6867 matches found
Multiple IBM Products CVE-2019-4461 HTTP Response Splitting Vulnerability
Description Multiple IBM Products are prone to an HTTP response-splitting vulnerability. Attackers can leverage this issue to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into having a false sense of...
Multiple IBM Products CVE-2019-4395 Local Information Disclosure Vulnerability
Description Multiple IBM products are prone to a local information-disclosure vulnerability. Exploiting this issue may allow a local attacker to obtain sensitive information that may aid in further attacks. Technologies Affected IBM Cloud Orchestrator 2.4 IBM Cloud Orchestrator 2.4.0.1 IBM Cloud...
IBM Cloud Orchestrator CVE-2019-4397 Information Disclosure Vulnerability
Description IBM Cloud Orchestrator is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. The following versions are affected: IBM Cloud Orchestrator 2.5, 2.5.0.1, 2.5.0.2, 2.5.0.3, 2.5.0.4...
IBM Cloud Orchestrator CVE-2019-4399 Information Disclosure Vulnerability
Description IBM Cloud Orchestrator is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. The following versions are vulnerable: IBM Cloud Orchestrator 2.5, 2.5.0.1, 2.5.0.2, 2.5.0.3,...
IBM Cloud Orchestrator CVE-2019-4398 Local Information Disclosure Vulnerability
Description IBM Cloud Orchestrator is prone to local information-disclosure vulnerability. Exploiting this issue may allow a local attacker to obtain sensitive information that may aid in further attacks. IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise versions 2.5, 2.5.0.1, 2.5.0.2,...
ABB Relion 670 Series CVE-2019-18253 Directory Traversal Vulnerability
Description ABB Relion 670 Series is prone to a directory-traversal vulnerability. Remote attackers may use a specially crafted request with directory-traversal sequences '../' to retrieve sensitive information. This may aid in further attacks. The following ABB products are affected: Relion 670...
IBM Security Guardium Big Data Intelligence CVE-2019-4339 Information Disclosure Vulnerability
Description IBM Security Guardium Big Data Intelligence is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Technologies Affected IBM Security Guardium Big Data Intelligence 4.0 Recommendations Bloc...
OpenAFS CVE-2019-18602 Information Disclosure Vulnerability
Description OpenAFS is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks. The following versions are affected: OpenAFS 1.0 through 1.6.23 OpenAFS 1.8.0 through 1.8.4 Technologies Affected OpenAFS...
Mozilla Firefox ESR CVE-2019-11758 Memory Corruption Vulnerability
Description Mozilla Firefox ESR is prone to a memory-corruption vulnerability. A remote attacker can leverage this issue to execute arbitrary code within the context of the application. Successful exploits will compromise the application and possibly the underlying system. This issue is fixed in:...
OpenAFS CVE-2019-18603 Information Disclosure Vulnerability
Description OpenAFS is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks. The following versions are affected: OpenAFS 1.0 through 1.6.23 OpenAFS 1.8.0 through 1.8.4 Technologies Affected OpenAFS...
Trend Micro Anti-Threat Toolkit CVE-2019-9491 Remote Code Execution Vulnerability
Description Trend Micro Anti-Threat Toolkit is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial of service condition. The following products are...
IBM Security Guardium Big Data Intelligence CVE-2019-4329 Security Bypass Vulnerability
Description IBM Security Guardium Big Data Intelligence is prone to a security-bypass vulnerability. Successfully exploiting this issue will allow attackers to bypass security restrictions and perform unauthorized actions; this may aid in launching further attacks. Security Guardium Big Data...
Google Chrome Prior to 78 Multiple Security Vulnerabilities
Description Google Chrome is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of the browser, obtain sensitive information, conduct spoofing attacks, bypass certain security restrictions and perform unauthorized actions or cau...
Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
Description Mozilla Firefox and Firefox ESR are prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions and bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks...
Cloud Foundry UAA CVE-2019-11282 Information Disclosure Vulnerability
Description Cloud Foundry UAA is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. Cloud Foundry UAA versions prior to 74.3.0 are vulnerable. Technologies Affected Cloud Foundry UAA 63.0...
Schneider Electric ProClima ICSA-19-295-01 Multiple Remote Code Execution Vulnerabilities
Description Schneider Electric ProClima is prone to multiple remote code-execution vulnerabilities. Attackers can exploit these issues to execute arbitrary code on the system. Schneider Electric ProClima versions prior to 8.0.0 are vulnerable. Technologies Affected Schneider-Electric Proclima 6.0...
IBM Security Guardium Big Data Intelligence CVE-2019-4309 Hardcoded Credentials Vulnerability
Description IBM Security Guardium Big Data Intelligence is prone to a hard-coded credentials vulnerability. An attacker can exploit this issue to gain unauthorized access to the vulnerable system and perform unauthorized actions. Security Guardium Big Data Intelligence 4.0 is vulnerable...
Mozilla Firefox Multiple Security Vulnerabilities
Description Mozilla Firefox is prone to the following security vulnerabilities: 1. Multiple security-bypass vulnerabilities 2. A security vulnerability Attackers can exploit these issues to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks...
IBM Security Guardium Big Data Intelligence CVE-2019-4307 Information Disclosure Vulnerability
Description IBM Security Guardium Big Data Intelligence is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. IBM Security Guardium Big Data Intelligence 4.0 is vulnerable. Technologies Affected IBM...
Cloud Foundry SMB Volume CVE-2019-11283 Information Disclosure Vulnerability
Description Cloud Foundry SMB Volume is prone to an information disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. Technologies Affected Cloud Foundry SMB Volume 1.0.0 Cloud Foundry SMB Volume 1.1.0 Cloud Foundry...
OpenAFS CVE-2019-18601 Denial of Service Vulnerability
Description OpenAFS is prone to a denial-of-service vulnerability. A remote attacker may exploit this issue to cause a denial-of-service condition; denying service to legitimate users. OpenAFS 1.0 through 1.6.23 and 1.8.0 through 1.8.4 are vulnerable. Technologies Affected OpenAFS Openafs 1.0.0...
IBM Security Guardium Big Data Intelligence CVE-2019-4306 Security Bypass Vulnerability
Description IBM Security Guardium Big Data Intelligence is prone to a security-bypass vulnerability. Successfully exploiting this issue will allow attackers to bypass security restrictions and perform unauthorized actions; this may aid in launching further attacks. Security Guardium Big Data...
IBM Security Guardium Big Data Intelligence CVE-2019-4330 Information Disclosure Vulnerability
Description IBM Security Guardium Big Data Intelligence is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Security Guardium Big Data Intelligence 4.0 is vulnerable; other versions may also be...
IBM API Connect CVE-2019-4600 Information Disclosure Vulnerability
Description IBM API Connect is prone to an information-disclosure vulnerability. An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. IBM API Connect 5.0.0.0 through 5.0.8.7 are vulnerable. Technologies Affected IBM API Connect 5.0.0.0 IBM API Connec...
Fortinet FortiMail Multiple Remote Privilege Escalation Vulnerability
Description Fortinet FortiMail is prone to multiple remote prone privilege-escalation vulnerability. An attacker can exploit these issues to gain elevated privileges, obtain sensitive information or cause denial-of-service conditions. Technologies Affected Fortinet FortiMail 5.4.0 Fortinet...
Fortinet FortiOS CVE-2019-15703 Insufficient Entropy Vulnerability
Description Fortinet FortiOS is prone to an insufficent entropy vulnerability. Remote attackers can exploit this issue to perform side-channel attacks and obtain sensitive information. This aids in other attacks. Technologies Affected Fortinet FortiOS 2.36.0 Fortinet FortiOS 2.50.0 Fortinet Forti...
Foxit Studio Photo CVE-2019-17138 Out-Of-Bounds Read Information Disclosure Vulnerability
Description Foxit Studio Photo is prone to a information disclosure vulnerability. An attacker can exploit this issue to obtain sensitive information. Foxit Studio Photo 3.6.6.915 and prior are vulnerable. Technologies Affected Foxit Studio Photo 3.6.6.915 Recommendations Block external access at...
libxslt CVE-2019-18197 Arbitrary Code Execution Vulnerability
Description libxslt is prone to an arbitrary code-execution vulnerability. Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions. libxslt version 1.1.33 is...
AVEVA IEC870IP Driver CVE-2019-13537 Stack Buffer Overflow Vulnerability
...
Microsoft Visual Studio Code CVE-2019-1414 Local Privilege Escalation Vulnerability
Description Microsoft Visual Studio Code is prone to a local privilege-escalation vulnerability. An attackers may exploit this issue to gain elevated privileges. Technologies Affected Microsoft Visual Studio Code Recommendations Permit local access for trusted individuals only. Where possible, us...
Apache Thrift CVE-2019-0210 Remote Security Vulnerability
Description Apache Thrift is prone to a remote security vulnerability. An attacker can leverage this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. Apache Thrift versions 0.9.3 through 0.12.0 are vulnerable. Technologies Affected Apache...
Horner Automation Cscape ICSA-19-290-02 Multiple Arbitrary Code Execution Vulnerabilities
Description Horner Automation Cscape is prone to multiple arbitrary code-execution vulnerabilities. Attackers can exploit these issues to execute arbitrary code within the context of the affected application, crash the device or obtain sensitive information. Versions prior to Horner Automation...
Dell EMC RSA Authentication Manager XML External Entity Information Disclosure Vulnerability
Description Dell EMC RSA Authentication Manager is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may lead to further attacks. Dell RSA Authentication Manager version 8.4 P6 and prior are vulnerable. Technologies...
GNU Guix CVE-2019-18192 Local Privilege Escalation Vulnerability
Description GNU Guix is prone to a local privilege-escalation vulnerability. An attacker may exploit this issue to gain elevated privileges. Successful exploits may aid in further attacks. GNU Guix version 1.0.1 is vulnerable; other versions may also be affected. Technologies Affected GNU Guix...
Citrix NetScaler ADC and NetScaler Gateway CVE-2019-18225 Authentication Bypass Vulnerability
Description Citrix NetScaler Application Delivery Controller ADC and NetScaler Gateway are prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism. This may aid in further attacks. The following Citrix products are affected: Citri...
Multiple IBM Products CVE-2019-4546 Unauthorized Access Vulnerability
Description Multiple IBM Products are prone to an unauthorized-access vulnerability Attackers can exploit this issue to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. Technologies Affected IBM Maximo Asset Management IBM Maximo Health Safety and...
Cisco TelePresence CE Software CVE-2019-15273 Multiple Arbitrary File Overwrite Vulnerabilities
Description Cisco TelePresence Collaboration Endpoint Software is prone to multiple local arbitrary file-overwrite vulnerabilities. Successful exploits may allow an attacker to overwrite arbitrary files on the underlying file-system or cause denial-of-service conditions. These issues are being...
Cisco Wireless LAN Controller Software CVE-2019-15266 Local Directory Traversal Vulnerability
Description Cisco Wireless LAN Controller Software is prone to a local directory-traversal vulnerability. An attacker can exploit this issue using directory-traversal characters '../' to access or read arbitrary files that contain sensitive information or to access files outside of the restricted...
Multiple Cisco Products CVE-2019-15264 Denial of Service Vulnerability
Description Multiple Cisco Products are prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCvo40697. Technologies Affected Cisco Aironet 1540 Series Access Points Cisco Aironet 1560...
Apache Thrift CVE-2019-0205 Denial of Service Vulnerability
Description Apache Thrift is prone to a denial-of-service vulnerability. Attackers may leverage this issue to cause the application enter into endless loop, denying service to legitimate users. Apache Thrift version 0.12.0 and prior are vulnerable. Technologies Affected Apache Thrift 0.10.0 Apach...
Cisco Aironet Access Points CVE-2019-15265 Denial of Service Vulnerability
Description Cisco Aironet Access Points are prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCvn80147. Technologies Affected Cisco Aironet 1540 Series Access Points Cisco Aironet 15...
Cisco SPA100 Series Analog Telephone Adapters CVE-2019-12708 Information Disclosure Vulnerability
Description Cisco SPA100 Series Analog Telephone Adapters are prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCvq50520. Technologies Affected...
Cisco Firepower Management Center CVE-2019-15280 HTML Injection Vulnerability
Description Cisco Firepower Management Center is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attack...
Cisco Identity Services Engine CVE-2019-12637 Multiple HTML Injection Vulnerabilities
Description Cisco Identity Services Engine is prone to multiple HTML-injection vulnerabilities because it fails to properly validate user-supplied input. Successful exploits will result in the execution of arbitrary attacker-supplied HTML and script code in the context of the affected application...
Foxit PhantomPDF Multiple Security Vulnerabilities
Description Foxit PhantomPDF is prone to the following vulnerabilities: 1. Multiple arbitrary code-execution vulnerabilities 2. An information disclosure vulnerability 3. A stack-based buffer-overflow vulnerability Attackers can exploit these issues to execute arbitrary code in the context of...
Cisco TelePresence CE Software CVE-2019-15962 Local Arbitrary File Write Vulnerability
Description Cisco TelePresence Collaboration Endpoint Software is prone to a local arbitrary file-write vulnerability. Successful exploits may allow an attacker to write arbitrary files on the root directory. This issue is being tracked by Cisco Bug ID CSCvq47315. Technologies Affected Cisco...
Cisco SPA100 Series Analog Telephone Adapters CVE-2019-15257 Information Disclosure Vulnerability
Description Cisco SPA100 Series Analog Telephone Adapters are prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCvq50523. Technologies Affected...
Cisco Wireless LAN Controller CVE-2019-15262 Denial of Service Vulnerability
Description Cisco Wireless LAN Controller is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to exhaust resources, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCvp34148. Technologies Affected Cisco Wireless Lan Controller...
Cisco TelePresence CE Software CVE-2019-15274 Local Command Injection Vulnerability
Description Cisco TelePresence CE Software is prone to a local command-injection vulnerability. An attacker may exploit this issue to inject and execute arbitrary commands. This issue being tracked by Cisco Bug IDs CSCvq29893. Technologies Affected Cisco TelePresence CE Software 8.0.0 Cisco...
Cisco Identity Services Engine CVE-2019-15282 Information Disclosure Vulnerability
Description Cisco Identity Services Engine is prone to an information disclosure vulnerability. An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. This issue is being tracked by Cisco bug ID CSCvq52402. Technologies Affected Cisco Identity Services...