Microsoft Git for Visual Studio CVE-2019-1351 Tampering Security Bypass Vulnerability

Description Microsoft Git for Visual Studio is prone to a security bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. Technologies Affected Microsoft Visual Studio 2017 15.0 Microsoft Visual Studio 2017 15.1 Microsoft...

Multiple Intel Processors CVE-2019-14607 Multiple Security Vulnerabilities

Description Multiple Intel Processors are prone to multiple security vulnerabilities. A local attacker can leverage these issues to obtain sensitive information, gain elevated privileges and cause denial of service conditions. This may aid in further attacks. Technologies Affected Intel 6th...

Adobe Brackets CVE-2019-8255 Unspecified Command Injection Vulnerability

Description Adobe Brackets is prone to an unspecified command-injection vulnerability. Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the affected application. Failed exploit attempts may cause a denial-of-service condition. Brackets 1.14 and...

Adobe ColdFusion CVE-2019-8256 Remote Privilege Escalation Vulnerability

Description Adobe ColdFusion is prone to a remote privilege-escalation vulnerability. An attacker may exploit this issue to gain elevated privileges. Successful exploits may aid in further attacks. Technologies Affected Adobe ColdFusion 10 Adobe ColdFusion 10 Update 1 Adobe ColdFusion 10 Update 1...

Microsoft Windows Hyper-V CVE-2019-1470 Information Disclosure Vulnerability

Description Microsoft Windows is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Hyper-V Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft...

Firecracker CVE-2019-18960 Buffer Overflow Vulnerability

Description Firecracker is prone to a buffer-overflow vulnerability. An attacker can exploit this issue to cause the application to crash, denying service to legitimate users. Technologies Affected Firecracker Firecracker 0.18.0 Firecracker Firecracker 0.19.0 Recommendations Block external access...

Apple iOS/iPadOS/tvOS/watchOS CVE-2019-8836 Memory Corruption Vulnerability

Description Apple iOS, iPadOS, tvOS and watchOS are prone to a memory corruption vulnerability. An attacker can leverage this issue to execute arbitrary code with kernel privileges. Failed exploit attempts will likely result in denial-of-service conditions. This issue is fixed in: Apple iOS 13.3...

Microsoft Windows CVE-2019-1483 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges. Technologies Affected Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft...

D-Link DIR-615 CVE-2019-19743 Privilege Escalation Vulnerability

Description D-Link DIR-615 is prone to a privilege-escalation vulnerability. An attacker may exploit this issue to gain elevated privileges. Technologies Affected D-Link DIR-615 Recommendations Block external access at the network boundary, unless external parties require service. If applicable,...

Electronic Logbook Multiple Cross Site Scripting Vulnerabilities

Description Electronic Logbook is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. Th...

Broadcom CA Nolio CVE-2019-19230 Deserialization Remote Code Execution Vulnerability

Description Broadcom CA Nolio is prone to a remote-code execution vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions. Broadcom CA Nolio version 6.6 is...

Multiple Trend Micro Products CVE-2019-18190 Arbitrary Code Execution Vulnerability

Description Multiple Trend Micro Products are prone to an arbitrary code-execution vulnerability. An attacker can leverage this issue to crash the affected application or execute arbitrary code in the context of the affected application. Technologies Affected Trend Micro Antivirus+ Security 16.0...

SQLite Multiple Security Vulnerabilities

Description SQLite is prone to the following security vulnerabilities. 1. A denial-of-service vulnerability 2. A security vulnerability An attacker can exploit these issues to cause the application to crash, denying service to legitimate users. Technologies Affected SQLite SQLite 1.2.2 SQLite...

OpenStack Keystone CVE-2019-19687 Information Disclosure Vulnerability

Description OpenStack Keystone is prone to an information-disclosure vulnerability. An attacker may leverage this issue to obtain potentially sensitive information that may aid in further attacks. Technologies Affected OpenStack Keystone 15.0.0 OpenStack Keystone 16.0.0 Recommendations Block...

Symantec Industrial Control System Protection CVE-2019-18380 Unauthorized Access Vulnerability

Description Symantec Industrial Control System Protection is prone to an unauthorized access vulnerability. An attacker can exploit this issue to gain unauthorized access and perform unintended actions. This may lead to further attacks. Symantec Industrial Control System Protection 6.x.x versions...

Multiple QNAP Products NAS-201911-27 Multiple Security Vulnerabilities

Description Multiple QNAP products are prone to multiple security vulnerabilities because they fail to properly sanitize user-supplied input. An attacker may leverage these issues to gain unauthorized access to the affected device and execute arbitrary script code in the browser of an unsuspectin...

IBM API Connect CVE-2019-4444 Local Information Disclosure Vulnerability

Description IBM API Connect is prone to a local information-disclosure vulnerability. An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. IBM API Connect 2018.4.1.0 through 2018.4.1.7 are vulnerable. Technologies Affected IBM API Connect 2018.4.1 IB...

Linux Kernel CVE-2019-19965 Null Pointer Dereference Denial of Service Vulnerability

Description Linux Kernel is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause denial-of-service conditions. Linux Kernel versions through 5.4.6 are vulnerable. Technologies Affected Linux kernel 3.0 Linux kernel 3.0-rc1 Linux kernel 3.0.1 Linux kernel 3.0.18...

Linux Kernel CVE-2019-19947 Memory Leak Denial of Service Vulnerability

Description Linux Kernel is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause denial-of-service conditions. Linux kernel versions through 5.4.6 are vulnerable. Technologies Affected Linux kernel 2.6.0 Linux kernel 2.6.1 Linux kernel 2.6.11 .11 Linux kernel...

Openssl CVE-2019-1551 Integer Overflow Vulnerability

Description Openssl is prone to an integer-overflow vulnerability. An attacker can exploit this issue to perform unauthorized actions; this may aid in launching further attacks. OpenSSL versions 1.1.1 and 1.0.2 are vulnerable. Technologies Affected OpenSSL Project OpenSSL 1.0.2 OpenSSL Project...

OpenSLP CVE-2019-5544 Heap Memory Corruption Vulnerability

Description OpenSLP is prone to a heap-memory-corruption vulnerability. An attacker can exploit this issue to crash the affected application or execute arbitrary code within the context of the affected application. OpenSLP 1.2.1 and 2.0.0 are vulnerable; other versions may also be affected...

IBM Planning Analytics Local Multiple Security Vulnerabilities

Description IBM Planning Analytics Local is prone to the following security vulnerabilities: 1. An arbitrary file-upload vulnerability 2. A cross-site scripting vulnerability An attacker may leverage these issues to upload arbitrary files or execute arbitrary script code in the browser of an...

Symantec Messaging Gateway Multiple Issues

SUMMARY Symantec has released an update to address issues that were discovered in the Symantec Messaging Gateway SMG product. AFFECTED PRODUCTS Symantec Messaging Gateway SMG --- CVE | Affected Versions | Remediation CVE-2019-18377 CVE-2019-18378 CVE-2019-18379 | Prior to 10.7.3 | Upgrade to 10.7...

Symantec Norton Password Manager CVE-2019-18381 Cross-Origin Security Bypass Vulnerability

Description Symantec Norton Password Manager is prone to a security bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. Versions prior to Symantec Norton Password Manager...

Adobe Stock CVE-2019-19595 Remote Code Execution Vulnerability

Description Adobe Stock is prone to remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the affected system. Technologies Affected Adobe Stock 4.8 PrestaShop PrestaShop 1.4 PrestaShop PrestaShop 1.6.0 Recommendations Deploy netwo...

Linux Kernel Multiple Denial of Service Vulnerabilities

Description Linux Kernel is prone to multiple denial-of-service vulnerabilities. Local attackers can exploit these issues to cause denial-of-service conditions. Linux Kernel versions prior to 5.2.9 are vulnerable. Technologies Affected Linux kernel 2.0.0 Linux kernel 2.0.1 Linux kernel 2.0.10 Lin...

ABB PB610 Multiple Security Vulnerabilities

Description ABB PB610 Panel Builder 600 is prone to the following vulnerabilities: 1. Multiple denial-of-service vulnerabilities 2. An arbitrary code-execution vulnerability 3. An unauthorized file-access vulnerability Attackers can exploit these issues to execute arbitrary code, access or read...

AMD 'ATIDXX64.DLL' Driver CVE-2019-5098 Denial of Service Vulnerability

Description An AMD ATI driver is prone to denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. Due to the nature of this issue, code execution may be possible but this has not been confirmed. Technologies Affected AMD ATI Radeon AMD ATI Radeo...

Atlassian Companion CVE-2019-15006 Security Bypass Vulnerability

Description Atlassian Companion is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions or conduct man-in-the-middle attack; this may aid in launching further attacks. Technologies Affected Atlassian...

Dell Command Configure CVE-2019-18575 Arbitrary File Overwrite Vulnerability

Description Dell Command Configure is prone to an arbitrary file-overwrite vulnerability. Successful exploits may allow an attacker to write arbitrary files in the context of the user running the affected application. Dell Command Configure prior to 4.2.1 are vulnerable. Technologies Affected Del...

Symantec Norton Password Manager CVE-2019-19545 Cross-Origin Security Bypass Vulnerability

Description Symantec Norton Password Manager is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. Versions prior to Symantec Norton Password Manager...

Symantec Norton Password Manager CVE-2019-19546 Information Disclosure Vulnerability

Description Symantec Norton Password Manager is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Symantec Norton Password Manager versions prior to 6.6.2.5 are vulnerable. Technologies...

Symantec ICSP Unauthorized Access

SUMMARY Symantec has released an update to address an issue that was discovered in the Industrial Control System Protection ICSP product. AFFECTED PRODUCTS Industrial Control System Protection ICSP --- CVE | Affected Versions | Remediation CVE-2019-18380 | ICSP 6.x.x | Upgrade to ICSP 6.1.1.123...

CZ.NIC Knot Resolver CVE-2019-19331 Denial of Service Vulnerability

Description CZ.NIC Knot Resolver is prone to a denial-of-service vulnerability. Remote attackers can exploit this issue to cause denial-of-service condition. Knot Resolver versions prior to 4.3.0 are vulnerable. Technologies Affected CZ.NIC labs Knot Resolver 2.0.0 CZ.NIC labs Knot Resolver 2.1.0...

VMware Harbor Container Registry for PCF Multiple Security Vulnerabilities

Description VMware Harbor Container Registry for PCF is prone to the following security vulnerabilities. 1. Multiple SQL-injection vulnerabilities 2. A cross-site request forgery vulnerability 3. A privilege-escalation vulnerability 4. A user-enumeration vulnerability Exploiting this issue...

Multiple Linux Distributions CVE-2019-14899 Security Bypass Vulnerability

Description Multiple Linux Distributions are prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks. Technologies Affected Apple iOS Apple macOS Archlinux Linux 2019.05...

Apache Olingo Multiple Security Vulnerabilities

Description Apache Olingo is prone to the following security vulnerabilities: 1. An XML External Entity injection vulnerability 2. A denial-of-service vulnerability 3. A remote-code execution vulnerability Attackers can exploit these issues to gain access to sensitive information, cause...

Facebook Mcrouter Multiple Denial of Service Vulnerabilities

Description Facebook Mcrouter is prone to multiple denial of service vulnerabilities. An attacker can exploit these issues to cause a denial of service condition. Technologies Affected Facebook Mcrouter 0.1.0 Facebook Mcrouter 0.10.0 Facebook Mcrouter 0.20.0 Facebook Mcrouter 0.30.0 Facebook...

CESNET libyang Multiple Stack Based Buffer Overflow Vulnerabilities

Description CESNET libyang is prone to multiple stack-based buffer-overflow vulnerabilities because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. An attacker can exploit these issues to execute arbitrary code in the context of a...

OpenBSD Multiple Privilege Escalation and Authentication Bypass Vulnerabilities

Description OpenBSD is prone to multiple privilege-escalation and authentication-bypass vulnerabilities. An attacker may leverage these issues to bypass the authentication mechanism and gain elevated privileges. This may aid in further attacks. OpenBSD 6.6 version is vulnerable; other versions ma...

Palo Alto Networks PAN-OS CVE-2019-17437 Privilege Escalation Vulnerability

Description Palo Alto Networks PAN-OS is prone to a privilege-escalation vulnerability. An attacker can exploit this issue to obtain elevated privileges. PAN-OS 7.1 versions prior to 7.1.25, 8.0 versions prior to 8.0.20, 8.1 versions prior to 8.1.11, 9.0 versions prior to 9.0.5 are vulnerable...

IBM Cloud Pak System Multiple Security Vulnerabilities

Description IBM Cloud Pak System is prone to the following security vulnerabilities: 1. An arbitrary command-execution vulnerability 2. A cross-site request-forgery vulnerability An attacker can exploit these issues to execute arbitrary commands or perform unauthorized actions in the context of...

Wireshark CVE-2019-19553 Denial of Service Vulnerability

Description Wireshark is prone to a remote denial-of-service vulnerability because it fails to properly handle certain type of packets. An attacker can leverage this issue to crash the affected application, denying service to legitimate users. Wireshark versions 3.0.0 through 3.0.6 and 2.6.0...

Redhat KeyCloak CVE-2019-14909 Authentication Bypass Vulnerability

Description Redhat KeyCloak is prone to an authentication-bypass vulnerability. Remote attackers can exploit this issue to bypass the authentication mechanism and gain unauthorized access. Technologies Affected Redhat keycloak 7.0.0 Redhat keycloak 7.0.1.Final Recommendations Block external acces...

Linux Kernel Multiple Local Denial of Service Vulnerabilities

Description Linux Kernel is prone to multiple local denial-of-service vulnerabilities. Local attackers can exploit these issues to cause denial-of-service conditions. Linux Kernel versions prior to 5.3.9 are vulnerable. Technologies Affected Linux kernel 2.0.0 Linux kernel 2.0.1 Linux kernel 2.0....

Mozilla Firefox Multiple Security Vulnerabilities

Description Mozilla Firefox is prone to the following security vulnerabilities: 1. An unspecified memory-corruption vulnerability 2. An information-disclosure vulnerability 3. A denial-of-service vulnerability Attackers can exploit these issues to execute arbitrary code, obtain sensitive...

Kubernetes API Server CVE-2018-1002102 Open Redirection Vulnerability

Description Kubernetes API Server is prone to an open-redirection vulnerability. An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in...

Linux Kernel Multiple Use After Free Local Denial of Service Vulnerabilities

Description Linux Kernel is prone to multiple local denial-of-service vulnerabilities. Local attackers can exploit these issues to cause denial-of-service conditions. Linux Kernel versions prior to 5.3.7 are vulnerable. Technologies Affected Linux kernel 2.0.0 Linux kernel 2.0.1 Linux kernel 2.0....

Dell Command Update DSA-2019-162 Multiple Arbitrary File Deletion Vulnerabilities

Description Dell Command Update is prone to multiple arbitrary-file-deletion vulnerabilities. Successfully exploiting these issues will allow attackers to delete arbitrary files in the context of the application. Dell Command Update version prior to 3.1 are vulnerable. Technologies Affected Dell...

Redhat KeyCloak CVE-2019-14910 Authentication Bypass Vulnerability

Description Redhat KeyCloak is prone to an authentication-bypass vulnerability. Remote attackers can exploit this issue to bypass the authentication mechanism and gain unauthorized access. Technologies Affected Redhat keycloak 7.0.0 Redhat keycloak 7.0.1.Final Recommendations Block external acces...