen Xen 4.10.0 Xen Xen 4.10.1 Xen Xen 4.10.2 Xen...

Xen CVE-2019-18421 Privilege Escalation Vulnerability

Description Xen is prone to a privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges, obtain sensitive information or cause denial-of-service conditions. Technologies Affected Citrix Hypervisor 8.0 Citrix XenServer 7.0 Citrix XenServer 7.1 LTSR CU2 Citr...

Apple macOS/iOS/iPadOS Multiple Information Disclosure Vulnerabilities

Description Apple iOS, iPad and macOS are prone to multiple information-disclosure vulnerabilities. Attackers can exploit these issues to obtain sensitive information that may aid in further attacks. Technologies Affected Apple Ipad Mini- Apple iOS 10 Apple iOS 10.0.1 Apple iOS 10.1 Apple iOS 10....

Xen CVE-2019-18425 Privilege Escalation Vulnerability

Description Xen is prone to a privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges, obtain sensitive information or cause denial-of-service conditions. Technologies Affected Citrix Hypervisor 8.0 Citrix XenServer 7.0 Citrix XenServer 7.1 LTSR CU2 Citr...

Xen CVE-2019-18422 Security Vulnerability

Description Xen is prone to a security vulnerability. An attacker can exploit this issue to cause a denial-of-service condition, gain elevated privileges and corrupt the data. Xen versions through 4.12.x are vulnerable. Technologies Affected Xen Xen 2.0 Xen Xen 3.0.2 Xen Xen 3.0.3 Xen Xen 3.0.4 X...

IBM UrbanCode Deploy CVE-2019-4490 Security Bypass Vulnerability

Description IBM UrbanCode Deploy is prone to a security-bypass vulnerability. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. IBM UrbanCode Deploy versions 6.2.7 through 7.0.3 are vulnerable. Technologies Affected...

PHP 'FFI::cast()' Heap Based Memory Corruption Vulnerability

Description PHP is prone to a heap-based memory-corruption vulnerability. Successful exploits may allow the attacker to crash the affected application resulting in denial-of-service condition. Versions prior to PHP 7.4.0 are vulnerable. Technologies Affected PHP PHP 7.3.0 PHP PHP 7.3.1 PHP PHP...

systemd CVE-2018-21029 Certificate Validation Security Bypass Vulnerability

Description systemd is prone to a security-bypass vulnerability. An attacker can exploit this issue to perform man-in-the-middle attacks and perform certain unauthorized actions, which will aid in further attacks. systemd versions 239 through 243 are vulnerable. Technologies Affected systemd...

PHP 'FFI::cast()' Memory Leak Denial of Service Vulnerability

Description PHP is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause a denial of service condition. Versions prior to PHP 7.4.0 are vulnerable. Technologies Affected PHP PHP 7.3.0 PHP PHP 7.3.1 PHP PHP 7.3.10 PHP PHP 7.3.11 PHP PHP 7.3.12 PHP PHP 7.3.2 PHP PHP...

WebKit Multiple Memory Corruption Vulnerabilities

Description WebKit is prone to multiple memory-corruption vulnerabilities. A remote attacker can leverage these issues to execute arbitrary code in the context of the user running the application. Failed exploit attempts may result in a denial-of-service condition. Technologies Affected Apple Ipa...

WebKit Cross Site Scripting and Multiple Memory Corruption Vulnerabilities

Description WebKit is prone to cross-site scripting and multiple memory-corruption vulnerabilities. Attackers can exploit these issues to execute arbitrary code on the affected system. Failed exploit attempts may result in a denial-of-service condition. Technologies Affected Apple Watch Apple...

Redhat Syndesis CVE-2019-14860 Information Disclosure Vulnerability

...

Apple macOS/watchOS/iCloud for Windows CVE-2019-8750 Memory Corruption Vulnerability

Description Apple macOS, watchOS and iCloud for Windows are prone to a memory corruption vulnerability. Attackers can exploit this issue to execute arbitrary code and perform unauthorized actions. Failed exploit attempts may result in a denial-of-service condition. Technologies Affected Apple Wat...

Apple watchOS CVE-2019-8747 Memory Corruption Vulnerability

Description Apple watchOS is prone to memory corruption vulnerability. Attackers can exploit this issue to execute arbitrary code and perform unauthorized actions. Failed exploit attempts may result in a denial-of-service condition. Technologies Affected Apple Watch Apple watchOS 1.0 Apple watchO...