Cisco Data Center Network Manager Multiple Command Injection Vulnerabilities

Description Cisco Data Center Network Manager is prone to multiple command-injection vulnerabilities. Successfully exploiting these issues may allow an attacker to execute arbitrary command on the underlying device with root privileges. These issues are being tracked by Cisco Bug IDs CSCvr44798,...

Open-Xchange AppSuite Multiple Security Vulnerabilities

Description Open-Xchange AppSuite is prone to multiple security vulnerabilities. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected application. This may let the attacker steal cookie-based authentication...

Cisco Data Center Network Manager Multiple Authentication Bypass Vulnerabilities

Description Cisco Data Center Network Manager is prone to multiple authentication-bypass vulnerabilities. An attacker can exploit these issues to bypass authentication mechanism and perform unauthorized actions with administrative privileges. This may lead to further attacks. These issues are bei...

Mozilla Firefox 'looksLikeURL' Denial of Service Vulnerability

Description Mozilla Firefox is prone to a denial-of-service vulnerability. Attackers can exploit this issue to crash the application, denying service to legitimate users. This issue is fixed in: Firefox 72 Technologies Affected Mozilla Firefox 1.0.0 Mozilla Firefox 1.0.1 Mozilla Firefox 1.0.2...

Cisco Data Center Network Manager CVE-2019-15999 Unauthorized Access Vulnerability

Description Cisco Data Center Network Manager is prone to an unauthorized-access vulnerability. Attackers can exploit this issue to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCvs00139. Technologies...

Cisco Data Center Network Manager XML External Entity Information Disclosure Vulnerability

Description Cisco Data Center Network Manager is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may lead to further attacks. This issue is being tracked by Cisco bug IDs CSCvr79188, CSCvr88730 and CSCvr88737. Cisco...

Cisco Data Center Network Manager Multiple SQL Injection Vulnerabilities

Description Cisco Data Center Network Manager is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data or...

Microsoft Windows '.Group' File Handling Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft Windows Recommendatio...

Libsixel CVE-2019-20205 Integer Overflow Vulnerability

Description Libsixel is prone to an integer overflow vulnerability. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely cause a denial-of-service condition. Libsixel versions through 1.8.4 are vulnerable...

GitLab Multiple Security Vulnerabilities

Description GitLab is prone to multiple security vulnerabilities. An attacker can exploit these issues to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. GitLab versions prior to 11.4.13, 11.5.x prior to 11.5.6, and 11.6.x prior to 11.6.1 are...

Linux kernel CVE-2019-19927 Denial of Service Vulnerability

Description Linux kernel is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause denial-of-service conditions. Linux kernel 5.0.0-rc7 is vulnerable; other versions may also be affected. Technologies Affected Linux kernel 5.0.0-rc7 Recommendations Permit local...

GNU LibreDWG Multiple Security Vulnerabilities

Description GNU LibreDWG is prone to multiple security vulnerabilities. Attackers can exploit these issues to cause denial-of-service conditions. Due to the nature of these issues, code execution may be possible but this has not been confirmed. Versions prior to GNU LibreDWG 0.9.3 are vulnerable...

Apache Solr CVE-2019-17558 Remote Code Execution Vulnerability

Description Apache Solr is prone to a remote-code execution vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions. Apache Solr versions prior 5.0.0 throug...

MyBB CVE-2019-20225 Open Redirection Vulnerability

Description MyBB is prone to an open-redirection vulnerability. An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks...

Linux Kernel CVE-2019-20054 Null Pointer Dereference Denial of Service Vulnerability

Description Linux Kernel is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause denial-of-service conditions. Linux Kernel versions prior to 5.0.6 are vulnerable. Technologies Affected Linux kernel 3.0 Linux kernel 3.0-rc1 Linux kernel 3.0.1 Linux kernel 3.0.18...

WordPress CVE-2019-20042 HTML Injection Vulnerability

Description WordPress is prone to an HTML injection vulnerability. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is...

Reliable Controls MACH-ProWebCom/Sys CVE-2019-18249 Cross Site Scripting Vulnerability

Description Reliable Controls MACH-ProWebCom/Sys are prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the...

WordPress GDPR Cookie Compliance Plugin Multiple Security Vulnerabilities

Description The GDPR Cookie Compliance plugin for WordPress is prone to an unauthorized-access and a cross-site request-forgery vulnerability. An attacker can exploit these issues to perform certain unauthorized actions and gain unauthorized access. This may lead to further attacks. GDPR Cookie...

Microsoft Exchange Server '/Autodiscover' Server Side Request Forgery Security Bypass Vulnerability

Description Microsoft Exchange Server is prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. Microsoft Exchange Server 2013 Cumulative Update 22 and prior versions are...

GitLab CVE-2018-20492 Access Bypass Vulnerability

Description GitLab is prone to an access-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. GitLab versions prior to 11.4.13, 11.5.x prior to 11.5.6, and 11.6.x prior to 11.6...

Mozilla Network Security Services CVE-2019-17006 Heap Buffer Overflow Vulnerability

Description Mozilla Network Security Services NSS is prone to a heap-based buffer-overflow vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions. Mozilla...

WordPress bbPress Members Only Plugin Cross Site Request Forgery Vulnerability

Description The 'bbPress Members Only' Plugin for WordPress is prone to a cross-site request-forgery vulnerability. An attacker can exploit this issue to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. The 'bbPress Members Only'...

D-Link DIR-601 CVE-2019-16327 Authentication Bypass Vulnerability

Description D-Link DIR-601 is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass authentication mechanism and perform unauthorized actions. This may lead to further attacks. D-Link DIR-601 Router 2.00NA is vulnerable; other versions may also be affected...

GNU LibreDWG Multiple Security Vulnerabilities

Description GNU LibreDWG is prone to multiple security vulnerabilities. Attackers can exploit these issues to cause denial-of-service conditions. Due to the nature of these issues, code execution may be possible but this has not been confirmed. Versions prior to GNU LibreDWG 0.9.3 are vulnerable...

D-Link DIR-601 B1 CVE-2019-16326 Cross Site Request Forgery Vulnerability

Description D-Link DIR-601 B1 is prone to a cross-site request-forgery vulnerability. An attacker can exploit this issue to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. D-Link DIR-601 B1 2.00NA is vulnerable; other versions may...

NVIDIA GeForce Experience CVE-2019-5702 Local Privilege Escalation Vulnerability

Description NVIDIA GeForce Experience is prone to a local privilege-escalation vulnerability. A local attacker may exploit this issue to gain escalated privileges and perform unauthorized actions. Failed exploit attempts will likely cause denial-of-service conditions. Versions prior to NVIDIA...

D-Link DIR-859 Routers CVE-2019-20213 Information Disclosure Vulnerability

Description D-Link DIR-859 routers are prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information and perform unauthorized actions. Versions prior to D-Link DIR-859 1.07b03beta are vulnerable. Technologies Affected D-Link DIR-859 1.05 D-Link...

SQLite CVE-2019-19926 Incomplete Fix Denial of Service Vulnerability

Description SQLite is prone to a denial of service vulnerability. Attackers can exploit this issue to cause denial-of-service conditions. SQLite 3.30.1 is vulnerable; other versions may also be affected. Technologies Affected SQLite SQLite 3.30.1 Recommendations Block external access at the netwo...

Multiple VMware Products CVE-2019-5539 DLL Loading Local Privilege Escalation Vulnerability

Description Multiple VMware products are prone to a local privilege-escalation vulnerability. A local attacker can leverage this issue to gain administrator privileges on the machine. The following VMware products are affected: Workstation version 15.x is vulnerable Horizon View Agent version 7.x...

GitLab CVE-2019-15584 Denial of Service Vulnerability

Description GitLab is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause denial-of-service conditions. GitLab versions prior to 12.3.2, 12.2.6, and 12.1.10 are vulnerable. Technologies Affected Gitlab GitLab Community Edition 10.2 Gitlab GitLab Community Edition...

Libsixel CVE-2019-20023 Memory Leak Denial of Service Vulnerability

Description Libsixel is prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash the application; denying service to legitimate users. Libsixel versions through 1.8.4 are vulnerable. Technologies Affected Libsixel Libsixel 1.0.0 Libsixel Libsixel 1.1.0 Libsixel...

Sudo Multiple Security Bypass Vulnerabilities

Description Sudo is prone to multiple security-bypass vulnerabilities. Attackers can exploit these issues to bypass security restrictions and perform unauthorized actions. Sudo versions through 1.8.29 are vulnerable. Technologies Affected Todd Miller Sudo 1.3.5 Todd Miller Sudo 1.5 Todd Miller Su...

Multiple Moxa Products CVE-2019-19707 Denial of Service Vulnerability

Description Multiple Moxa Products are prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause resource exhaustion to the affected device, denying service to legitimate users. Technologies Affected Moxa EDS-G508E Series 6 Moxa EDS-G512E Series 6 Moxa EDS-G51...

Telos AMHS Multiple Cross Site Scripting and Information Disclosure Vulnerabilities

Description Telos AMHS is prone to multiple cross-site scripting vulnerabilities and an information-disclosure vulnerability. An attacker may leverage these issues to obtain sensitive information or execute arbitrary script code in the browser of an unsuspecting user in the context of the affecte...

IBM Cognos Analytics Cross Site Scripting and Cross Site Request Forgery Vulnerabilities

Description IBM Cognos Analytics is prone to a cross-site scripting vulnerability and a cross-site request-forgery vulnerability. An attacker may exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based...

Libsixel CVE-2019-20024 Heap Based Buffer Overflow Vulnerability

Description Libsixel is prone to a heap-based buffer-overflow vulnerability. An attacker can exploit this issue to crash the application; denying service to legitimate users. Libsixel versions prior to 1.8.4 are vulnerable. Technologies Affected Libsixel Libsixel 1.0.0 Libsixel Libsixel 1.1.0...

Wecon PLC Editor CVE-2019-18236 Multiple Stack Based Buffer Overflow Vulnerabilities

...

Multiple Dell EMC Products CVE-2019-18588 Cross Site Scripting Vulnerability

Description Multiple Dell EMC products are prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This...

Trend Micro Apex Central CVE-2019-19692 Cross Site Scripting Vulnerability

Description Trend Micro Apex Central is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. Thi...

Cloud Foundry Cloud Controller API CVE-2019-11294 Access Control Security Bypass Vulnerability

Description Cloud Foundry Cloud Controller API is prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass security restrictions and perform unauthorized actions; this may aid in launching further attacks. Cloud Foundry Cloud Controller API 1.88.0 is vulnerable...

RedHat Ceph CVE-2019-19337 Remote Denial of Service Vulnerability

Description RedHat Ceph is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause denial-of-service conditions. Technologies Affected Redhat Ceph Storage 3 Redhat Ceph Storage 3.3 Redhat Ceph Storage MON 3 Redhat Ceph Storage MON for Power 3 Redhat Ceph Stora...

IBM Financial Transaction Manager for SWIFT Services Multiple Security Vulnerabilities

Description IBM Financial Transaction Manager for SWIFT Services is prone to the following security vulnerabilities: 1. A clickjacking vulnerability 2. A cross-site scripting vulnerability 3. An information-disclosure vulnerability 4. A cross-site request-forgery vulnerability An attacker can...

Multiple Trend Micro Products CVE-2019-19693 Local Security Bypass Vulnerability

Description Multiple Trend Micro Products are prone to a local security-bypass vulnerability. Attackers can exploit this issue to obtain sensitive information, bypass security restrictions and perform unauthorized actions or cause denial-of-service conditions. Technologies Affected Trend Micro...

Palo Alto Networks PAN-OS CVE-2019-17440 Privilege Escalation Vulnerability

Description Palo Alto Networks PAN-OS is prone to a privilege-escalation vulnerability. An attacker can exploit this issue to obtain elevated privileges. Palo Alto Networks PAN-OS version 9.0 through and prior to 9.0.5-h3 are vulnerable. Technologies Affected Paloaltonetworks PAN-OS 9.0.0...

Trend Micro Apex One and OfficeScan CVE-2019-19691 Information Disclosure Vulnerability

Description Trend Micro Apex One and OfficeScan are prone to an information-disclosure vulnerability. Remote attackers can exploit this issue to obtain sensitive information that may lead to further attacks. The following products are affected: Trend Micro Apex One 2019 Trend Micro OfficeScan XG...

Philips Veradius Unity, Pulsera, and Endura CVE-2019-18263 Denial of Service Vulnerability

Description Philips Veradius Unity, Pulsera, and Endura are prone to a denial-of-service vulnerability. An attacker can leverage this issue to cause denial-of-service condition. Technologies Affected Philips Endura Philips Pulsera Philips Veradius Unity Recommendations Block external access at th...

PHP CVE-2019-11046 Buffer Underflow Vulnerability

Description PHP is prone to a buffer-underflow vulnerability. An attacker can exploit this issue to cause denial-of-service conditions. Due to the nature of this issue, arbitrary code execution may be possible but this has not been confirmed. PHP 7.2.x versions prior to 7.2.26, 7.3.x versions pri...

PHP CVE-2019-11049 Remote Denial Of Service Vulnerability

Description PHP is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause denial-of-service condition. Technologies Affected PHP PHP 7.0 PHP PHP 7.0.0 PHP PHP 7.0.1 PHP PHP 7.0.10 PHP PHP 7.0.11 PHP PHP 7.0.12 PHP PHP 7.0.13 PHP PHP 7.0.14 PHP PHP 7.0.15 PH...

PHP CVE-2019-11045 Multiple Unspecified Security Vulnerabilities

Description PHP is prone to multiple unspecified security vulnerabilities. An attacker can exploit these issues to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. PHP 7.2.0 through 7.2.26, 7.3.0 through 7.3.12 and 7.4.0 are...

Drupal Core SA-CORE-2019-009 Denial of Service Vulnerability

Description Drupal Core is prone to a remote denial-of-service vulnerability. An attacker can leverage this issue to cause denial-of-service condition. The following versions are vulnerable: Drupal 8.7.x versions prior to 8.7.11. Drupal 8.8.x versions prior to 8.8.1. Technologies Affected Drupal...