6867 matches found
Broadcom CA Client Automation CVE-2019-19231 Local Privilege Escalation Vulnerability
Description Broadcom CA Client Automation is prone to a local privilege-escalation vulnerability. Local attackers may exploit this issue to execute arbitrary command with elevated privileges on the affected system. Broadcom CA Client Automation versions 14.0, 14.1, 14.2, 14.3 are vulnerable...
IBM Spectrum Scale CVE-2019-4558 Local Privilege Escalation Vulnerability
Description IBM Spectrum Scale is prone to a local privilege-escalation vulnerability. An attacker may exploit this issue to gain root privileges. The following IBM products are affected: IBM Spectrum Scale versions 5.0.0.0 through 5.0.3.2 and 4.2.0.0 through 4.2.3.17 are vulnerable. IBM Elastic...
PHP CVE-2019-11045 Multiple Unspecified Security Vulnerabilities
Description PHP is prone to multiple unspecified security vulnerabilities. An attacker can exploit these issues to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. PHP 7.2.0 through 7.2.26, 7.3.0 through 7.3.12 and 7.4.0 are...
Apache Tomcat CVE-2019-12418 Local Privilege Escalation Vulnerability
Description Apache Tomcat is prone to local privilege-escalation vulnerability. A local attacker can exploit this issue to gain elevated privileges and gain complete control over the server. Apache Tomcat versions 9.0.0.M1 through 9.0.28 are vulnerable. Technologies Affected Apache Tomcat 9.0.0.M...
PHP CVE-2019-11046 Buffer Underflow Vulnerability
Description PHP is prone to a buffer-underflow vulnerability. An attacker can exploit this issue to cause denial-of-service conditions. Due to the nature of this issue, arbitrary code execution may be possible but this has not been confirmed. PHP 7.2.x versions prior to 7.2.26, 7.3.x versions pri...
PHP CVE-2019-11047 Heap Buffer Overflow Vulnerability
Description PHP is prone to a heap-based buffer-overflow vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions. PHP 7.2.x versions prior to 7.2.26, 7.3.x...
Apache Log4j CVE-2019-17571 Deserialization Remote Code Execution Vulnerability
Description Apache Log4j is prone to remote code-execution vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions. Apache Log4j versions through 1.2.17 are...
Apache Tomcat CVE-2019-17563 Session Fixation Vulnerability
Description Apache Tomcat is prone to a session-fixation vulnerability. An attacker can exploit this issue to hijack an arbitrary session and gain unauthorized access to the affected application. Apache Tomcat versions 9.0.0.M1 through 9.0.29 are vulnerable. Technologies Affected Apache Tomcat...
PHP PEAR 'Archive_Tar' Multiple Security Vulnerabilities
Description PEAR ArchiveTar is prone to multiple security vulnerabilities. An attacker can exploit these issues to execute arbitrary code in the context of the application, obtain sensitive information, bypass certain security restrictions and perform unauthorized actions. PEAR ArchiveTar version...
Drupal Core SA-CORE-2019-009 Denial of Service Vulnerability
Description Drupal Core is prone to a remote denial-of-service vulnerability. An attacker can leverage this issue to cause denial-of-service condition. The following versions are vulnerable: Drupal 8.7.x versions prior to 8.7.11. Drupal 8.8.x versions prior to 8.8.1. Technologies Affected Drupal...
Drupal Core SA-CORE-2019-010 Multiple Security Vulnerabilities
Description Drupal is prone to multiple security vulnerabilities. An attacker can exploit these issues to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. Drupal versions 8.7.x prior to 8.7.11 and versions 8.8.x prior to 8.8.1 are...
SQLite CVE-2019-19880 Denial of Service Vulnerability
Description SQLite is prone to a denial of service vulnerability. Attackers can exploit this issue to cause denial-of-service conditions. SQLite 3.30.1 is vulnerable; other versions may also be affected. Technologies Affected SQLite SQLite 3.30.1 Recommendations Block external access at the netwo...
Django CVE-2019-19844 Security Bypass Vulnerability
Description Django is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks. Technologies Affected Djangoproject Django 1.11 Djangoproject Django 1.11.1 Djangoproject...
Linux kernel Multiple Security Vulnerabilities
Description Linux kernel are prone to multiple security vulnerabilities. An attacker can exploit these issues to execute arbitrary code and cause denial-of-service conditions. Linux kernel 5.0.21 is vulnerable; other versions may also be affected. Technologies Affected Linux kernel 5.0.21...
Multiple Citrix Products CVE-2019-19781 Remote Code Execution Vulnerability
Description Multiple Citrix Products are prone to a remote code-execution vulnerability. Successfully exploiting this issue will allow attackers to execute arbitrary code within the context of the application. Technologies Affected Citrix NetScaler Gateway 10.5 Citrix NetScaler Gateway 11.1 Citri...
TYPO3 CVE-2019-19850 SQL Injection Vulnerability
Description TYPO3 is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the...
Multiple TIBCO Spotfire Products CVE-2019-17336 Multiple Information Disclosure Vulnerabilities
Description Multiple TIBCO Spotfire Products are prone to multiple information-disclosure vulnerabilities. An attacker can exploit these issues to obtain sensitive information. That may aid in further attacks. The following products are affected: TIBCO Spotfire Analytics Platform for AWS...
TYPO3 TYPO3-PSA-2019-011 Remote Code Execution Vulnerability
Description TYPO3 is prone to a remote code-execution vulnerability. Successfully exploiting this issue allows an attacker to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions. Versions prior to TYPO3 8.7.30 and 9.5.12 a...
Google Chrome CVE-2019-13767 Use After Free Vulnerability
Description Google Chrome is prone to a use-after-free vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the browser, or cause denial-of-service conditions. Versions prior to Chrome 79.0.3945.88 are vulnerable. Technologies Affected Google Chrome 0.1.38.1...
TYPO3 Form Framework TYPO3-CORE-SA-2019-021 Cross Site Scripting Vulnerability
Description TYPO3 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker...
Microsoft SharePoint Server CVE-2019-1491 Information Disclosure Vulnerability
Description Microsoft SharePoint Server is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Foundation 2010 SP2...
TYPO3 CVE-2019-19849 Multiple Remote Code Execution Vulnerabilities
Description TYPO3 is prone to multiple remote code-execution vulnerabilities. Successfully exploiting these issues allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions. Versions prior to TYPO3 8.7.30,...
Multiple Jenkins Plugins Multiple Security Vulnerabilities
Description Jenkins plugins are prone to the following vulnerabilities: 1. Multiple information-disclosure vulnerabilities. 2. Multiple cross-site request forgery vulnerabilities. 3. Multiple HTML-injection vulnerabilities. 4. An XML External Entity injection vulnerability An attacker may...
Multiple TIBCO Spotfire Products CVE-2019-17337 Cross Site Scripting Vulnerability
Description Multiple TIBCO Spotfire Products are prone to a cross-site scripting vulnerability because they fail to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected sit...
Multiple TIBCO Spotfire Products CVE-2019-17334 Remote Code Execution Vulnerability
Description Multiple TIBCO Spotfire Products are prone to a remote code-execution vulnerability. An attacker may leverage this issue to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions. The following products are...
Shadow CVE-2019-19882 Multiple Local Privilege Escalation Vulnerabilities
Description Shadow is prone to multiple local privilege-escalation vulnerabilities. A local attacker can exploit these issues to gain elevated privileges. Shadow 4.8 is vulnerable; other versions may also be affected. Technologies Affected Shadow-Maint Shadow 4.8 Recommendations Permit local acce...
IBM API Connect CVE-2019-4609 Information Disclosure Vulnerability
Description IBM API Connect is prone to an information-disclosure vulnerability. Remote attackers can exploit this issue to obtain sensitive information that may lead to further attacks. IBM API Connect 2018.4.1.7 is vulnerable; other versions may also affected. Technologies Affected IBM API...
General Electric S2020/S2020G Fast Switch 61850 CVE-2019-18267 Cross Site Scripting Vulnerability
Description General Electric S2020/S2020G Fast Switch is is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the...
Multiple TIBCO Spotfire Products CVE-2019-17335 Multiple Unauthorized Access Vulnerabilities
Description Multiple TIBCO Spotfire Products are prone to multiple unauthorized-access vulnerabilities. Attackers can exploit these issues to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. The following products are affected: TIBCO Spotfire Analytics...
Apache Superset CVE-2019-12413 Information Disclosure Vulnerability
Description Apache Superset is prone to an information-disclosure vulnerability. An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. Apache Superset version prior to 0.31 are vulnerable. Technologies Affected Apache Superset 0.20 Apache Superset 0.2...
Linux Kernel CVE-2019-19332 Local Denial of Service Vulnerability
Description Linux Kernel is prone to a local denial-of-service vulnerability. Attackers can exploit this issue to crash the affected application, denying service to legitimate users. Technologies Affected Linux kernel 2.0.0 Linux kernel 2.0.1 Linux kernel 2.0.10 Linux kernel 2.0.11 Linux kernel...
Atlassian Application Links CVE-2019-15011 Information Disclosure Vulnerability
Description Atlassian Application Links is prone to an information-disclosure vulnerability. An attacker can exploit this issue to obtain sensitive information. That may aid in further attacks. The following versions of Atlassian Application Links are affected: Versions prior to 5.0.12 Versions...
Atlassian JIRA CVE-2019-15013 Authorization Bypass Vulnerability
Description Atlassian JIRA is prone to an authorization-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. The following versions of Atlassian JIRA are affected: Versions pri...
Apache Superset CVE-2019-12414 Information Disclosure Vulnerability
Description Apache Superset is prone to an information-disclosure vulnerability. An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. Apache Superset version prior to 0.32 are vulnerable. Technologies Affected Apache Superset 0.20 Apache Superset 0.2...
Atlassian Crowd CVE-2017-18107 Cross Site Request Forgery Vulnerability
Description Atlassian Crowd is prone to a cross-site request-forgery vulnerability because it fails to properly validate HTTP requests. Exploiting this issue allows a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also...
Apache Xerces-C CVE-2018-1311 Remote Code Execution Vulnerability
Description Apache Xerces-C is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the affected application or cause denial-of-service conditions. Apache Xerces-C versions 3.0.0 through 3.2.2 are vulnerable. Technologies...
PHP CVE-2019-11044 Multiple Unspecified Security Vulnerabilities
Description PHP is prone to multiple unspecified security vulnerabilities. An attacker can exploit these issues to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. PHP 7.2.0 through 7.2.25, 7.3.0 through 7.3.12 and 7.4.0 are...
Linux Kernel CVE-2019-19807 Denial of Service Vulnerability
Description Linux Kernel is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause denial-of-service conditions. Linux kernel versions prior to 5.3.11 are vulnerable. Technologies Affected Linux kernel 2.0.0 Linux kernel 2.0.1 Linux kernel 2.0.10 Linux kernel 2.0.11...
Ansible Tower CVE-2019-19341 Information Disclosure Vulnerability
Description Ansible Tower is prone to an information-disclosure vulnerability. An attacker can exploit this issue to obtain sensitive information. That may aid in further attacks. Ansible Tower versions 3.6.1 and 3.5.3 are vulnerable; other versions may also be affected. Technologies Affected...
Ansible Tower Multiple Security Vulnerabilities
Description Ansible Tower is prone to multiple security vulnerabilities. An attacker can exploit these issues to gain unauthorized access or obtain sensitive information. That may aid in further attacks. Ansible Tower versions 3.6.1 and 3.5.3 are vulnerable; other versions may also be affected...
ZOHO ManageEngine EventLog Analyzer CVE-2019-19774 Security Bypass Vulnerability
Description ZOHO ManageEngine EventLog Analyzer is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in launching further attacks. ManageEngine EventLog Analyzer 10.0 SP1 is vulnerabl...
Dovecot CVE-2019-19722 Denial of Service Vulnerability
Description Dovecot is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to crash the affected application, denying service to legitimate users. Dovecot versions 2.3.9 and 2.3.9.1 are vulnerable. Technologies Affected Dovecot Dovecot 2.3.9 Dovecot Dovecot 2.3.9.1...
IBM MQ and MQ Appliance CVE-2019-4560 Denial of Service Vulnerability
Description IBM MQ is prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash the process, denying service to legitimate users. The following versions of IBM MQ and MQ Appliance are affected: IBM MQ versions 9.1 CD, 9.1 LTS, 9.0 LTS and 8.0 are vulnerable. IBM MQ...
Atlassian FishEye and Crucible CVE-2019-15009 Unauthorized Access Vulnerability
Description Atlassian FishEye and Crucible are prone to an unauthorized-access vulnerability. Attackers can exploit this issue to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. Versions prior to FishEye and Crucible 4.8.0 are vulnerable. Technologies...
WordPress Prior to 5.3.1 Multiple Security Vulnerabilities
Description WordPress is prone to multiple security vulnerabilities. An attacker may leverage these issues to bypass certain security restrictions and perform unauthorized actions or execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may...
Advantech DiagAnywhere CVE-2019-18257 Multiple Stack Buffer Overflow Vulnerabilities
...
Omron PLC CJ/CS/NJ Series CVE-2019-18261 Authentication Bypass Vulnerability
Description Omron PLC CJ, CS and NJ Series are prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and aid in brute-force attacks; other attacks may also be possible. The following products of Omron Programmable Logic...
Omron PLC CJ/CS Series ICSA-19-346-02 Multiple Security Vulnerabilities
Description Omron PLC CJ and CS Series are prone to multiple security vulnerabilities. An attacker may leverage these issues to bypass the authentication mechanism and gain unauthorized access to the affected application. The following products of Omron Programmable Logic Controllers are affected...
WordPress ListingPro Plugin Cross Site Scripting and Multiple HTML Injection Vulnerabilities
Description The ListingPro plugin for WordPress is prone to a cross-site scripting vulnerability and multiple HTML injection vulnerabilities because it fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of th...
Linux Kernel CVE-2019-19768 Local Denial of Service Vulnerability
Description Linux Kernel is prone to a local denial-of-service vulnerability. Attackers can exploit this issue to crash the affected application, denying service to legitimate users. Linux Kernel versions 5.4.0-rc2 is vulnerable; other versions may also be affected. Technologies Affected Linux...