Cisco Expressway Series and Telepresence VCS CVE-2019-12705 Cross Site Scripting Vulnerability

Description Cisco Expressway Series and Telepresence Video Communication Server VCS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting us...

Cisco Firepower Management Center CVE-2019-15280 HTML Injection Vulnerability

Description Cisco Firepower Management Center is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attack...

Cisco TelePresence CE Software CVE-2019-15274 Local Command Injection Vulnerability

Description Cisco TelePresence CE Software is prone to a local command-injection vulnerability. An attacker may exploit this issue to inject and execute arbitrary commands. This issue being tracked by Cisco Bug IDs CSCvq29893. Technologies Affected Cisco TelePresence CE Software 8.0.0 Cisco...

Cisco Firepower Management Center CVE-2019-15270 HTML Injection Vulnerability

Description Cisco Firepower Management Center is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attack...

Cisco SPA100 Series Analog Telephone Adapters CVE-2019-12702 Cross Site Scripting Vulnerability

Description Cisco SPA100 Series Analog Telephone Adapters are prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the...

Cisco Aironet Access Points CVE-2019-15260 Unauthorized Access Vulnerability

Description Cisco Aironet Access Points is prone to an unauthorized access vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions, gain elevated privileges. This may aid in launching further attacks. This issue is tracked by Cisc...

Cisco Small Business Smart and Managed Switches CVE-2019-12718 Cross Site Scripting Vulnerability

Description Cisco Small Business Smart and Managed Switches are prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of th...

Cisco TelePresence CE Software CVE-2019-15273 Multiple Arbitrary File Overwrite Vulnerabilities

Description Cisco TelePresence Collaboration Endpoint Software is prone to multiple local arbitrary file-overwrite vulnerabilities. Successful exploits may allow an attacker to overwrite arbitrary files on the underlying file-system or cause denial-of-service conditions. These issues are being...

VMware SD-WAN by VeloCloud CVE-2019-5533 Information Disclosure Vulnerability

...

Cisco Identity Services Engine CVE-2019-15281 HTML Injection Vulnerability

Description Cisco Identity Services Engine is prone to an HTML-injection vulnerability because it fails to properly validate user-supplied input. Successful exploits will result in the execution of arbitrary attacker-supplied HTML and script code in the context of the affected application,...

Cisco Aironet Access Points CVE-2019-15261 Denial of Service Vulnerability

Description Cisco Aironet Access Points is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCvk79807. Technologies Affected Cisco Aironet 1810 Series Access Points Cisco Aironet 183...

Linux Kernel CVE-2019-17666 Buffer Overflow Vulnerability

Description Linux Kernel is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker can exploit this issue to cause a denial-of-service condition. Due to the nature of this issue, code...

Cisco TelePresence CE Software CVE-2019-15962 Local Arbitrary File Write Vulnerability

Description Cisco TelePresence Collaboration Endpoint Software is prone to a local arbitrary file-write vulnerability. Successful exploits may allow an attacker to write arbitrary files on the root directory. This issue is being tracked by Cisco Bug ID CSCvq47315. Technologies Affected Cisco...

Cisco SPA100 Series Analog Telephone Adapters CVE-2019-12708 Information Disclosure Vulnerability

Description Cisco SPA100 Series Analog Telephone Adapters are prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCvq50520. Technologies Affected...

Cisco Firepower Management Center Multiple Cross Site Scripting Vulnerabilities

Description Cisco Firepower Management Center is prone to multiple cross-site scripting vulnerabilities because they fail to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the...

Cisco Wireless LAN Controller Software CVE-2019-15266 Local Directory Traversal Vulnerability

Description Cisco Wireless LAN Controller Software is prone to a local directory-traversal vulnerability. An attacker can exploit this issue using directory-traversal characters '../' to access or read arbitrary files that contain sensitive information or to access files outside of the restricted...

Ansible CVE-2019-14864 Multiple Information Disclosure Vulnerabilities

Description Ansible is prone to multiple information-disclosure vulnerabilities. Successfully exploiting these issues may allow an attacker to obtain sensitive information that may aid in further attacks. Technologies Affected AnsibleWorks ansible Redhat Ansible Engine 2 Recommendations Block...

Cisco TelePresence CE Software CVE-2019-15277 Local Privilege Escalation Vulnerability

Description Cisco TelePresence Collaboration Endpoint Software is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary commands with root level privileges. This issue is being tracked by Cisco Bug ID CSCvp93715. Versions prior to Cisco...

Cisco Aironet Access Points CVE-2019-15265 Denial of Service Vulnerability

Description Cisco Aironet Access Points are prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCvn80147. Technologies Affected Cisco Aironet 1540 Series Access Points Cisco Aironet 15...

Cisco Identity Services Engine CVE-2019-12637 Multiple HTML Injection Vulnerabilities

Description Cisco Identity Services Engine is prone to multiple HTML-injection vulnerabilities because it fails to properly validate user-supplied input. Successful exploits will result in the execution of arbitrary attacker-supplied HTML and script code in the context of the affected application...

ISC BIND CVE-2019-6475 Authentication Bypass Vulnerability

Description ISC BIND is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to perform unauthorized actions. This may aid in further attacks. ISC BIND versions 9.14.0 through 9.14.6, and 9.15.0 through 9.15.4 are vulnerable. Technologies Affected ISC Bind 9.14.0 IS...

SQLite CVE-2019-8457 Out of Bounds Read Heap Buffer Overflow Vulnerability

Description SQLite is prone to a remote heap-based buffer-overflow vulnerability. Attackers can exploit this issue to crash the application, resulting in a denial-of-service condition. Due to the nature of this issue, arbitrary code execution may be possible but this has not been confirmed...

Cisco Identity Services Engine CVE-2019-15282 Information Disclosure Vulnerability

Description Cisco Identity Services Engine is prone to an information disclosure vulnerability. An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. This issue is being tracked by Cisco bug ID CSCvq52402. Technologies Affected Cisco Identity Services...

Oracle Database Server CVE-2019-2940 Local Security Vulnerability

Description Oracle Database Server is prone to a local security vulnerability. The vulnerability can be exploited over the 'OracleNet' protocol. The 'Core RDBMS' component is affected. This vulnerability affects the following supported versions: 12.1.0.2, 12.2.0.1 and 18c Technologies Affected...

Adobe Acrobat and Reader CVE-2019-8162 Arbitrary Code Execution Vulnerability

Description Adobe Acrobat and Reader are prone to an arbitrary code-execution vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of current user running the affected application. Failed exploits will result in denial-of-service conditions...

Adobe Acrobat and Reader CVE-2019-8160 Cross Site Scripting Vulnerability

Description Adobe Acrobat and Reader are prone to a cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication...

Multiple Sonatype Products CVE-2019-16530 Unspecified Remote Code Execution Vulnerability

Description Multiple Sonatype Products are prone to an unspecified remote code execution vulnerability Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. The following Sonatype products are vulnerable Nexus Repository Manager ...

Oracle E-Business Suite cpuoct2019 Multiple Security Vulnerabilities

Description Oracle E-Business Suite is prone to multiple security vulnerabilities in Oracle Marketing. These vulnerabilities can be exploited over the 'HTTP' protocol. The 'Marketing Administration' component is affected. These vulnerabilities affect the following supported versions: 12.1.1 throu...

Oracle E-Business Suite CVE-2019-3022 Remote Security Vulnerability

Description Oracle E-Business Suite is prone to a remote security vulnerability in Oracle Content Manager. The vulnerability can be exploited over the 'HTTP' protocol. The 'Content' component is affected. This vulnerability affects the following supported versions: 12.1.1 through 12.1.3 and 12.2....

Oracle PeopleSoft Enterprise HCM Human Resources CVE-2019-2951 Remote Security Vulnerability

Description Oracle PeopleSoft Enterprise HCM Human Resources is prone to a remote security vulnerability. These vulnerabilities can be exploited over the 'HTTP' protocol. These vulnerabilities affect the following supported versions: 9.2 Technologies Affected Oracle PeopleSoft Enterprise HCM Huma...

Oracle MySQL Server CVE-2019-2969 Remote Security Vulnerability

Description Oracle MySQL Server is prone to a remote security vulnerability in 'Client programs' component. The vulnerability can be exploited over the 'MySQL' protocol. This vulnerability affects the following supported versions: 5.6.44 and prior, 5.7.26 and prior, 8.0.16 and prior Technologies...

Palo Alto Networks GlobalProtect Agent CVE-2019-17436 Local Privilege Escalation Vulnerability

Description Palo Alto Networks GlobalProtect Agent is prone to a local privilege-escalation vulnerability. Local attackers may exploit this issue to gain elevated privileges on the affected system. Versions prior to Palo Alto Networks GlobalProtect agent 4.1.13 and 5.0.5 for Linux and Mac platfor...

Oracle BI Publisher Multiple Remote Security Vulnerabilities

Description Oracle BI Publisher is prone to multiple remote security vulnerabilities. These vulnerabilities can be exploited over the 'HTTP' protocol. The 'Mobile Service' and 'BI Publisher Security' components are affected. These vulnerabilities affect the following supported versions: 11.1.1.9....

Oracle Java SE/Java SE Embedded CVE-2019-2981 Remote Security Vulnerability

Description Oracle Java SE and Java SE Embedded are prone to a remote security vulnerability. The vulnerability can be exploited over Multiple protocols. This issue affects the 'JAXP' component. This vulnerability affects the following supported versions: Java SE: 7u231, 8u221, 11.0.4, 13; Java S...

Oracle Java SE/Java SE Embedded CVE-2019-2981 Remote Security Vulnerability

Description Oracle Java SE and Java SE Embedded are prone to a remote security vulnerability. The vulnerability can be exploited over Multiple protocols. This issue affects the 'JAXP' component. This vulnerability affects the following supported versions: Java SE: 7u231, 8u221, 11.0.4, 13; Java S...

Oracle JDeveloper and ADF CVE-2019-2899 Remote Security Vulnerability

Description Oracle JDeveloper and ADF are prone to a remote security vulnerability. The vulnerability can be exploited over the 'HTTP' protocol. The 'OAM' component is affected. This vulnerability affects the following supported versions: 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0, 12.2.1.3.0 Technologie...

Oracle E-Business Suite CVE-2019-2930 Remote Security Vulnerability

Description Oracle E-Business Suite is prone to a remote security vulnerability in Oracle Field Service. The vulnerability can be exploited over the 'HTTP' protocol. The 'Wireless' component is affected. This vulnerability affects the following supported versions: 12.1.1 through 12.1.3 and 12.2.3...

Oracle Web Services CVE-2019-2907 Remote Security Vulnerability

Description Oracle Web Services is prone to a remote security vulnerability. The vulnerability can be exploited over the 'HTTP' protocol. The 'SOAP with Attachments API for Java' component is affected. This vulnerability affects the following supported versions: 12.2.1.3.0 Technologies Affected...

Adobe Acrobat and Reader Multiple Arbitrary Code Execution Vulnerabilities

Description Adobe Acrobat and Reader are prone to multiple arbitrary code-execution vulnerabilities. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of current user running the affected application. Failed exploits will result in denial-of-service...

Oracle Primavera P6 Enterprise Project Portfolio Management Remote Security Vulnerability

Description Oracle Primavera P6 Enterprise Project Portfolio Management is prone to a remote security vulnerability. The vulnerability can be exploited over the 'HTTP' protocol. The 'Web Access' component is affected. This vulnerability affects the following supported versions: 15.1.0 through...

Golang Go CVE-2019-17596 Remote Denial of Service Vulnerability

Description Golang Go is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. Versions prior to Go 1.13.2 and Go 1.12.11 are vulnerable. Technologies Affected golang Go 1.12.1 golang Go 1.12.10 golang Go 1.12.5 golang Go...

Oracle Java SE/Java SE Embedded CVE-2019-2962 Remote Security Vulnerability

Description Oracle Java SE and Java SE Embedded are prone to a remote security vulnerability. The vulnerability can be exploited over Multiple protocols. This issue affects the '2D' component. This vulnerability affects the following supported versions: Java SE: 7u231, 8u221, 11.0.4, 13; Java SE...

Oracle E-Business Suite CVE-2019-2994 Remote Security Vulnerability

Description Oracle E-Business Suite is prone to a remote security vulnerability in the Oracle Marketing. This vulnerability can be exploited over the 'HTTP' protocol. The 'Marketing Administration' component is affected. This vulnerability affect the following supported versions: 12.1.1 through...

Oracle Java SE/Java SE Embedded CVE-2019-2978 Remote Security Vulnerability

Description Oracle Java SE and Java SE Embedded are prone to a remote security vulnerability. The vulnerability can be exploited over Multiple protocols. This issue affects the 'Networking' component. This vulnerability affects the following supported versions: Java SE: 7u231, 8u221, 11.0.4, 13;...

Oracle Java SE/Java SE Embedded CVE-2019-2988 Remote Security Vulnerability

Description Oracle Java SE and Java SE Embedded are prone to a remote security vulnerability. The vulnerability can be exploited over Multiple protocols. This issue affects the '2D' component. This vulnerability affects the following supported versions: Java SE: 7u231, 8u221, 11.0.4, 13; Java SE...

Oracle Enterprise Manager CVE-2019-2895 Remote Security Vulnerability

Description Oracle Enterprise Manager is prone to a remote security vulnerability in Enterprise Manager for Exadata. The vulnerability can be exploited over the 'HTTP' protocol. The 'Exadata Plug-In Deploy and Ins' component is affected. This vulnerability affects the following supported versions...

Oracle E-Business Suite CVE-2019-2990 Remote Security Vulnerability

Description Oracle E-Business Suite is prone to a remote security vulnerability in Oracle iStore. The vulnerability can be exploited over the 'HTTP' protocol. The 'Order Tracker' component is affected. This vulnerability affects the following supported versions: 12.1.1 through 12.1.3 and 12.2.3...

Oracle JDeveloper and ADF CVE-2019-2904 Remote Security Vulnerability

Description Oracle JDeveloper and ADF are prone to a remote security vulnerability. The vulnerability can be exploited over the 'HTTP' protocol. The 'ADF Faces' package is affected. This vulnerability affects the following supported versions: 11.1.1.9.0, 12.1.3.0.0, 12.2.1.3.0 Technologies Affect...

Oracle MySQL Server CVE-2019-2948 Remote Security Vulnerability

Description Oracle MySQL Server is prone to a remote security vulnerability in 'Server: Optimizer' component. The vulnerability can be exploited over the 'MySQL' protocol. This vulnerability affects the following supported versions: 5.7.26 and prior, 8.0.16 and prior Technologies Affected Oracle...

Oracle Siebel UI Framework CVE-2019-2935 Remote Security Vulnerability

Description Oracle Siebel UI Framework is prone to a remote security vulnerability. The vulnerability can be exploited over the 'HTTP' protocol. The 'EAI' component is affected. This vulnerability affects the following supported versions: 19.8 and prior Technologies Affected Oracle Siebel...