Oracle Java SE/Java SE Embedded CVE-2020-2659 Remote Security Vulnerability

Description Oracle Java SE and Java SE Embedded are prone to a remote security vulnerability. The vulnerability can be exploited over multiple protocols. This issue affects the 'Networking' component. This vulnerability affects the following supported versions: Java SE: 7u241, 8u231; Java SE...

Oracle E-Business Suite cpujan2020 Multiple Security Vulnerabilities

Description Oracle E-Business Suite is prone to multiple security vulnerabilities. These vulnerabilities can be exploited over 'HTTPS' protocol. The 'Preferences', 'Message Hooks', 'Attachments / File Upload' components are affected. These vulnerabilities affect the following supported versions:...

Oracle E-Business Suite cpujan2020 Multiple Security Vulnerabilities

Description Oracle E-Business Suite is prone to multiple security vulnerabilities. These vulnerabilities can be exploited over 'HTTPS' protocol. The 'Message Display', 'Shopping Cart', 'Others', 'Call Phone Number Page', 'Wireless' components are affected. These vulnerabilities affect the followi...

Oracle VM VirtualBox Cpujan2020 Multiple Local Security Vulnerabilities

Description Oracle VM VirtualBox is prone to multiple local security vulnerabilities in the 'Core' component. An attacker can exploit these issues to perform unauthorized actions. This may aid in launching further attacks. These vulnerabilities affect the following supported versions: Prior to...

Oracle Database Server cpujan2020 Multiple Remote Security Vulnerabilities

Description Oracle Database Server is prone to multiple remote security vulnerabilities. These vulnerabilities can be exploited over the multiple protocols. The 'Core RDBMS' component is affected. These vulnerabilities affect the following supported versions: 12.1.0.2, 12.2.0.1, 18c and 19c...

Oracle Enterprise Manager Base Platform cpujan2020 Multiple Remote Security Vulnerabilities

Description Oracle Enterprise Manager Base Platform is prone to multiple remote security vulnerabilities. These vulnerabilities can be exploited over HTTP protocol. The 'Enterprise Config Management', 'Application Service Level Mgmt, 'Cloud Control Manager - OMS', 'Configuration Standard...

Oracle E-Business Suite cpujan2020 Multiple Security Vulnerabilities

Description Oracle E-Business Suite is prone to multiple security vulnerabilities in 'Human Resources' product. These vulnerabilities affect the following supported versions: 12.1.1 through 12.1.3, 12.2.3 through 12.2.9 Technologies Affected Oracle E-Business Suite 12.1.1 Oracle E-Business Suite...

Symantec Endpoint Detection and Response CVE-2019-19547 Cross Site Scripting Vulnerability

Description Symantec Endpoint Detection and Response is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affect...

Fortinet FortiSIEM CVE-2019-16153 Hardcoded Credentials Vulnerability

Description Fortinet FortiSIEM is prone to a hard-coded credentials vulnerability. An attacker can exploit this issue to gain unauthorized access to the vulnerable device and perform unauthorized actions. Versions prior to Fortinet FortiSIEM 5.2.6 are vulnerable. Technologies Affected Fortinet...

oVirt Engine CVE-2019-19336 Cross Site Scripting Vulnerability

Description oVirt Engine is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the...

Oracle January 2020 Critical Patch Update Multiple Vulnerabilities

Description Oracle has released advance notification regarding the January 2020 Critical Patch Update CPU to be released on January 14, 2020. The update addresses 333 vulnerabilities affecting the following software: Oracle Database Server, versions 12.2.0.1, 18c, 19c Oracle Communications Design...

Citrix SD-WAN CVE-2020-6175 Information Disclosure Vulnerability

Description Citrix SD-WAN Appliance is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. The following products and versions are vulnerable: NetScaler SD-WAN 10.0.x and prior Citrix SD-WAN 10.1.x are...

cURL CVE-2019-15601 Remote Security Bypass Vulnerability

Description cURL is prone to a remote security-bypass vulnerability. An attacker can leverage this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. cURL versions prior to 7.68.0 are vulnerable. Technologies Affected Haxx Curl 7.34.0 Haxx Cur...

Cisco Data Center Analytics Framework CVE-2019-16015 Cross Site Scripting Vulnerability

Description Cisco Data Center Analytics Framework is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the...

Juniper Junos CVE-2020-1600 Denial of Service Vulnerability

Description Juniper Junos is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause the device to consume excessive CPU resources, denying service to legitimate users. Technologies Affected Juniper Junos 12.3X48 Juniper Junos 12.3X48-D10 Juniper Junos 12.3X48-D15...

Mozilla Firefox and Firefox ESR CVE-2019-17026 Type Confusion Remote Code Execution Vulnerability

Description Mozilla Firefox and Firefox ESR are prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the application. Technologies Affected Mozilla Firefox 0.1 Mozilla Firefox 0.10.0 Mozilla Firefox 0.10.1 Mozilla Firefox 0...

Cisco Crosswork Change Automation CVE-2019-16024 Cross Site Scripting Vulnerability

Description Cisco Crosswork Change Automation is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected...

Cisco Identity Services Engine CVE-2019-15255 Authorization Bypass Vulnerability

Description Cisco Identity Services Engine is prone to an authorization-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. This issue being tracked by Cisco Bug ID CSCvq67348...

Juniper Junos J-Web CVE-2020-1607 Cross Site Scripting Vulnerability

Description Juniper Junos is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the...

Apache Olingo CVE-2020-1925 Server Side Request Forgery Access Bypass Vulnerability

Description Apache Olingo is prone to an access-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. Apache Olingo versions prior to 4.7.1 are vulnerable. Technologies Affected Apache Oling...

Juniper Junos CVE-2020-1603 Memory Leak Denial of Service Vulnerability

Description Juniper Junos is prone to a denial-of-service vulnerability. An attacker may exploit this issue to cause denial-of-service conditions. Technologies Affected Juniper Junos 16.1 Juniper Junos 16.1R1 Juniper Junos 16.1R2 Juniper Junos 16.1R3 Juniper Junos 16.1R3-S10 Juniper Junos 16.1R3-...

Cisco Emergency Responder CVE-2019-16025 HTML Injection Vulnerability

Description Cisco Emergency Responder is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to...

Cisco Finesse CVE-2019-15278 Cross Site Scripting Vulnerability

Description Cisco Finesse is prone to a cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials...

Juniper Junos CVE-2020-1604 Security Bypass Vulnerability

Description Juniper Junos is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks. The following products are affected: Juniper Junos 14.1X53 versions prior to...

Juniper Junos CVE-2020-1608 Multiple Denial of Service Vulnerabilities

Description Juniper Junos is prone to multiple denial-of-service vulnerabilities. An attacker may exploit these issues to cause denial-of-service conditions. Technologies Affected Juniper Junos 17.2R2-S6 Juniper Junos 17.2R2-S7 Juniper Junos 17.2R2-S8 Juniper Junos 17.2R3 Juniper Junos 17.2R3-S1...

Cisco UCS Director CVE-2019-16003 Information Disclosure Vulnerability

Description Cisco UCS Director is prone to an information-disclosure vulnerability. An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. This issue is being tracked by Cisco bug ID CSCvr00602. Technologies Affected Cisco UCS Director 4.0.0.0 Cisco UC...

Cisco Webex Video Mesh Software CVE-2019-16005 Remote Command Injection Vulnerability

Description Cisco Webex Video Mesh Software is prone to a remote command injection vulnerability. Successfully exploiting this issue may allow an attacker to execute arbitrary commands with root privileges in the context of the affected device. This issue is being tracked by Cisco Bug ID...

Cisco Vision Dynamic Signage Director CVE-2019-16004 Authentication Bypass Vulnerability

Description Cisco Vision Dynamic Signage Director is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass authentication mechanism and perform unauthorized actions with administrative privileges. This may lead to further attacks. This issue is being tracke...

Cisco Webex Centers CVE-2020-3116 Denial of Service Vulnerability

Description Cisco Webex Centers is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. This issue is being tracked by Cisco Bug IDs CSCvr16379, CSCvr16383 and CSCvr16386. Technologies Affected Cisco WebEx Event Center Cisco WebEx...

Juniper Junos and Junos Evolved JSA10981 Multiple Security Vulnerabilities

Description Juniper Junos and Junos Evolved are prone to multiple security vulnerabilities. Successfully exploiting these issues may allow an attacker to perform unauthorized actions or execute arbitrary commands with root privileges on the affected device. Technologies Affected Juniper Junos 15....

Cisco AnyConnect Secure Mobility Client CVE-2019-16007 Remote Security Bypass Vulnerability

Description Cisco AnyConnect Secure Mobility Client is prone to a remote security-bypass vulnerability. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCvr67149...

Cisco Unified Customer Voice Portal CVE-2019-16017 Denial of Service Vulnerability

Description Cisco Unified Customer Voice Portal is prone to a remote denial-of-service vulnerability. Successfully exploiting this issue allows remote attackers to cause denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCvp72741. Technologies Affected Cisco Unified...

Cisco IOS and IOS XE Software CVE-2019-16009 Cross Site Request Forgery Vulnerability

Description Cisco IOS and IOS XE Software are prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. This issue is being tracked by...

Cisco IP Phone 6800/7800/8800 Series with Multiplatform Firmware Cross Site Scripting Vulnerability

Description Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware are prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspectin...

Juniper Junos CVE-2020-1601 Denial of Service Vulnerability

Description Juniper Junos is prone to a denial-of-service vulnerability. An attacker may exploit this issue to cause denial-of-service conditions. Technologies Affected Juniper Junos 15.1F Juniper Junos 15.1F1 Juniper Junos 15.1F2 Juniper Junos 15.1F2-S14 Juniper Junos 15.1F2-S16 Juniper Junos...

SQLite Multiple Security Vulnerabilities

Description SQLite is prone to the following security vulnerabilities. 1. Multiple denial-of-service vulnerabilities 2. Multiple security vulnerabilities An attacker can exploit these issues to cause denial-of-service conditions. SQLite version 3.30.1 is vulnerable. Technologies Affected Redhat...

Mozilla Firefox MFSA2020-01 Multiple Security Vulnerabilities

Description Mozilla Firefox is prone to the following security vulnerabilities: 1. Multiple security-bypass vulnerabilities 2. Multiple security vulnerabilities Attackers can exploit these issues to bypass certain security restrictions and perform unauthorized actions. This may aid in further...

Mozilla Firefox and Firefox ESR CVE-2019-17024 Remote Security Vulnerability

Description Mozilla Firefox and Firefox ESR are prone to a remote security vulnerability. Attackers can exploit this issue to execute arbitrary code or cause denial-of-service conditions. This may aid in further attacks. This issue is fixed in: Firefox 72 Firefox ESR 68.4 Technologies Affected...

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities

Description Mozilla Firefox and Firefox ESR are prone to multiple security vulnerabilities. Attackers can exploit these issues to cause denial-of-service conditions, obtain sensitive information and bypass certain security restrictions and perform unauthorized actions. This may aid in further...

Mozilla Firefox and Firefox ESR CVE-2019-17015 Memory Corruption Vulnerability

Description Mozilla Firefox and Firefox ESR are prone to a memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. This issue is fixed in:...

Symantec Endpoint Detection and Response XSS

SUMMARY Symantec has released an update to address an issue that was discovered in the Symantec Endpoint Detection and Response SEDR product. AFFECTED PRODUCTS Symantec Endpoint Detection and Response SEDR --- CVE | Affected Versions | Remediation CVE-2019-19547​ | Prior to 4.3.0 | Upgrade to 4.3...

Google Android Media Framework CVE-2020-0002 Multiple Remote Code Execution Vulnerabilities

Description Google Android is prone to multiple remote code-execution vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of a privileged process. Failed attacks may cause a denial-of-service condition. These issues are being tracked by Android Bug ID...

Fortinet FortiAuthenticator CVE-2019-16154 Cross Site Scripting Vulnerability

Description Fortinet FortiAuthenticator is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This...

Google Android Kernel Component CVE-2020-0009 Local Privilege Escalation Vulnerability

Description Google Android is prone to a local privilege escalation vulnerability. Attackers can exploit this issue to execute arbitrary code within the context of a privileged process. This issue is being tracked by Android Bug ID A-142938932. Technologies Affected Google Android Recommendations...

Google Android Framework Component Multiple Security Vulnerabilities

Description Google Android is prone to the following security vulnerabilities: 1. Multiple privilege-escalation vulnerabilities 2. A denial-of-service vulnerability An attacker can exploit these issues to gain elevated privileges, and cause denial-of-service conditions. These issues are being...

Google Android System Component Multiple Information Disclosure Vulnerabilities

Description Google Android is prone to multiple information-disclosure vulnerabilities. Attackers can exploit these issues to obtain sensitive information that may aid in launching further attacks. These issues are being tracked by Android Bug IDs A-139738828, A-141890807 and A-142558228...

Qualcomm Closed Source Components Multiple Security Vulnerabilities

Description Qualcomm Closed-Source Components are prone to the following security vulnerabilities: 1. Multiple buffer-overflow vulnerabilities 2. Multiple security vulnerabilities 3. Multiple integer-overflow vulnerabilities 4. An unauthorized-access vulnerability 5. An heap-based buffer...

phpMyAdmin CVE-2020-5504 SQL Injection Vulnerability

...

Google Chrome Prior to 73.0.3683.75 Multiple Security Vulnerabilities

Description Google Chrome is prone to multiple security vulnerabilities. Attackers can exploit these issues to cause denial-of-service conditions. Versions prior to Chrome 73.0.3683.75 are vulnerable. Technologies Affected Google Chrome 0.1.38.1 Google Chrome 0.1.38.2 Google Chrome 0.1.38.4 Googl...

Cisco Data Center Network Manager CVE-2019-15999 Unauthorized Access Vulnerability

Description Cisco Data Center Network Manager is prone to an unauthorized-access vulnerability. Attackers can exploit this issue to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCvs00139. Technologies...