Cisco Unified Communications Manager CVE-2019-15272 Security Bypass Vulnerability

Description Cisco Unified Communications Manager is prone to a security-bypass vulnerability. Successful exploits may allow an attacker to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. This issue is tracked by Cisco Bug ID CSCvp14434...

Cisco Firepower Management Center CVE-2019-12691 Directory Traversal Vulnerability_

Description Cisco Firepower Management Center is prone to a directory-traversal vulnerability. An attacker can exploit this issue using directory-traversal characters '../' to access and write arbitrary files or to execute arbitrary files or gain sensitive information. This issue is being tracked...

Cisco Firepower Management Center Multiple SQL Injection Vulnerabilities

Description Cisco Firepower Management Center is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data or...

Cisco Firepower Management Center Multiple Remote Code Execution Vulnerabilities

Description Cisco Firepower Management Center is prone to multiple remote code-execution vulnerabilities. An attacker can exploit these issues to execute arbitrary code on the affected system. This may aid in further attacks. These issues are being tracked by Cisco Bug IDs CSCvf87540 and...

Cisco Identity Services Engine CVE-2019-12631 Cross Site Scripting Vulnerability

Description Cisco Identity Services Engine is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site...

Multiple Cisco Unified Communications Products Cross Site Request Forgery Vulnerability

Description Multiple Cisco Unified Communications Products are prone to a cross-site request-forgery vulnerability because the application does not properly validate HTTP requests. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions in the context of the...

Cisco Prime Infrastructure CVE-2019-12712 Cross Site Scripting Vulnerability

Description Cisco Prime Infrastructure is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This...

Cisco FXOS and Firepower Threat Defense Software Multiple Local Command Injection Vulnerabilities

Description Cisco FXOS and Firepower Threat Defense Software are prone to multiple local command-injection vulnerabilities. An attacker may exploit these issues to inject and execute arbitrary commands on the underlying OS with root privileges. These issues are being tracked by Cisco Bug IDs...

Google Android Binder CVE-2019-2215 Local Privilege Escalation Vulnerability

Description Google Android is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to gain elevated privileges. Technologies Affected Google Android 10.0 Google Android 9.0 Google Pixel 2 Recommendations Permit local access for trusted individuals only. Wher...

Cisco Unified Communications Manager CVE-2019-12710 SQL Injection Vulnerability

Description Cisco Unified Communications Manager is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit...

Facebook HHVM CVE-2019-11929 Memory Corruption Vulnerability

Description Facebook HHVM is prone to a memory corruption vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the system. Failed exploit attempts will likely result in denial-of-service conditions. Technologies Affected Facebook HHVM 3.14.2 Facebook HHVM...

Cisco Adaptive Security Appliance Software CVE-2019-12677 Denial of Service Vulnerability

Description Cisco Adaptive Security Appliance is prone to a remote denial-of-service vulnerability. Successful exploits may allow an attacker to cause a denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCux45179. Technologies Affected Cisco Adaptive Security Appliance AS...

Multiple Cisco Products CVE-2019-12673 Denial of Service Vulnerability

Description Multiple Cisco Products are prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause denial-of-service conditions. This issue is being tracked by Cisco bug ID CSCvo83169. Technologies Affected Cisco Adaptive Security Appliance ASA Software 9.10 Cisco...

Cisco Firepower Threat Defense Software Multiple Security Bypass Vulnerabilities

Description Cisco Firepower Threat Defense Software is prone to multiple security-bypass vulnerabilities. Successfully exploiting these issues may allow an attacker to bypass certain security restrictions and perform unauthorized actions. These issues are being tracked by Cisco Bug IDs CSCvm14296...

Cisco IC3000 Industrial Compute Gateway CVE-2019-12714 Denial of Service Vulnerability

Description Cisco IC3000 Industrial Compute Gateway is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. This issue is being tracked by Cisco Bug IDs CSCvq92705. Technologies Affected Cisco...

Cisco Adaptive Security Appliance Software CVE-2019-12693 Denial of Service Vulnerability

Description Cisco Adaptive Security Appliance is prone to a remote denial-of-service vulnerability. Successful exploits may allow an attacker to cause denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCvo51265. Technologies Affected Cisco Adaptive Security Appliance ASA...

Multiple Cisco Products CVE-2019-12698 Denial of Service Vulnerability

Description Multiple Cisco Products are prone to a denial-of-service vulnerability. Successful exploitation of the issue will cause excessive CPU resource consumption, resulting in a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCvp76944. Technologies Affected Cisco...

Palo Alto Networks Zingbox Inspector CVE-2019-15022 ARP Spoofing Vulnerability

Description Palo Alto Networks Zingbox Inspector is prone to a security vulnerability that may allow attackers to conduct ARP spoofing attacks. An attacker can exploit this issue to conduct spoofing attacks and perform unauthorized actions; other attacks are also possible. Zingbox Inspector 1.294...

Palo Alto Networks Zingbox Inspector CVE-2019-15019 Security Bypass Vulnerability

Description Palo Alto Networks Zingbox Inspector is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks. Versions prior to Zingbox Inspector 1.295 are vulnerable...

Apache MINA CVE-2019-0231 Information Disclosure Vulnerability

Description Apache MINA is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. Technologies Affected Apache MINA 1.0 Apache MINA 2.0.20 Apache MINA 2.1.0 Redhat Gluster Storage 3.0 Redhat...

Palo Alto Networks Zingbox Inspector CVE-2019-15021 Security Bypass Vulnerability

Description Palo Alto Networks Zingbox Inspector is prone to a security-bypass vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Versions prior to Zingbox Inspector 1.295 are vulnerable. Technologies Affected Paloaltonetworks Zingbox...

Palo Alto Networks Zingbox Inspector CVE-2019-15018 Security Bypass Vulnerability

Description Palo Alto Networks Zingbox Inspector is prone to a security-bypass vulnerability Attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks. Versions prior to Zingbox Inspector 1.281 are vulnerable...

Ruby Multiple Security Vulnerabilities

Description Ruby is prone to the following security vulnerabilities: 1. An authorization-bypass vulnerability 2. A denial-of-service vulnerability 3. An HTTP response-splitting vulnerability 4. A command-injection vulnerability An attacker can exploit these issues to bypass certain security...

Palo Alto Networks Zingbox Inspector CVE-2019-15020 Remote Command Injection Vulnerability

Description Palo Alto Networks Zingbox Inspector is prone to a remote command-injection vulnerability. Attackers can exploit this issue to execute arbitrary commands on the affected system. Versions prior to Zingbox Inspector 1.294 are vulnerable. Technologies Affected Paloaltonetworks Zingbox...

IBM WebSphere Application Server CVE-2019-4441 Information Disclosure Vulnerability

Description IBM WebSphere Application Server is prone to an information disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. IBM WebSphere Application Server versions 7.0, 8.0, 8.5, 9.0, and Liberty are vulnerable...

Linux Kernel CVE-2019-17075 Denial of Service Vulnerability

Description Linux Kernel is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause denial-of-service conditions. Linux kernel versions through 5.3.2 are vulnerable. Technologies Affected Linux kernel 2.6.0 Linux kernel 2.6.1 Linux kernel 2.6.11 .11 Linux kernel...

Google Chrome OS CVE-2019-16508 Integer Overflow Vulnerability

Description Google Chrome OS is prone to a remote integer-overflow vulnerability. An attacker can exploit this issue to cause denial-of-service conditions. Due to the nature of this issue, arbitrary code execution may be possible but this has not been confirmed. Google Chrome OS versions prior to...

Palo Alto Networks Zingbox Inspector CVE-2019-15015 Hardcoded Credentials Vulnerability

Description Palo Alto Networks Zingbox Inspector is prone to a hard-coded credentials vulnerability. An attacker can exploit this issue to gain unauthorized access to the vulnerable system and perform unauthorized actions. Palo Alto Networks Zingbox Inspector version 1.294 and prior are vulnerabl...

Multiple Jenkins Plugins Multiple Security Vulnerabilities

Description Jenkins plugins are prone to the following vulnerabilities: 1. A HTML-injection vulnerability 2. Multiple information-disclosure vulnerabilities 3. A security-bypass vulnerability An attacker may leverage these issues to steal cookie-based authentication credentials, gain access to...

Moxa EDR 810 Series ICSA-19-274-03 Multiple Security Vulnerabilities

Description Moxa EDR 810 Series is prone to following security vulnerabilities: 1. A remote-code execution vulnerability 2. An information disclosure vulnerability An attacker may leverage these issues to execute arbitrary code and gain access to sensitive information. This may lead to other...

Palo Alto Networks Zingbox Inspector CVE-2019-1584 Remote Code Execution Vulnerability

Description Palo Alto Networks Zingbox Inspector is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the affected system. Palo Alto Networks Zingbox Inspector version 1.293 and prior are vulnerable. Technologies...

IBM Workload Scheduler CVE-2019-4031 Local Privilege Escalation Vulnerability

Description IBM Workload Scheduler is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges. The following products are affected: IBM Tivoli Workload Scheduler Distributed 9.2.0 FP03 and prior IBM Workload Scheduler Distributed 9.3.0...

Palo Alto Networks Zingbox Inspector CVE-2019-15016 SQL Injection Vulnerability

Description Palo Alto Networks Zingbox Inspector is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application access or modify data, or exploit late...

Palo Alto Networks Zingbox Inspector CVE-2019-15017 Security Vulnerability

Description Palo Alto Networks Zingbox Inspector is prone to a security vulnerability. An attacker can exploit this issue to gain unauthorized access to the vulnerable system and perform unauthorized actions. Versions prior to Zingbox Inspector 1.295 are vulnerable. Technologies Affected...

Palo Alto Networks Zingbox Inspector CVE-2019-15014 Command Injection Vulnerability

Description Palo Alto Networks Zingbox Inspector is prone to a command-injection vulnerability. Attackers can exploit this issue to execute arbitrary commands on the system. Palo Alto Networks Zingbox Inspector version 1.286 and prior are vulnerable. Technologies Affected Paloaltonetworks Zingbox...

Palo Alto Networks Zingbox Inspector CVE-2019-15023 Information Disclosure Vulnerability

Description Palo Alto Networks Zingbox Inspector is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Versions prior to Zingbox Inspector 1.295 are vulnerable. Technologies Affected Paloaltonetworks...

Python CVE-2019-16935 CRLF Multiple Cross Site Scripting Vulnerabilities

Description Python is prone to multiple cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the...

Linux Kernel CVE-2019-16995 Local Denial of Service Vulnerability

Description Linux Kernel is prone to a local denial-of-service vulnerability. An attacker can exploit this issue to cause a local denial-of-service condition; other attacks may also be possible. Linux kernel prior to 5.0.3 are vulnerable. Technologies Affected Linux kernel 2.6.0 Linux kernel 2.6....

Redhat Undertow CVE-2019-10212 Information Disclosure Vulnerability

Description Redhat Undertow is prone to an information-disclosure vulnerability. Successfully exploiting this issue may allow an attacker to obtain sensitive information that may aid in further attacks. Undertow versions 2.0.20 and prior are vulnerable. Technologies Affected Redhat JBoss Data Gri...

CA Network Flow Analysis CVE-2019-13658 Default Credentials Security Bypass Vulnerability

Description CA Network Flow Analysis is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and execute arbitrary command. The following versions are vulnerable: CA Network Flow Analysis 10.0.xCA Network Flow Analysis 9.x Technologie...

Foxit Reader CVE-2019-5031 Remote Code Execution Vulnerability

Description Foxit Reader is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely cause a denial-of-service condition. Technologies Affected Foxit Reader...

PuTTY CVE-2019-17069 Denial of Service Vulnerability

Description PuTTY is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. Versions prior to PuTTY 0.73 are vulnerable. Technologies Affected Simon Tatham PuTTY 0.45 Simon Tatham PuTTY 0.46 Simon Tatham PuTTY 0.47 Simon Tatham PuTTY...

OkayCMS CVE-2019-16885 Multiple Remote Code Execution Vulnerabilities

Description OkayCMS is prone to multiple remote code-execution vulnerabilities. Attackers can exploit these issues to execute arbitrary code on the system. OkayCMS versions through 2.3.4 are vulnerable. Technologies Affected OkayCMS OkayCMS 1.0.0 OkayCMS OkayCMS 1.1.0 OkayCMS OkayCMS 1.2.0 OkayCM...

IBM Cloud Pak System CVE-2019-4096 Information Disclosure Vulnerability

Description IBM Cloud Pak System is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Technologies Affected IBM Cloud Pak System 2.3.0 Recommendations Block external access at the network boundary,...

WhatsApp CVE-2019-11927 Integer Overflow Vulnerability

Description WhatsApp is prone to an integer overflow vulnerability. Attackers can exploit this issue to cause denial-of-service conditions. Due to the nature of this issue, arbitrary code-execution may be possible; however this has not been confirmed. Technologies Affected WhatsApp Inc. WhatsApp...

Multiple D-Link Products CVE-2019-16920 Remote Command Injection Vulnerability

Description Multiple D-Link products are prone to a command-injection vulnerability. Exploiting this issue could allow an attacker to execute arbitrary commands in the context of the affected device. Failed exploit attempts will likely result in denial-of-service conditions. Technologies Affected...

Multiple Apple Products CVE-2019-8900 Arbitrary Code Execution Vulnerability

Description Multiple Apple Products are prone to an arbitrary code execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the user running the application. Failed exploit attempts may result in a denial-of-service condition. Technologies Affected...

Linux Kernel CVE-2019-18810 Denial of Service Vulnerability

Description Linux Kernel is prone to a denial-of-service vulnerability. Successful exploitation of this issue will cause excessive memory consumption, resulting in a denial-of-service condition. Linux kernel versions prior to 5.3.8 are vulnerable. Technologies Affected Linux kernel 2.6.0 Linux...

FasterXML Jackson-databind CVE-2019-16943 Remote Code Execution Vulnerability

Description FasterXML Jackson-databind is prone to a remote-code execution vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions. FasterXML jackson-databi...

Kubernetes API Server CVE-2019-11253 Denial of Service Vulnerability

Description Kubernetes API Server is prone to a denial-of-service vulnerability. Successful exploitation of the issue will cause excessive CPU resource consumption, resulting in a denial-of-service condition. The following products are affected: Kubernetes 1.0.0 through 1.12.x Kubernetes 1.13.0...