6867 matches found
Cisco Unified Communications Manager CVE-2019-12710 SQL Injection Vulnerability
Description Cisco Unified Communications Manager is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit...
Cisco Firepower Management Center CVE-2019-12689 Remote Code Execution Vulnerability
Description Cisco Firepower Management Center is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code on the affected system with root privileges. This may aid in further attacks. This issue being tracked by Cisco Bug ID CSCvh03951...
ZmartZone 'mod_auth_openidc' Module Open Redirection Vulnerability
Description ZmartZone modauthopenidc Module is prone to an open-redirection vulnerability. An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this...
Drupal Ubercart Module SA-CONTRIB-2019-070 Cross Site Scripting Vulnerability
Description The Ubercart module for Drupal is prone to a cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authenticatio...
Cisco Firepower System Software Multiple Security Bypass Vulnerabilities
Description Cisco Firepower System Software is prone to multiple security-bypass vulnerabilities. Remote attackers can exploit these issues to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Cisco Bug IDs CSCvo70545...
Cisco Adaptive Security Appliance Software CVE-2019-12693 Denial of Service Vulnerability
Description Cisco Adaptive Security Appliance is prone to a remote denial-of-service vulnerability. Successful exploits may allow an attacker to cause denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCvo51265. Technologies Affected Cisco Adaptive Security Appliance ASA...
Cisco Unified Contact Center Express CVE-2019-15259 HTTP Response Splitting Vulnerability
Description Cisco Unified Contact Center Express is prone to an HTTP response-splitting vulnerability. Attackers can leverage this issue to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into having a...
Cisco Email Security Appliance CVE-2019-12706 Remote Security Bypass Vulnerability
Description Cisco Email Security Appliance is prone to a remote security-bypass vulnerability. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCvq35034. Cisco AsyncO...
Cisco Firepower Threat Defense Software CVE-2019-12694 Local Command Injection Vulnerability
Description Cisco Firepower Threat Defense Software is prone to a local command-injection vulnerability. An attacker may exploit this issue to inject and execute arbitrary commands on the underlying OS with root privileges. This issue being tracked by Cisco Bug IDs CSCvo45799. Technologies Affect...
Cisco Security Manager CVE-2019-12630 Java Deserialization Command Execution Vulnerability
Description Cisco Security Manager is prone to a command-execution vulnerability. Attackers can exploit this issue to execute arbitrary commands within the context of the affected device. Failed exploit attempts may result in a denial-of-service condition. This issue is tracked by Cisco Bug ID...
Multiple Cisco Unified Communications Products CVE-2019-12707 Cross Site Scripting Vulnerability
Description Multiple Cisco Unified Communications Products are prone to a cross-site scripting vulnerability because they fail to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affecte...
Cisco Unified Communications Manager CVE-2019-12715 Cross Site Scripting Vulnerability
Description Cisco Unified Communications Manager is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This...
Google Android Binder CVE-2019-2215 Local Privilege Escalation Vulnerability
Description Google Android is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to gain elevated privileges. Technologies Affected Google Android 10.0 Google Android 9.0 Google Pixel 2 Recommendations Permit local access for trusted individuals only. Wher...
Cisco Prime Infrastructure CVE-2019-12712 Cross Site Scripting Vulnerability
Description Cisco Prime Infrastructure is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This...
Cisco Unified Communications Manager CVE-2019-12716 Cross Site Scripting Vulnerability
Description Cisco Unified Communications Manager is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This...
Cisco FXOS and Firepower Threat Defense Software Multiple Local Command Injection Vulnerabilities
Description Cisco FXOS and Firepower Threat Defense Software are prone to multiple local command-injection vulnerabilities. An attacker may exploit these issues to inject and execute arbitrary commands on the underlying OS with root privileges. These issues are being tracked by Cisco Bug IDs...
Cisco Prime Infrastructure CVE-2019-12713 Cross Site Scripting Vulnerability
Description Cisco Prime Infrastructure is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This...
Ruby Multiple Security Vulnerabilities
Description Ruby is prone to the following security vulnerabilities: 1. An authorization-bypass vulnerability 2. A denial-of-service vulnerability 3. An HTTP response-splitting vulnerability 4. A command-injection vulnerability An attacker can exploit these issues to bypass certain security...
Palo Alto Networks Zingbox Inspector CVE-2019-15014 Command Injection Vulnerability
Description Palo Alto Networks Zingbox Inspector is prone to a command-injection vulnerability. Attackers can exploit this issue to execute arbitrary commands on the system. Palo Alto Networks Zingbox Inspector version 1.286 and prior are vulnerable. Technologies Affected Paloaltonetworks Zingbox...
Google Chrome OS CVE-2019-16508 Integer Overflow Vulnerability
Description Google Chrome OS is prone to a remote integer-overflow vulnerability. An attacker can exploit this issue to cause denial-of-service conditions. Due to the nature of this issue, arbitrary code execution may be possible but this has not been confirmed. Google Chrome OS versions prior to...
Apache MINA CVE-2019-0231 Information Disclosure Vulnerability
Description Apache MINA is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. Technologies Affected Apache MINA 1.0 Apache MINA 2.0.20 Apache MINA 2.1.0 Redhat Gluster Storage 3.0 Redhat...
Palo Alto Networks Zingbox Inspector CVE-2019-1584 Remote Code Execution Vulnerability
Description Palo Alto Networks Zingbox Inspector is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the affected system. Palo Alto Networks Zingbox Inspector version 1.293 and prior are vulnerable. Technologies...
Palo Alto Networks Zingbox Inspector CVE-2019-15018 Security Bypass Vulnerability
Description Palo Alto Networks Zingbox Inspector is prone to a security-bypass vulnerability Attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks. Versions prior to Zingbox Inspector 1.281 are vulnerable...
Palo Alto Networks Zingbox Inspector CVE-2019-15019 Security Bypass Vulnerability
Description Palo Alto Networks Zingbox Inspector is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks. Versions prior to Zingbox Inspector 1.295 are vulnerable...
Palo Alto Networks Zingbox Inspector CVE-2019-15021 Security Bypass Vulnerability
Description Palo Alto Networks Zingbox Inspector is prone to a security-bypass vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Versions prior to Zingbox Inspector 1.295 are vulnerable. Technologies Affected Paloaltonetworks Zingbox...
Moxa EDR 810 Series ICSA-19-274-03 Multiple Security Vulnerabilities
Description Moxa EDR 810 Series is prone to following security vulnerabilities: 1. A remote-code execution vulnerability 2. An information disclosure vulnerability An attacker may leverage these issues to execute arbitrary code and gain access to sensitive information. This may lead to other...
IBM WebSphere Application Server CVE-2019-4441 Information Disclosure Vulnerability
Description IBM WebSphere Application Server is prone to an information disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. IBM WebSphere Application Server versions 7.0, 8.0, 8.5, 9.0, and Liberty are vulnerable...
Linux Kernel CVE-2019-17075 Denial of Service Vulnerability
Description Linux Kernel is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause denial-of-service conditions. Linux kernel versions through 5.3.2 are vulnerable. Technologies Affected Linux kernel 2.6.0 Linux kernel 2.6.1 Linux kernel 2.6.11 .11 Linux kernel...
Palo Alto Networks Zingbox Inspector CVE-2019-15015 Hardcoded Credentials Vulnerability
Description Palo Alto Networks Zingbox Inspector is prone to a hard-coded credentials vulnerability. An attacker can exploit this issue to gain unauthorized access to the vulnerable system and perform unauthorized actions. Palo Alto Networks Zingbox Inspector version 1.294 and prior are vulnerabl...
IBM Workload Scheduler CVE-2019-4031 Local Privilege Escalation Vulnerability
Description IBM Workload Scheduler is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges. The following products are affected: IBM Tivoli Workload Scheduler Distributed 9.2.0 FP03 and prior IBM Workload Scheduler Distributed 9.3.0...
Palo Alto Networks Zingbox Inspector CVE-2019-15020 Remote Command Injection Vulnerability
Description Palo Alto Networks Zingbox Inspector is prone to a remote command-injection vulnerability. Attackers can exploit this issue to execute arbitrary commands on the affected system. Versions prior to Zingbox Inspector 1.294 are vulnerable. Technologies Affected Paloaltonetworks Zingbox...
Palo Alto Networks Zingbox Inspector CVE-2019-15016 SQL Injection Vulnerability
Description Palo Alto Networks Zingbox Inspector is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application access or modify data, or exploit late...
Multiple Jenkins Plugins Multiple Security Vulnerabilities
Description Jenkins plugins are prone to the following vulnerabilities: 1. A HTML-injection vulnerability 2. Multiple information-disclosure vulnerabilities 3. A security-bypass vulnerability An attacker may leverage these issues to steal cookie-based authentication credentials, gain access to...
Palo Alto Networks Zingbox Inspector CVE-2019-15023 Information Disclosure Vulnerability
Description Palo Alto Networks Zingbox Inspector is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Versions prior to Zingbox Inspector 1.295 are vulnerable. Technologies Affected Paloaltonetworks...
Palo Alto Networks Zingbox Inspector CVE-2019-15022 ARP Spoofing Vulnerability
Description Palo Alto Networks Zingbox Inspector is prone to a security vulnerability that may allow attackers to conduct ARP spoofing attacks. An attacker can exploit this issue to conduct spoofing attacks and perform unauthorized actions; other attacks are also possible. Zingbox Inspector 1.294...
Palo Alto Networks Zingbox Inspector CVE-2019-15017 Security Vulnerability
Description Palo Alto Networks Zingbox Inspector is prone to a security vulnerability. An attacker can exploit this issue to gain unauthorized access to the vulnerable system and perform unauthorized actions. Versions prior to Zingbox Inspector 1.295 are vulnerable. Technologies Affected...
Redhat Undertow CVE-2019-10212 Information Disclosure Vulnerability
Description Redhat Undertow is prone to an information-disclosure vulnerability. Successfully exploiting this issue may allow an attacker to obtain sensitive information that may aid in further attacks. Undertow versions 2.0.20 and prior are vulnerable. Technologies Affected Redhat JBoss Data Gri...
CA Network Flow Analysis CVE-2019-13658 Default Credentials Security Bypass Vulnerability
Description CA Network Flow Analysis is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and execute arbitrary command. The following versions are vulnerable: CA Network Flow Analysis 10.0.xCA Network Flow Analysis 9.x Technologie...
Linux Kernel CVE-2019-16995 Local Denial of Service Vulnerability
Description Linux Kernel is prone to a local denial-of-service vulnerability. An attacker can exploit this issue to cause a local denial-of-service condition; other attacks may also be possible. Linux kernel prior to 5.0.3 are vulnerable. Technologies Affected Linux kernel 2.6.0 Linux kernel 2.6....
Foxit Reader CVE-2019-5031 Remote Code Execution Vulnerability
Description Foxit Reader is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely cause a denial-of-service condition. Technologies Affected Foxit Reader...
Python CVE-2019-16935 CRLF Multiple Cross Site Scripting Vulnerabilities
Description Python is prone to multiple cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the...
OkayCMS CVE-2019-16885 Multiple Remote Code Execution Vulnerabilities
Description OkayCMS is prone to multiple remote code-execution vulnerabilities. Attackers can exploit these issues to execute arbitrary code on the system. OkayCMS versions through 2.3.4 are vulnerable. Technologies Affected OkayCMS OkayCMS 1.0.0 OkayCMS OkayCMS 1.1.0 OkayCMS OkayCMS 1.2.0 OkayCM...
PuTTY CVE-2019-17069 Denial of Service Vulnerability
Description PuTTY is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. Versions prior to PuTTY 0.73 are vulnerable. Technologies Affected Simon Tatham PuTTY 0.45 Simon Tatham PuTTY 0.46 Simon Tatham PuTTY 0.47 Simon Tatham PuTTY...
IBM Cloud Pak System CVE-2019-4096 Information Disclosure Vulnerability
Description IBM Cloud Pak System is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Technologies Affected IBM Cloud Pak System 2.3.0 Recommendations Block external access at the network boundary,...
Linux Kernel CVE-2019-18810 Denial of Service Vulnerability
Description Linux Kernel is prone to a denial-of-service vulnerability. Successful exploitation of this issue will cause excessive memory consumption, resulting in a denial-of-service condition. Linux kernel versions prior to 5.3.8 are vulnerable. Technologies Affected Linux kernel 2.6.0 Linux...
Exim CVE-2019-16928 Heap Buffer Overflow Vulnerability
Description Exim is prone to a heap-based buffer-overflow vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions. Exim versions 4.92 through 4.92.2 are...
Multiple D-Link Products CVE-2019-16920 Remote Command Injection Vulnerability
Description Multiple D-Link products are prone to a command-injection vulnerability. Exploiting this issue could allow an attacker to execute arbitrary commands in the context of the affected device. Failed exploit attempts will likely result in denial-of-service conditions. Technologies Affected...
WhatsApp CVE-2019-11927 Integer Overflow Vulnerability
Description WhatsApp is prone to an integer overflow vulnerability. Attackers can exploit this issue to cause denial-of-service conditions. Due to the nature of this issue, arbitrary code-execution may be possible; however this has not been confirmed. Technologies Affected WhatsApp Inc. WhatsApp...
Multiple Apple Products CVE-2019-8900 Arbitrary Code Execution Vulnerability
Description Multiple Apple Products are prone to an arbitrary code execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the user running the application. Failed exploit attempts may result in a denial-of-service condition. Technologies Affected...
Ghidra CVE-2019-16941 Arbitrary Code Execution Vulnerability
Description Ghidra is prone to an arbitrary code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Ghidra versions through 9.0.4 are vulnerable. Technologies Affected NSA Ghidra 9.0 NSA Ghidra 9.0.1 NSA Ghidra 9.0...