Microsoft Windows Kernel CVE-2019-1334 Local Information Disclosure Vulnerability

Description Microsoft Windows is prone to a local information-disclosure vulnerability. A local attacker can leverage this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version...

Microsoft SharePoint Server CVE-2019-1328 Spoofing Vulnerability

Description Microsoft SharePoint Server is prone to a security vulnerability that may allow attackers to conduct spoofing attacks. An attacker can exploit this issue to conduct spoofing attacks and perform unauthorized actions; other attacks are also possible. Technologies Affected Microsoft...

Microsoft Windows MS XML CVE-2019-1060 Remote Code Execution Vulnerability

Description Microsoft Windows MS XML is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the current user. Failed exploit attempts may result in a denial of service condition. Technologies Affected Microsoft Windows 10...

McAfee Endpoint Security CVE-2019-3653 Unauthorized Access Vulnerability

Description McAfee Endpoint Security is prone to an unauthorized-access vulnerability. Attackers can exploit this issue to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. McAfee Endpoint Security ENS versions prior to 10.6.1 October 2019 Update are...

Microsoft Azure App Service CVE-2019-1372 Remote Code Execution Vulnerability

Description Microsoft Azure App Service is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed attacks will cause denial-of-service conditions. Technologies Affected Microsoft Azure App Servi...

Microsoft Windows CVE-2019-1322 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges. Technologies Affected Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft...

SAP Landscape Management CVE-2019-0380 Information Disclosure Vulnerability

Description SAP Landscape Management is prone to an unspecified information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. SAP Landscape Management 3.0 is vulnerable; other versions may also be affected...

Microsoft Windows Hyper-V CVE-2019-1230 Information Disclosure Vulnerability

Description Microsoft Windows is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Hyper-V Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft...

Linux Kernel CVE-2019-17351 Local Denial of Service Vulnerability

Description Linux Kernel is prone to a local denial-of-service vulnerability. A local attacker can exploit this issue cause a denial-of-service condition or possibly have other unspecified impact. Linux kernel prior to 5.2.3 are vulnerable. Technologies Affected Linux kernel 2.4.17 Linux kernel...

Redhat OpenShift Container Platform CVE-2019-14854 Information Disclosure Vulnerability

Description Redhat OpenShift Container Platform is prone to an information-disclosure vulnerability. Successful exploits may allow the attacker to obtain sensitive information. This may lead to other attacks. OpenShift Container Platform 4.1 and 4.2 are vulnerable. Technologies Affected Redhat...

vBulletin CVE-2019-17271 Multiple SQL Injection Vulnerabilities

Description vbulletin is prone to multiple SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query. An attacker can leverage these issues to compromise the application, access or modify data, or exploit latent vulnerabilities in the...

Google Android Media Framework Multiple Security Vulnerabilities

Description Google Android is prone to the following security vulnerabilities: 1. Multiple remote-code execution vulnerabilities 2. An information-disclosure vulnerability An attacker can exploit these issues to gain sensitive information, or execute arbitrary code. Failed exploits may result in...

Qualcomm Closed Source Components Multiple Unspecified Vulnerabilities

Description Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-122474427, A-129766175, A-129765090,...

vBulletin CVE-2019-17132 Remote Code Execution Vulnerability

Description vBulletin is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely cause a denial-of-service condition. vBulletin versions 5.5.4 and prior are...

IBM Maximo Anywhere CVE-2019-4265 Information Disclosure Vulnerability

Description IBM Maximo Anywhere is prone to an information-disclosure vulnerability. Attackers can exploit this issue to view sensitive information. Information obtained may lead to further attacks. IBM Maximo Anywhere versions 7.6.0, 7.6.1, 7.6.2, and 7.6.3 are vulnerable. Technologies Affected...

WebKit CVE-2019-8720 Memory Corruption Vulnerability

Description WebKit is prone to a memory-corruption vulnerability. An attacker can leverage this issue to execute arbitrary code within the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. Versions prior to Apple iTun...

Google Android System Component Multiple Security Vulnerabilities

Description Google Android is prone to multiple security vulnerabilities. An attacker can leverage these issues to gain access to sensitive information or elevated privileges. These issues are being tracked by Android IDs A-123700348, A-124940143 Technologies Affected Google Android 10.0 Google...

WebKit Multiple Cross Site Scripting and Memory Corruption Vulnerabilities

Description WebKit is prone to multiple cross-site scripting and memory-corruption vulnerabilities. Attackers can exploit these issues to execute arbitrary code on the affected system. Failed exploit attempts may result in a denial-of-service condition. Technologies Affected Apple iCloud 6.0 Appl...

Google Android Framework Component CVE-2019-2173 Local Privilege Escalation Vulnerability

Description Google Android is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges. This issue is being tracked by Android Bug ID A-123013720. Technologies Affected Google Android 7.1.1 Google Android 7.1.2 Google Android 8.0 Google...

Bouncy Castle Java Cryptography APIs CVE-2019-17359 Denial of Service Vulnerability

Description Bouncy Castle Java Cryptography APIs are prone to a denial-of-service vulnerability. Successful exploitation of this issue will cause excessive resource consumption, resulting in a denial-of-service condition. Bouncy Castle Java Cryptography API 1.63 is vulnerable. Technologies Affect...

HP Access Control CVE-2019-6330 Unspecified Privilege Escalation Vulnerability

Description HP Access Control is prone to an unspecified privilege-escalation vulnerability. Attackers can leverage this issue to gain elevated privileges. Successful exploits may compromise affected computers. Note: Technical details are currently unavailable. We will update this BID as soon as...

Apache Hadoop CVE-2018-11768 Memory Corruption Vulnerability

Description Apache Hadoop is prone to a memory-corruption vulnerability. A remote attacker may exploit this issue to crash the server resulting in a denial-of-service condition. Technologies Affected Apache Hadoop 2.0.0 Alpha Apache Hadoop 2.0.0-alpha Apache Hadoop 2.0.1 Alpha Apache Hadoop 2.0.2...

PHP 'mb_eregi' Heap Buffer Overflow Vulnerability

Description PHP is prone to a heap-based buffer-overflow vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions. PHP version 7.3 is vulnerable. Technologie...

Bootstrap 3 Typeahead CVE-2019-10215 Cross Site Scripting Vulnerabilitiy

Description Bootstrap 3 Typeahead is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the...

HP Touchpoint Analytics CVE-2019-6333 Unspecfied Local Code Execution Vulnerability

Description HP Touchpoint Analytics is prone to an unspecfied local code-execution vulnerability. A local attacker can leverage this issue to execute arbitrary code in the context of affected application. Failed attempts may lead to denial-of-service conditions. Versions prior to Touchpoint...

Linux Kernel CVE-2019-17133 Buffer Overflow Vulnerability

Description Linux Kernel is prone to a buffer-overflow vulnerability. Attackers can exploit this issue to execute arbitrary code on the affected application. Failed attempts will likely cause a denial-of-service condition. Linux kernel versions through 5.3.2 are vulnerable. Technologies Affected...

Android-gif-drawable CVE-2019-11932 Double Free Remote Code Execution Vulnerability

Description Android-gif-drawable is prone to a remote code execution vulnerability. Attackers may leverage this issue to execute arbitrary code in the context of the device. Failed attacks will cause denial-of-service conditions. Technologies Affected Google Android 8.1 Google Android 9.0 Karol...

Multiple Dell EMC Products CVE-2019-3765 Remote Security Bypass Vulnerability

Description Multiple Dell EMC products are prone to a remote security-bypass vulnerability. An attacker can exploit this issue to obtain sensitive information, bypass security restrictions and perform unauthorized actions. This may aid in further attacks. The following products are vulnerable: De...

Multiple Cisco Products CVE-2019-12700 Denial of Service Vulnerability

Description Multiple Cisco Products are prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause the resource exhaustion and reload the affected device, denying service to legitimate users. This issue is being tracked by Cisco bug IDs CSCvm92401, CSCvn83385...

EMC RSA BSAFE Crypto-C Micro and Micro Edition Suite Multiple Security Vulnerabilities

Description EMC RSA BSAFE Crypto-C Micro and Micro Edition Suite are prone to the following security vulnerabilities: 1. Multiple information disclosure vulnerabilities 2. A denial-of-service vulnerability 3. A heap buffer overflow vulnerability An attacker can exploit these issues to gain...

Cisco Firepower System Software Multiple Security Bypass Vulnerabilities

Description Cisco Firepower System Software is prone to multiple security-bypass vulnerabilities. Remote attackers can exploit these issues to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Cisco Bug IDs CSCvo70545...

Cisco Firepower Management Center Software CVE-2019-12701 Security Bypass Vulnerability

Description Cisco Firepower Management Center Software is prone to a remote security-bypass vulnerability. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCvp92361...

Cisco Unified Communications Manager CVE-2019-12716 Cross Site Scripting Vulnerability

Description Cisco Unified Communications Manager is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This...

Multiple Cisco Products CVE-2019-12678 Denial of Service Vulnerability

Description Multiple Cisco Products are prone to a denial-of-service vulnerability. Attackers can exploit this issue to crash the affected device, denying service to legitimate users This issue is being tracked by Cisco Bug ID CSCvp45882. Technologies Affected Cisco Adaptive Security Appliance AS...

Multiple Cisco Products CVE-2019-12695 Cross Site Scripting Vulnerability

Description Multiple Cisco Products are prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected device. This...

Cisco Unified Contact Center Express CVE-2019-15259 HTTP Response Splitting Vulnerability

Description Cisco Unified Contact Center Express is prone to an HTTP response-splitting vulnerability. Attackers can leverage this issue to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into having a...

Cisco Email Security Appliance CVE-2019-12706 Remote Security Bypass Vulnerability

Description Cisco Email Security Appliance is prone to a remote security-bypass vulnerability. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCvq35034. Cisco AsyncO...

Drupal Ubercart Module SA-CONTRIB-2019-070 Cross Site Scripting Vulnerability

Description The Ubercart module for Drupal is prone to a cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authenticatio...

Multiple Cisco Unified Communications Products CVE-2019-12707 Cross Site Scripting Vulnerability

Description Multiple Cisco Unified Communications Products are prone to a cross-site scripting vulnerability because they fail to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affecte...

Cisco Unified Communications Manager CVE-2019-12715 Cross Site Scripting Vulnerability

Description Cisco Unified Communications Manager is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This...

Multiple Cisco Products CVE-2019-12676 Denial of Service Vulnerability

Description Multiple Cisco Products are prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a reload to the affected device; denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCvp49790. Technologies Affected Cisco Adaptive Securi...

Cisco Prime Infrastructure CVE-2019-12713 Cross Site Scripting Vulnerability

Description Cisco Prime Infrastructure is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This...

Cisco Firepower Management Center CVE-2019-12690 Command Injection Vulnerability

Description Cisco Firepower Management Center is prone to a command-injection vulnerability. An attacker may exploit this issue to execute arbitrary commands on the underlying OS with root privileges. This issue is being tracked by Cisco Bug ID CSCvh03962. Technologies Affected Cisco FirePOWER...

Eclipse Mojarra CVE-2019-17091 Cross Site Scripting Vulnerability

Description Eclipse Mojarra is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may all...

Cisco Security Manager CVE-2019-12630 Java Deserialization Command Execution Vulnerability

Description Cisco Security Manager is prone to a command-execution vulnerability. Attackers can exploit this issue to execute arbitrary commands within the context of the affected device. Failed exploit attempts may result in a denial-of-service condition. This issue is tracked by Cisco Bug ID...

Cisco Unified CM CVE-2019-12711 XML Entity Expansion Multiple Security Vulnerabilities

Description Cisco Unified Communications Manager is prone to multiple security vulnerabilities. An attacker can exploit these issues to gain access to sensitive information or cause denial-of-service conditions. These issues are being tracked by Cisco Bug ID CSCvp46079. Technologies Affected Cisc...

Cisco Firepower Threat Defense Software CVE-2019-12694 Local Command Injection Vulnerability

Description Cisco Firepower Threat Defense Software is prone to a local command-injection vulnerability. An attacker may exploit this issue to inject and execute arbitrary commands on the underlying OS with root privileges. This issue being tracked by Cisco Bug IDs CSCvo45799. Technologies Affect...

ZmartZone 'mod_auth_openidc' Module Open Redirection Vulnerability

Description ZmartZone modauthopenidc Module is prone to an open-redirection vulnerability. An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this...

Cisco Firepower Management Center CVE-2019-12689 Remote Code Execution Vulnerability

Description Cisco Firepower Management Center is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code on the affected system with root privileges. This may aid in further attacks. This issue being tracked by Cisco Bug ID CSCvh03951...

Cisco Firepower Management Center Multiple SQL Injection Vulnerabilities

Description Cisco Firepower Management Center is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data or...