Multiple IBM Products CVE-2019-4394 Local Security Vulnerability

Description Multiple IBM Products are prone to a local security vulnerability. Successfully exploiting this issue will allow attackers to perform unauthorized actions; this may aid in launching further attacks. Technologies Affected IBM Cloud Orchestrator 2.4 IBM Cloud Orchestrator 2.4.0.1 IBM...

Cisco TelePresence Advanced Media Gateway CVE-2019-15966 Denial of Service Vulnerability

Description Cisco TelePresence Advanced Media Gateway is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCvr69362. Technologies Affected Cisco TelePresence Advanced Media...

OpenSC Multiple Denial of Service Vulnerabilities

Description OpenSC is prone to multiple denial-of-service vulnerabilities. An attacker can exploit this issue to cause denial-of-service conditions. OpenSC through version 0.19.0 and 0.20.x through 0.20.0-rc3 are vulnerable. Technologies Affected Opensc-Project Opensc 0.10.0 Opensc-Project Opensc...

CODESYS ENI Server CVE-2019-16265 Stack Buffer Overflow Vulnerability

Description CODESYS ENI Server is prone to a stack-based buffer-overflow vulnerability. Exploiting this issue may allow remote attackers to execute arbitrary code within the context of the affected application. Failed attacks will cause denial-of-service conditions. CODESYS ENI Server versions...

Multiple IBM Products CVE-2019-4461 HTTP Response Splitting Vulnerability

Description Multiple IBM Products are prone to an HTTP response-splitting vulnerability. Attackers can leverage this issue to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into having a false sense of...

Cloud Foundry UAA CVE-2019-11282 Information Disclosure Vulnerability

Description Cloud Foundry UAA is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. Cloud Foundry UAA versions prior to 74.3.0 are vulnerable. Technologies Affected Cloud Foundry UAA 63.0...

OpenAFS CVE-2019-18602 Information Disclosure Vulnerability

Description OpenAFS is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks. The following versions are affected: OpenAFS 1.0 through 1.6.23 OpenAFS 1.8.0 through 1.8.4 Technologies Affected OpenAFS...

Cloud Foundry SMB Volume CVE-2019-11283 Information Disclosure Vulnerability

Description Cloud Foundry SMB Volume is prone to an information disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. Technologies Affected Cloud Foundry SMB Volume 1.0.0 Cloud Foundry SMB Volume 1.1.0 Cloud Foundry...

IBM Security Guardium Big Data Intelligence CVE-2019-4306 Security Bypass Vulnerability

Description IBM Security Guardium Big Data Intelligence is prone to a security-bypass vulnerability. Successfully exploiting this issue will allow attackers to bypass security restrictions and perform unauthorized actions; this may aid in launching further attacks. Security Guardium Big Data...

IBM Security Guardium Big Data Intelligence CVE-2019-4307 Information Disclosure Vulnerability

Description IBM Security Guardium Big Data Intelligence is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. IBM Security Guardium Big Data Intelligence 4.0 is vulnerable. Technologies Affected IBM...

Google Chrome Prior to 78 Multiple Security Vulnerabilities

Description Google Chrome is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of the browser, obtain sensitive information, conduct spoofing attacks, bypass certain security restrictions and perform unauthorized actions or cau...

IBM Security Guardium Big Data Intelligence CVE-2019-4330 Information Disclosure Vulnerability

Description IBM Security Guardium Big Data Intelligence is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Security Guardium Big Data Intelligence 4.0 is vulnerable; other versions may also be...

Mozilla Firefox Multiple Security Vulnerabilities

Description Mozilla Firefox is prone to the following security vulnerabilities: 1. Multiple security-bypass vulnerabilities 2. A security vulnerability Attackers can exploit these issues to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks...

IBM Security Guardium Big Data Intelligence CVE-2019-4329 Security Bypass Vulnerability

Description IBM Security Guardium Big Data Intelligence is prone to a security-bypass vulnerability. Successfully exploiting this issue will allow attackers to bypass security restrictions and perform unauthorized actions; this may aid in launching further attacks. Security Guardium Big Data...

ABB Relion 670 Series CVE-2019-18253 Directory Traversal Vulnerability

Description ABB Relion 670 Series is prone to a directory-traversal vulnerability. Remote attackers may use a specially crafted request with directory-traversal sequences '../' to retrieve sensitive information. This may aid in further attacks. The following ABB products are affected: Relion 670...

IBM Security Guardium Big Data Intelligence CVE-2019-4309 Hardcoded Credentials Vulnerability

Description IBM Security Guardium Big Data Intelligence is prone to a hard-coded credentials vulnerability. An attacker can exploit this issue to gain unauthorized access to the vulnerable system and perform unauthorized actions. Security Guardium Big Data Intelligence 4.0 is vulnerable...

Trend Micro Anti-Threat Toolkit CVE-2019-9491 Remote Code Execution Vulnerability

Description Trend Micro Anti-Threat Toolkit is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial of service condition. The following products are...

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities

Description Mozilla Firefox and Firefox ESR are prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions and bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks...

Mozilla Firefox ESR CVE-2019-11758 Memory Corruption Vulnerability

Description Mozilla Firefox ESR is prone to a memory-corruption vulnerability. A remote attacker can leverage this issue to execute arbitrary code within the context of the application. Successful exploits will compromise the application and possibly the underlying system. This issue is fixed in:...

OpenAFS CVE-2019-18603 Information Disclosure Vulnerability

Description OpenAFS is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks. The following versions are affected: OpenAFS 1.0 through 1.6.23 OpenAFS 1.8.0 through 1.8.4 Technologies Affected OpenAFS...

Schneider Electric ProClima ICSA-19-295-01 Multiple Remote Code Execution Vulnerabilities

Description Schneider Electric ProClima is prone to multiple remote code-execution vulnerabilities. Attackers can exploit these issues to execute arbitrary code on the system. Schneider Electric ProClima versions prior to 8.0.0 are vulnerable. Technologies Affected Schneider-Electric Proclima 6.0...

IBM Security Guardium Big Data Intelligence CVE-2019-4339 Information Disclosure Vulnerability

Description IBM Security Guardium Big Data Intelligence is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Technologies Affected IBM Security Guardium Big Data Intelligence 4.0 Recommendations Bloc...

OpenAFS CVE-2019-18601 Denial of Service Vulnerability

Description OpenAFS is prone to a denial-of-service vulnerability. A remote attacker may exploit this issue to cause a denial-of-service condition; denying service to legitimate users. OpenAFS 1.0 through 1.6.23 and 1.8.0 through 1.8.4 are vulnerable. Technologies Affected OpenAFS Openafs 1.0.0...

IBM API Connect CVE-2019-4600 Information Disclosure Vulnerability

Description IBM API Connect is prone to an information-disclosure vulnerability. An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. IBM API Connect 5.0.0.0 through 5.0.8.7 are vulnerable. Technologies Affected IBM API Connect 5.0.0.0 IBM API Connec...

Fortinet FortiOS CVE-2019-15703 Insufficient Entropy Vulnerability

Description Fortinet FortiOS is prone to an insufficent entropy vulnerability. Remote attackers can exploit this issue to perform side-channel attacks and obtain sensitive information. This aids in other attacks. Technologies Affected Fortinet FortiOS 2.36.0 Fortinet FortiOS 2.50.0 Fortinet Forti...

Foxit Studio Photo CVE-2019-17138 Out-Of-Bounds Read Information Disclosure Vulnerability

Description Foxit Studio Photo is prone to a information disclosure vulnerability. An attacker can exploit this issue to obtain sensitive information. Foxit Studio Photo 3.6.6.915 and prior are vulnerable. Technologies Affected Foxit Studio Photo 3.6.6.915 Recommendations Block external access at...

libxslt CVE-2019-18197 Arbitrary Code Execution Vulnerability

Description libxslt is prone to an arbitrary code-execution vulnerability. Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions. libxslt version 1.1.33 is...

Fortinet FortiMail Multiple Remote Privilege Escalation Vulnerability

Description Fortinet FortiMail is prone to multiple remote prone privilege-escalation vulnerability. An attacker can exploit these issues to gain elevated privileges, obtain sensitive information or cause denial-of-service conditions. Technologies Affected Fortinet FortiMail 5.4.0 Fortinet...

GNU Guix CVE-2019-18192 Local Privilege Escalation Vulnerability

Description GNU Guix is prone to a local privilege-escalation vulnerability. An attacker may exploit this issue to gain elevated privileges. Successful exploits may aid in further attacks. GNU Guix version 1.0.1 is vulnerable; other versions may also be affected. Technologies Affected GNU Guix...

Apache Thrift CVE-2019-0210 Remote Security Vulnerability

Description Apache Thrift is prone to a remote security vulnerability. An attacker can leverage this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. Apache Thrift versions 0.9.3 through 0.12.0 are vulnerable. Technologies Affected Apache...

Multiple IBM Products CVE-2019-4546 Unauthorized Access Vulnerability

Description Multiple IBM Products are prone to an unauthorized-access vulnerability Attackers can exploit this issue to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. Technologies Affected IBM Maximo Asset Management IBM Maximo Health Safety and...

Dell EMC RSA Authentication Manager XML External Entity Information Disclosure Vulnerability

Description Dell EMC RSA Authentication Manager is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may lead to further attacks. Dell RSA Authentication Manager version 8.4 P6 and prior are vulnerable. Technologies...

AVEVA IEC870IP Driver CVE-2019-13537 Stack Buffer Overflow Vulnerability

...

Citrix NetScaler ADC and NetScaler Gateway CVE-2019-18225 Authentication Bypass Vulnerability

Description Citrix NetScaler Application Delivery Controller ADC and NetScaler Gateway are prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism. This may aid in further attacks. The following Citrix products are affected: Citri...

Microsoft Visual Studio Code CVE-2019-1414 Local Privilege Escalation Vulnerability

Description Microsoft Visual Studio Code is prone to a local privilege-escalation vulnerability. An attackers may exploit this issue to gain elevated privileges. Technologies Affected Microsoft Visual Studio Code Recommendations Permit local access for trusted individuals only. Where possible, us...

Horner Automation Cscape ICSA-19-290-02 Multiple Arbitrary Code Execution Vulnerabilities

Description Horner Automation Cscape is prone to multiple arbitrary code-execution vulnerabilities. Attackers can exploit these issues to execute arbitrary code within the context of the affected application, crash the device or obtain sensitive information. Versions prior to Horner Automation...

Jenkins Plugins Multiple Security Vulnerabilities

...

Multiple Cisco Products CVE-2019-15264 Denial of Service Vulnerability

Description Multiple Cisco Products are prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCvo40697. Technologies Affected Cisco Aironet 1540 Series Access Points Cisco Aironet 1560...

Cisco SPA100 Series Analog Telephone Adapters CVE-2019-12704 Information Disclosure Vulnerability

Description Cisco SPA100 Series Analog Telephone Adapters are prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCvq50503. Technologies Affected...

Foxit PhantomPDF Multiple Security Vulnerabilities

Description Foxit PhantomPDF is prone to the following vulnerabilities: 1. Multiple arbitrary code-execution vulnerabilities 2. An information disclosure vulnerability 3. A stack-based buffer-overflow vulnerability Attackers can exploit these issues to execute arbitrary code in the context of...

Cisco Identity Services Engine CVE-2019-12638 HTML Injection Vulnerability

Description Cisco Identity Services Engine is prone to an HTML-injection vulnerability because it fails to properly validate user-supplied input. Successful exploits will result in the execution of arbitrary attacker-supplied HTML and script code in the context of the affected application,...

Drupal Booking and Availability Management Tools Module Access Bypass Vulnerability

Description The Booking and Availability Management Tools BAT module for Drupal is prone to an access-bypass vulnerability. Attackers can leverage this issue to bypass security restrictions and perform unauthorized actions; this may aid in launching further attacks. Booking and Availability...

Cisco Wireless LAN Controller CVE-2019-15262 Denial of Service Vulnerability

Description Cisco Wireless LAN Controller is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to exhaust resources, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCvp34148. Technologies Affected Cisco Wireless Lan Controller...

ISC BIND CVE-2019-6476 Remote Denial of Service Vulnerability

Description ISC BIND is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. ISC BIND 9.14.0 through 9.14.6, and 9.15.0 through 9.15.4 are vulnerable. Technologies Affected ISC Bind 9.14.0 ISC Bind 9.14.1 ISC Bind 9.14.2 ISC...

Cisco TelePresence CE Software CVE-2019-15275 Local Privilege Escalation Vulnerability

Description Cisco TelePresence Collaboration Endpoint Software is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary commands with root level privileges. This issue is being tracked by Cisco Bug IDs CSCvq29890 and CSCvq29895. Versions...

Cisco SPA100 Series Analog Telephone Adapters CVE-2019-15258 Denial of Service Vulnerability

Description Cisco SPA100 Series Analog Telephone Adapters are prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCvq50529. Technologies Affected Cisco Small Business Voice...

Apache Thrift CVE-2019-0205 Denial of Service Vulnerability

Description Apache Thrift is prone to a denial-of-service vulnerability. Attackers may leverage this issue to cause the application enter into endless loop, denying service to legitimate users. Apache Thrift version 0.12.0 and prior are vulnerable. Technologies Affected Apache Thrift 0.10.0 Apach...

Cisco SPA100 Series Analog Telephone Adapters CVE-2019-15257 Information Disclosure Vulnerability

Description Cisco SPA100 Series Analog Telephone Adapters are prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCvq50523. Technologies Affected...

Cisco SPA100 Series Analog Telephone Adapter Multiple Arbitrary Code Execution Vulnerabilities

Description Cisco SPA100 Series Analog Telephone Adapter is prone to multiple arbitrary code-execution vulnerabilities. Successfully exploiting these issues will allow attackers to execute arbitrary code with elevated privileges. These issues are being tracked by Cisco Bug ID CSCvq50494...

Multiple Cisco Products CVE-2019-12636 Cross Site Request Forgery Vulnerability

Description Multiple Cisco Products are prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. This issue is being tracked by Cisco...