Apple iOS and macOS Multiple Security Vulnerabilities

Description Apple iOS and macOS are prone to multiple security vulnerabilities. Attackers can exploit these issues to gain sensitive information or execute arbitrary code. This may aid in further attacks. Technologies Affected Apple iOS 10 Apple iOS 10.0.1 Apple iOS 10.1 Apple iOS 10.2 Apple iOS...

Samba CVE-2019-10218 Path Traversal Arbitrary File Write Vulnerability

Description Samba is prone to an arbitrary file write vulnerability. Successful exploits may allow an attacker to write arbitrary files to the affected system. This may aid in further attacks. Technologies Affected Samba Samba 3.4.0 Samba Samba 3.4.1 Samba Samba 3.4.10 Samba Samba 3.4.11 Samba...

Apple iOS and iPadOS Multiple Local Security Vulnerabilities

Description Apple iOS and iPadOS are prone to multiple local security vulnerabilities. An attacker can exploit these issues to obtain sensitive information, execute arbitrary code and gain elevated privileges. Failed exploit attempts will likely cause a denial-of-service condition. Technologies...

Samba CVE-2019-14847 Remote Denial of Service Vulnerability

Description Samba is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause the application to crash, denying service to legitimate users. Samba version 4.0.0 through 4.10.9 are vulnerable. Technologies Affected Samba Samba 4.0.0 Samba Samba 4.0.1 Samba Sam...

Samba CVE-2019-14833 Remote Security Bypass Vulnerability

Description Samba is prone to a security-bypass vulnerability. Successful exploit may allow attackers to bypass certain security restrictions and gain unauthorized access to resources. Samba versions 4.5.0 and later are vulnerable. Technologies Affected Samba Samba 4.10.1 Samba Samba 4.10.2 Samba...

Fortinet FortiClient for macOS CVE-2019-17650 Local Command Injection Vulnerability

Description Fortinet FortiClient for macOS is prone to a local command-injection vulnerability. An attacker may exploit this issue to inject and execute arbitrary commands with root privileges. Versions prior to FortiClient for macOS 6.2.2 are vulnerable. Technologies Affected Fortinet FortiClien...

Apple macOS Multiple Security Vulnerabilities

Description Apple macOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, gain elevated privileges, obtain sensitive information or cause denial-of-service conditions. Technologies Affected Apple macOS 10.12 Apple macOS 10.12.1 Apple macO...

Apple iTunes and macOS CVE-2019-8801 DLL Loading Arbitrary Code Execution Vulnerability

Description Apple iTunes and macOS are prone to an arbitrary code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial of service condition. Technologies Affected Apple...

WebKit Cross Site Scripting and Multiple Memory Corruption Vulnerabilities

Description WebKit is prone to a cross-site scripting vulnerability and multiple memory-corruption vulnerabilities. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or execute arbitrary code in the...

Broadcom Brocade SANnav CVE-2019-16208 Weak Encryption Security Weakness

Description Broadcom Brocade SANnav is prone to a security weakness. Successfully exploiting this issue may allow an attacker to obtain sensitive information that may aid in further attacks. Versions prior to Brocade SANnav 2.0 are vulnerable. Technologies Affected Broadcom Brocade SANnav...

Trend Micro OfficeScan CVE-2019-18187 Directory Traversal Vulnerability

Description Trend Micro OfficeScan is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker can exploit this issue using directory-traversal characters '../' to access or read arbitrary files that contain sensitive information or t...

Trend Micro Apex One CVE-2019-18188 Command Injection Vulnerability

Description Trend Micro Apex One is prone to a command-injection vulnerability because it fails to properly sanitize user-supplied input. Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the affected application. Failed exploit attempts will...

Broadcom Brocade SANnav CVE-2019-16205 Session Hijacking Vulnerability

Description Broadcom Brocade SANnav is prone to a session-hijacking vulnerability. An attacker can exploit this issue to hijack another user's session and gain unauthorized access to the victim's account on the affected system. Versions prior to Brocade SANnav 2.0 are vulnerable. Technologies...

Apple tvOS/iOS/iPadOS CVE-2019-8795 Memory Corruption Vulnerability

Description Apple iOS, iPad and tvOS are prone to a memory-corruption vulnerability. A remote attacker can leverage this issue to execute arbitrary code with system privileges. Failed exploit attempts may result in a denial-of-service condition. Technologies Affected Apple Ipad Mini- Apple TV App...

Broadcom Brocade SANnav CVE-2019-16210 Information Disclosure Vulnerability

Description Broadcom Brocade SANnav is prone to an information disclosure vulnerability Successfully exploiting this issue may allow an attacker to obtain sensitive information that may aid in further attacks or cause a denial-of-service condition. Versions prior to Brocade SANnav 2.0 are...

phpMyAdmin CVE-2019-18622 SQL Injection Vulnerability

Description phpMyAdmin is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the...

Apple iOS/iPadOS/tvOS/watchOS/macOS Multiple Security Vulnerabilities

Description Apple iOS, iPadOS, tvOS, watchOS and macOS are prone to the following security vulnerabilities: 1. A denial-of-service vulnerability 2. An authentication-bypass vulnerability 3. Multiple memory-corruption vulnerabilities 4. An information disclosure vulnerability An attacker can...

Broadcom Brocade SANnav CVE-2019-16207 Hardcoded Credentials Vulnerability

Description Broadcom Brocade SANnav is prone to a hard-coded credentials vulnerability. An attacker can exploit this issue to gain unauthorized access to the vulnerable system and perform unauthorized actions. Versions prior to Brocade SANnav 2.0 are vulnerable. Technologies Affected Broadcom...

Broadcom Brocade SANnav CVE-2019-16206 Information Disclosure Vulnerability

Description Broadcom Brocade SANnav is prone to an information disclosure vulnerability Successfully exploiting this issue may allow an attacker to obtain sensitive information that may aid in further attacks or cause a denial-of-service condition. Versions prior to Brocade SANnav 2.0 are...

Multiple Trend Micro Products CVE-2019-18189 Unspecified Directory Traversal Vulnerability

Description Multiple Trend Micro products are prone to an unspecified directory-traversal vulnerability. Remote attackers can use specially crafted requests with directory-traversal sequences '../' to access arbitrary files that contain sensitive information. This may aid in further attacks. The...

Broadcom Brocade SANnav CVE-2019-16209 SSL Certificate Validation Security Bypass Vulnerability

Description Broadcom Brocade SANnav is prone to a security-bypass vulnerability. An attacker can exploit this issue to perform man-in-the-middle attacks and perform certain unauthorized actions, which will aid in further attacks. Versions prior to Brocade SANnav 2.0 are vulnerable. Technologies...

Fortinet FortiExtender CVE-2019-15710 OS Command Injection Vulnerability

Description Fortinet FortiExtender is prone to an OS command-injection vulnerability because it fails to properly sanitize user-supplied input. An attacker may exploit this issue to inject and execute arbitrary commands within the context of the affected application; this may aid in further...

McAfee Total Protection Windows Client CVE-2019-3636 Local Security Bypass Vulnerability

Description McAfee Total Protection Windows client is prone to a local security-bypass vulnerability. Local attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. Versions prior to McAfee Total Protection 16.0.R...

Symantec SONAR Security Bypass

SUMMARY Symantec has released an update to address an issue that was discovered in the Symantec SONAR component. AFFECTED PRODUCTS Component: SONAR Engine --- CVE | Affected Versions | Remediation CVE-2019-12752 | Prior to 12.0.2 | Upgrade to 12.0.2 Note: Live updatable; no action required by...

Qt QtBase Module CVE-2019-18281 Denial of Service Vulnerability

Description Qt QtBase module is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause the application to crash, denying service to legitimate users. Qt QtBase module version 5.11.x and 5.12.x prior to 5.12.5 are vulnerable. Technologies Affected Qt Qt Base 5.11.0...

Elasticsearch CVE-2019-7619 Information Disclosure Vulnerability

Description Elasticsearch is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. Versions prior to Elasticsearch 7.4.0 or 6.8.4 are vulnerable. Technologies Affected Elasticsearch...

NetApp Clustered Data ONTAP CVE-2019-5508 Denial of Service Vulnerability

Description NetApp Clustered Data ONTAP is prone to a denial-of-service vulnerability. Remote attackers can exploit this issue to cause denial-of-service conditions. Clustered Data ONTAP 9.2 through 9.6 versions are vulnerable. Technologies Affected NetApp Clustered Data ONTAP 9.2 NetApp Clustere...

VMware vCenter Server Appliance Multiple Information Disclosure Vulnerabilities

Description VMware vCenter Server Appliance is prone to multiple information-disclosure vulnerabilities. Attackers can exploit these issues to obtain sensitive information that may aid in further attacks. VMware vCenter Server 6.5 and 6.7 are vulnerable; other versions may also be affected...

IBM Security Guardium Big Data Intelligence CVE-2019-4311 Information Disclosure Vulnerability

Description IBM Security Guardium Big Data Intelligence is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Security Guardium Big Data Intelligence 4.0 is vulnerable; other versions may also be...

Elasticsearch Logstash Beats Input Plugin CVE-2019-7620 Denial of Service Vulnerability

Description Elasticsearch Logstash is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause the the application to stop responding, denying service to legitimate users. Technologies Affected Elasticsearch Logstash 1.0.14 Elasticsearch Logstash 1.0.15 Elasticsearc...

PHP CVE-2019-11043 Remote Code Execution Vulnerability

Description PHP is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause a denial-of-service condition. Technologies Affected PHP PHP 7.0 PHP...

Philips IntelliSpace Perinatal CVE-2019-13546 Local Security Bypass Vulnerability

Description Philips IntelliSpace Perinatal is prone to a local security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. Philips IntelliSpace Perinatal versions K and prior are...

D-Link DAP-1320 Wireless Range Extender CVE-2019-17505 Information Disclosure Vulnerability

Description D-Link DAP-1320 Wireless Range Extender is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information and perform unauthorized actions. D-Link DAP-1320 Rev A2 version 1.21 is vulnerable. Other versions may also be affected...

Multiple VMware Products CVE-2019-5536 Denial of Service Vulnerability

Description Multiple VMware products are prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. Technologies Affected VMWare Esxi 6.5 VMWare Esxi 6.7 VMWare Fusion 11.0 VMWare Fusion 11.0.1 VMWare Fusion 11.0.2 VMWare Fusion 11.0.3...

GNU GRUB2 'grub2-set-bootflag' Utility Local Denial of Service Vulnerability

Description GNU GRUB2 is prone to a local denial-of-service vulnerability. A local attacker can exploit this issue to cause a denial-of-service condition. Technologies Affected GNU GRUB2 Redhat Enterprise Linux 8 Recommendations Permit local access for trusted individuals only. Where possible, us...

Rittal Chiller ICSA-19-297-01 Authentication Bypass and Hardcoded Credentials Vulnerabilities

Description Rittal Chiller is prone to the following security vulnerabilities: 1. An authentication bypass vulnerability 2. A hard-coded credentials vulnerability An attacker can exploit these issues to bypass the authentication mechanism and gain unauthorized access to the affected device. This...

Honeywell IP-AK2 CVE-2019-13525 Information Disclosure Vulnerability

Description Honeywell IP-AK2 is prone to an information-disclosure vulnerability. An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. Honeywell IP-AK2 Access Control Panel version 1.04.07 and prior are vulnerable. Technologies Affected Honeywell...

Multiple IBM Products CVE-2019-4459 Cross Site Scripting Vulnerability

Description Multiple IBM Products are prone to a cross-site scripting vulnerability because they fail to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may...

Multiple IBM Products CVE-2019-4395 Local Information Disclosure Vulnerability

Description Multiple IBM products are prone to a local information-disclosure vulnerability. Exploiting this issue may allow a local attacker to obtain sensitive information that may aid in further attacks. Technologies Affected IBM Cloud Orchestrator 2.4 IBM Cloud Orchestrator 2.4.0.1 IBM Cloud...

Adobe Acrobat and Reader CVE-2019-8237 Security Bypass Vulnerability

Description Adobe Acrobat and Reader are prone to a security-bypass vulnerability. Successfully exploiting this issue will allow attackers to bypass security restrictions and perform unauthorized actions; this may aid in launching further attacks. Technologies Affected Adobe Acrobat 2017.008.3005...

IBM Cloud Orchestrator CVE-2019-4398 Local Information Disclosure Vulnerability

Description IBM Cloud Orchestrator is prone to local information-disclosure vulnerability. Exploiting this issue may allow a local attacker to obtain sensitive information that may aid in further attacks. IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise versions 2.5, 2.5.0.1, 2.5.0.2,...

IBM Cloud Orchestrator CVE-2019-4397 Information Disclosure Vulnerability

Description IBM Cloud Orchestrator is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. The following versions are affected: IBM Cloud Orchestrator 2.5, 2.5.0.1, 2.5.0.2, 2.5.0.3, 2.5.0.4...

IBM Security Guardium Big Data Intelligence CVE-2019-4314 Information Disclosure Vulnerability

Description IBM Security Guardium Big Data Intelligence is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Security Guardium Big Data Intelligence 4.0 is vulnerable; other versions may also be...

IBM Liberty for Java for Cloud Multiple Security Vulnerabilities

Description IBM Liberty for Java for Cloud is prone to an information-disclosure and security bypass vulnerabilities. Attackers can exploit these issues to bypass certain security restrictions or obtain sensitive information which may lead to further attacks. Technologies Affected IBM...

Apache POI CVE-2019-12415 XML External Entity Information Disclosure Vulnerability

Description Apache POI is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may lead to further attacks. Apache POI version 4.1.0 and prior are vulnerable. Technologies Affected Apache POI 0.1 Apache POI 0.10.0 Apache...

IBM Cloud Orchestrator CVE-2019-4399 Information Disclosure Vulnerability

Description IBM Cloud Orchestrator is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. The following versions are vulnerable: IBM Cloud Orchestrator 2.5, 2.5.0.1, 2.5.0.2, 2.5.0.3,...

Adobe Acrobat and Reader CVE-2019-8238 Information Disclosure Vulnerability

Description Adobe Acrobat and Reader are prone to information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. Technologies Affected Adobe Acrobat 2017.008.30051 Adobe Acrobat 2017.011.30059 Adobe Acrobat...

Multiple Jenkins Plugins Multiple Security Vulnerabilities

...

Multiple IBM Products CVE-2019-4400 Directory Traversal Vulnerability

Description Multiple IBM Products are prone to a directory-traversal vulnerability. An attacker can exploit this issue using directory-traversal characters '../' to read arbitrary files that contain sensitive information or to access files outside of the restricted directory to obtain sensitive...

IBM Cloud Orchestrator CVE-2019-4396 CRLF Injection Vulnerability

Description IBM Cloud Orchestrator is prone to a CRLF-injection vulnerability. An attacker can exploit this issue to add arbitrary headers to a webpage. This may aid in further attacks. The following versions are vulnerable: IBM Cloud Orchestrator 2.5, 2.5.0.1, 2.5.0.2, 2.5.0.3, 2.5.0.4, 2.5.0.5,...