Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-6530 | 1 Panasonic | 1 Control Fpwin Pro | 2020-10-16 | 6.8 MEDIUM | 7.8 HIGH |
| Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user causing heap-based buffer overflows, which may lead to remote code execution. | |||||
| CVE-2019-1868 | 1 Cisco | 1 Webex Meetings Server | 2020-10-16 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the web-based management interface of Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to access sensitive system information. The vulnerability is due to improper access control to files within the web-based management interface. An attacker could exploit this vulnerability by sending a malicious request to an affected device. A successful exploit could allow the attacker to access sensitive system information. | |||||
| CVE-2019-1861 | 1 Cisco | 1 Industrial Network Director | 2020-10-16 | 9.0 HIGH | 7.2 HIGH |
| A vulnerability in the software update feature of Cisco Industrial Network Director could allow an authenticated, remote attacker to execute arbitrary code. The vulnerability is due to improper validation of files uploaded to the affected application. An attacker could exploit this vulnerability by authenticating to the affected system using administrator privileges and uploading an arbitrary file. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges. | |||||
| CVE-2019-5627 | 1 Bluecats | 1 Bc Reveal | 2020-10-16 | 2.1 LOW | 7.8 HIGH |
| The iOS mobile application BlueCats Reveal before 5.14 stores the username and password in the app cache as base64 encoded strings, i.e. clear text. These persist in the cache even if the user logs out. This can allow an attacker to compromise the affected BlueCats network implementation. The attacker would first need to gain physical control of the iOS device or compromise it with a malicious app. | |||||
| CVE-2019-5626 | 1 Bluecats | 1 Bluecats Reveal | 2020-10-16 | 2.1 LOW | 7.8 HIGH |
| The Android mobile application BlueCats Reveal before 3.0.19 stores the username and password in a clear text file. This file persists until the user logs out or the session times out from non-usage (30 days of no user activity). This can allow an attacker to compromise the affected BlueCats network implementation. The attacker would first need to gain physical control of the Android device or compromise it with a malicious app. | |||||
| CVE-2019-5625 | 1 Eaton | 1 Halo Home | 2020-10-16 | 3.6 LOW | 7.1 HIGH |
| The Android mobile application Halo Home before 1.11.0 stores OAuth authentication and refresh access tokens in a clear text file. This file persists until the user logs out of the application and reboots the device. This vulnerability can allow an attacker to impersonate the legitimate user by reusing the stored OAuth token, thus allowing them to view and change the user's personal information stored in the backend cloud service. The attacker would first need to gain physical control of the Android device or compromise it with a malicious app. | |||||
| CVE-2020-15176 | 1 Glpi-project | 1 Glpi | 2020-10-16 | 5.0 MEDIUM | 8.6 HIGH |
| In GLPI before version 9.5.2, when supplying a back tick in input that gets put into a SQL query,the application does not escape or sanitize allowing for SQL Injection to occur. Leveraging this vulnerability an attacker is able to exfiltrate sensitive information like passwords, reset tokens, personal details, and more. The issue is patched in version 9.5.2 | |||||
| CVE-2019-1858 | 1 Cisco | 139 7000 10-slot, 7000 18-slot, 7000 4-slot and 136 more | 2020-10-16 | 5.0 MEDIUM | 8.6 HIGH |
| A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the SNMP application to leak system memory, which could cause an affected device to restart unexpectedly. The vulnerability is due to improper error handling when processing inbound SNMP packets. An attacker could exploit this vulnerability by sending multiple crafted SNMP packets to an affected device. A successful exploit could allow the attacker to cause the SNMP application to leak system memory because of an improperly handled error condition during packet processing. Over time, this memory leak could cause the SNMP application to restart multiple times, leading to a system-level restart and a denial of service (DoS) condition. | |||||
| CVE-2019-1806 | 1 Cisco | 210 Esw2-350g52dc, Esw2-350g52dc Firmware, Esw2-550x48dc and 207 more | 2020-10-16 | 6.8 MEDIUM | 7.7 HIGH |
| A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco Small Business Sx200, Sx300, Sx500, ESW2 Series Managed Switches and Small Business Sx250, Sx350, Sx550 Series Switches could allow an authenticated, remote attacker to cause the SNMP application of an affected device to cease processing traffic, resulting in the CPU utilization reaching one hundred percent. Manual intervention may be required before a device resumes normal operations. The vulnerability is due to improper validation of SNMP protocol data units (PDUs) in SNMP packets. An attacker could exploit this vulnerability by sending a malicious SNMP packet to an affected device. A successful exploit could allow the attacker to cause the device to cease forwarding traffic, which could result in a denial of service (DoS) condition. Cisco has released firmware updates that address this vulnerability. | |||||
| CVE-2019-1814 | 1 Cisco | 54 Sf300-08, Sf300-08 Firmware, Sf300-24 and 51 more | 2020-10-16 | 5.0 MEDIUM | 8.6 HIGH |
| A vulnerability in the interactions between the DHCP and TFTP features for Cisco Small Business 300 Series (Sx300) Managed Switches could allow an unauthenticated, remote attacker to cause the device to become low on system memory, which in turn could lead to an unexpected reload of the device and result in a denial of service (DoS) condition on an affected device. The vulnerability is due to a failure to free system memory when an unexpected DHCP request is received. An attacker could exploit this vulnerability by sending a crafted DHCP packet to the targeted device. A successful exploit could allow the attacker to cause an unexpected reload of the device. | |||||
| CVE-2019-3622 | 2 Mcafee, Microsoft | 2 Data Loss Prevention Endpoint, Windows | 2020-10-16 | 4.6 MEDIUM | 8.2 HIGH |
| Files or Directories Accessible to External Parties in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows authenticated user to redirect DLPe log files to arbitrary locations via incorrect access control applied to the DLPe log folder allowing privileged users to create symbolic links. | |||||
| CVE-2019-1873 | 1 Cisco | 10 Asa 5506-x, Asa 5506-x Firmware, Asa 5506h-x and 7 more | 2020-10-16 | 7.8 HIGH | 8.6 HIGH |
| A vulnerability in the cryptographic driver for Cisco Adaptive Security Appliance Software (ASA) and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reboot unexpectedly. The vulnerability is due to incomplete input validation of a Secure Sockets Layer (SSL) or Transport Layer Security (TLS) ingress packet header. An attacker could exploit this vulnerability by sending a crafted TLS/SSL packet to an interface on the targeted device. An exploit could allow the attacker to cause the device to reload, which will result in a denial of service (DoS) condition. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed and transparent firewall mode and in single or multiple context mode. This vulnerability can be triggered by IPv4 and IPv6 traffic. A valid SSL or TLS session is required to exploit this vulnerability. | |||||
| CVE-2019-1920 | 1 Cisco | 7 Access Points, Aironet 3700e, Aironet 3700e Firmware and 4 more | 2020-10-16 | 6.1 MEDIUM | 7.4 HIGH |
| A vulnerability in the 802.11r Fast Transition (FT) implementation for Cisco IOS Access Points (APs) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected interface. The vulnerability is due to a lack of complete error handling condition for client authentication requests sent to a targeted interface configured for FT. An attacker could exploit this vulnerability by sending crafted authentication request traffic to the targeted interface, causing the device to restart unexpectedly. | |||||
| CVE-2019-1893 | 1 Cisco | 1 Enterprise Nfv Infrastructure Software | 2020-10-16 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS) of an affected device as root. The vulnerability is due to insufficient input validation of a configuration file that is accessible to a local shell user. An attacker could exploit this vulnerability by including malicious input during the execution of this file. A successful exploit could allow the attacker to execute arbitrary commands on the underlying OS as root. | |||||
| CVE-2019-5629 | 1 Rapid7 | 1 Insight Agent | 2020-10-16 | 7.2 HIGH | 7.8 HIGH |
| Rapid7 Insight Agent, version 2.6.3 and prior, suffers from a local privilege escalation due to an uncontrolled DLL search path. Specifically, when Insight Agent 2.6.3 and prior starts, the Python interpreter attempts to load python3.dll at "C:\DLLs\python3.dll," which normally is writable by locally authenticated users. Because of this, a malicious local user could use Insight Agent's startup conditions to elevate to SYSTEM privileges. This issue was fixed in Rapid7 Insight Agent 2.6.4. | |||||
| CVE-2019-1886 | 1 Cisco | 2 Asyncos, Web Security Appliance | 2020-10-16 | 5.0 MEDIUM | 8.6 HIGH |
| A vulnerability in the HTTPS decryption feature of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of Secure Sockets Layer (SSL) server certificates. An attacker could exploit this vulnerability by installing a malformed certificate in a web server and sending a request to it through the Cisco WSA. A successful exploit could allow the attacker to cause an unexpected restart of the proxy process on an affected device. | |||||
| CVE-2019-1889 | 1 Cisco | 1 Application Policy Infrastructure Controller | 2020-10-16 | 9.0 HIGH | 7.2 HIGH |
| A vulnerability in the REST API for software device management in Cisco Application Policy Infrastructure Controller (APIC) Software could allow an authenticated, remote attacker to escalate privileges to root on an affected device. The vulnerability is due to incomplete validation and error checking for the file path when specific software is uploaded. An attacker could exploit this vulnerability by uploading malicious software using the REST API. A successful exploit could allow an attacker to escalate their privilege level to root. The attacker would need to have the administrator role on the device. | |||||
| CVE-2019-5442 | 1 Pippo | 1 Pippo | 2020-10-16 | 5.0 MEDIUM | 7.5 HIGH |
| XML Entity Expansion (Billion Laughs Attack) on Pippo 1.12.0 results in Denial of Service.Entities are created recursively and large amounts of heap memory is taken. Eventually, the JVM process will run out of memory. Otherwise, if the OS does not bound the memory on that process, memory will continue to be exhausted and will affect other processes on the system. | |||||
| CVE-2019-6581 | 1 Siemens | 5 Siveillance Video Management Software 2017 R2, Siveillance Video Management Software 2018 R1, Siveillance Video Management Software 2018 R2 and 2 more | 2020-10-16 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in Siveillance VMS 2017 R2 (All versions < V11.2a), Siveillance VMS 2018 R1 (All versions < V12.1a), Siveillance VMS 2018 R2 (All versions < V12.2a), Siveillance VMS 2018 R3 (All versions < V12.3a), Siveillance VMS 2019 R1 (All versions < V13.1a). An attacker with network access to port 80/TCP could change user roles without proper authorization. The security vulnerability could be exploited by an authenticated attacker with network access to the affected service. No user interaction is required to exploit this security vulnerability. Successful exploitation compromises confidentiality, integrity and availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2020-6654 | 1 Eaton | 1 9000x Programming And Configuration Software | 2020-10-16 | 4.4 MEDIUM | 7.8 HIGH |
| A DLL Hijacking vulnerability in Eaton's 9000x Programming and Configuration Software v 2.0.38 and prior allows an attacker to execute arbitrary code by replacing the required DLLs with malicious DLLs when the software try to load vci11un6.DLL and cinpl.DLL. | |||||
| CVE-2019-1908 | 1 Cisco | 5 Integrated Management Controller Supervisor, Ucs C125 M5, Ucs C4200 and 2 more | 2020-10-16 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the Intelligent Platform Management Interface (IPMI) implementation of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to view sensitive system information. The vulnerability is due to insufficient security restrictions imposed by the affected software. A successful exploit could allow the attacker to view sensitive information that belongs to other users. The attacker could then use this information to conduct additional attacks. | |||||
| CVE-2019-1863 | 1 Cisco | 13 Encs 5100, Encs 5400, Integrated Management Controller Supervisor and 10 more | 2020-10-16 | 9.0 HIGH | 8.1 HIGH |
| A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to make unauthorized changes to the system configuration. The vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow a user with read-only privileges to change critical system configurations using administrator privileges. | |||||
| CVE-2019-1907 | 1 Cisco | 5 Integrated Management Controller Supervisor, Ucs C125 M5, Ucs C4200 and 2 more | 2020-10-16 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to set sensitive configuration values and gain elevated privileges. The vulnerability is due to improper handling of substring comparison operations that are performed by the affected software. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker with read-only privileges to gain administrator privileges. | |||||
| CVE-2019-1957 | 1 Cisco | 1 Iot Field Network Director | 2020-10-16 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability in the web interface of Cisco IoT Field Network Director could allow an unauthenticated, remote attacker to trigger high CPU usage, resulting in a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of Transport Layer Security (TLS) renegotiation requests. An attacker could exploit this vulnerability by sending renegotiation requests at a high rate. A successful exploit could increase the resource usage on the system, eventually leading to a DoS condition. | |||||
| CVE-2019-1944 | 1 Cisco | 1 Adaptive Security Appliance Software | 2020-10-16 | 4.4 MEDIUM | 7.3 HIGH |
| Multiple vulnerabilities in the smart tunnel functionality of Cisco Adaptive Security Appliance (ASA) could allow an authenticated, local attacker to elevate privileges to the root user or load a malicious library file while the tunnel is being established. For more information about these vulnerabilities, see the Details section of this security advisory. | |||||
| CVE-2019-1918 | 1 Cisco | 2 Carrier Routing System, Ios Xr | 2020-10-16 | 6.1 MEDIUM | 7.4 HIGH |
| A vulnerability in the implementation of Intermediate System–to–Intermediate System (IS–IS) routing protocol functionality in Cisco IOS XR Software could allow an unauthenticated attacker who is in the same IS-IS area to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of IS–IS link-state protocol data units (PDUs). An attacker could exploit this vulnerability by sending specific link-state PDUs to an affected system to be processed. A successful exploit could allow the attacker to cause incorrect calculations used in the weighted remote shared risk link groups (SRLG) or in the IGP Flexible Algorithm. It could also cause tracebacks to the logs or potentially cause the receiving device to crash the IS–IS process, resulting in a DoS condition. | |||||
| CVE-2019-2386 | 1 Mongodb | 1 Mongodb | 2020-10-16 | 6.0 MEDIUM | 7.1 HIGH |
| After user deletion in MongoDB Server the improper invalidation of authorization sessions allows an authenticated user's session to persist and become conflated with new accounts, if those accounts reuse the names of deleted ones. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.9; v3.6 versions prior to 3.6.13; v3.4 versions prior to 3.4.22. | |||||
| CVE-2019-3767 | 1 Dell | 1 Imageassist | 2020-10-16 | 1.9 LOW | 8.2 HIGH |
| Dell ImageAssist versions prior to 8.7.15 contain an information disclosure vulnerability. Dell ImageAssist stores some sensitive encrypted information in the images it creates. A privileged user of a system running an operating system that was deployed with Dell ImageAssist could potentially retrieve this sensitive information to then compromise the system and related systems. | |||||
| CVE-2019-3763 | 1 Dell | 2 Rsa Identity Governance And Lifecycle, Rsa Via Lifecycle And Governance | 2020-10-16 | 2.1 LOW | 7.8 HIGH |
| The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain an information exposure vulnerability. The Office 365 user password may get logged in a plain text format in the Office 365 connector debug log file. An authenticated malicious local user with access to the debug logs may obtain the exposed password to use in further attacks. | |||||
| CVE-2019-1939 | 2 Cisco, Microsoft | 2 Webex Teams, Windows | 2020-10-16 | 9.3 HIGH | 8.8 HIGH |
| A vulnerability in the Cisco Webex Teams client for Windows could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. This vulnerability is due to improper restrictions on software logging features used by the application on Windows operating systems. An attacker could exploit this vulnerability by convincing a targeted user to visit a website designed to submit malicious input to the affected application. A successful exploit could allow the attacker to cause the application to modify files and execute arbitrary commands on the system with the privileges of the targeted user. | |||||
| CVE-2019-5479 | 1 Larvit | 1 Larvitbase | 2020-10-16 | 5.0 MEDIUM | 7.5 HIGH |
| An unintended require vulnerability in <v0.5.5 larvitbase-api may allow an attacker to load arbitrary non-production code (JavaScript file). | |||||
| CVE-2019-1968 | 1 Cisco | 92 Mds 9000, Mds 9100, Mds 9140 and 89 more | 2020-10-16 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an NX-API system process to unexpectedly restart. The vulnerability is due to incorrect validation of the HTTP header of a request that is sent to the NX-API. An attacker could exploit this vulnerability by sending a crafted HTTP request to the NX-API on an affected device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition in the NX-API service; however, the NX-OS device itself would still be available and passing network traffic. Note: The NX-API feature is disabled by default. | |||||
| CVE-2019-1965 | 1 Cisco | 87 7000 10-slot, 7000 18-slot, 7000 4-slot and 84 more | 2020-10-16 | 4.0 MEDIUM | 7.7 HIGH |
| A vulnerability in the Virtual Shell (VSH) session management for Cisco NX-OS Software could allow an authenticated, remote attacker to cause a VSH process to fail to delete upon termination. This can lead to a build-up of VSH processes that overtime can deplete system memory. When there is no system memory available, this can cause unexpected system behaviors and crashes. The vulnerability is due to the VSH process not being properly deleted when a remote management connection to the device is disconnected. An attacker could exploit this vulnerability by repeatedly performing a remote management connection to the device and terminating the connection in an unexpected manner. A successful exploit could allow the attacker to cause the VSH processes to fail to delete, which can lead to a system-wide denial of service (DoS) condition. The attacker must have valid user credentials to log in to the device using the remote management connection. | |||||
| CVE-2019-1966 | 1 Cisco | 8 Nx-os, Ucs 6248 Up Fabric Interconnect, Ucs 6296 Up Fabric Interconnect and 5 more | 2020-10-16 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in a specific CLI command within the local management (local-mgmt) context for Cisco UCS Fabric Interconnect Software could allow an authenticated, local attacker to gain elevated privileges as the root user on an affected device. The vulnerability is due to extraneous subcommand options present for a specific CLI command within the local-mgmt context. An attacker could exploit this vulnerability by authenticating to an affected device, entering the local-mgmt context, and issuing a specific CLI command and submitting user input. A successful exploit could allow the attacker to execute arbitrary operating system commands as root on an affected device. The attacker would need to have valid user credentials for the device. | |||||
| CVE-2019-1967 | 1 Cisco | 92 Mds 9000, Mds 9100, Mds 9140 and 89 more | 2020-10-16 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability in the Network Time Protocol (NTP) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to excessive use of system resources when the affected device is logging a drop action for received MODE_PRIVATE (Mode 7) NTP packets. An attacker could exploit this vulnerability by flooding the device with a steady stream of Mode 7 NTP packets. A successful exploit could allow the attacker to cause high CPU and memory usage on the affected device, which could cause internal system processes to restart or cause the affected device to unexpectedly reload. Note: The NTP feature is enabled by default. | |||||
| CVE-2019-5635 | 1 Belwith-keeler | 2 Hickory Smart Ethernet Bridge, Hickory Smart Ethernet Bridge Firmware | 2020-10-16 | 5.0 MEDIUM | 7.5 HIGH |
| A cleartext transmission of sensitive information vulnerability is present in Hickory Smart Ethernet Bridge from Belwith Products, LLC. Captured data reveals that the Hickory Smart Ethernet Bridge device communicates over the network to an MQTT broker without using encryption. This exposed the default username and password used to authenticate to the MQTT broker. This issue affects Hickory Smart Ethernet Bridge, model number H077646. The firmware does not appear to contain versioning information. | |||||
| CVE-2020-15849 | 1 Re-desk | 1 Re\ | 2020-10-16 | 6.5 MEDIUM | 7.2 HIGH |
| Re:Desk 2.3 has a blind authenticated SQL injection vulnerability in the SettingsController class, in the actionEmailTemplates() method. A malicious actor with access to an administrative account could abuse this vulnerability to recover sensitive data from the application's database, allowing for authorization bypass and taking over additional accounts by means of modifying password-reset tokens stored in the database. Remote command execution is also possible by leveraging this to abuse the Yii framework's bizRule functionality, allowing for arbitrary PHP code to be executed by the application. Remote command execution is also possible by using this together with a separate insecure file upload vulnerability (CVE-2020-15488). | |||||
| CVE-2019-16767 | 1 Inist | 1 Ezmaster | 2020-10-16 | 9.0 HIGH | 7.2 HIGH |
| The admin sys mode is now conditional and dedicated for the special case. By default, since ezmaster@5.2.11 no instance (container) is launched with advanced capabilities (not launched as root) | |||||
| CVE-2019-18575 | 1 Dell | 1 Command\|configure | 2020-10-16 | 6.6 MEDIUM | 7.1 HIGH |
| Dell Command Configure versions prior to 4.2.1 contain an uncontrolled search path vulnerability. A locally authenticated malicious user could exploit this vulnerability by creating a symlink to a target file, allowing the attacker to overwrite or corrupt a specified file on the system. | |||||
| CVE-2020-3508 | 1 Cisco | 141 1000v, Asr 1000, Asr 1000-x and 138 more | 2020-10-16 | 6.1 MEDIUM | 7.4 HIGH |
| A vulnerability in the IP Address Resolution Protocol (ARP) feature of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers with a 20-Gbps Embedded Services Processor (ESP) installed could allow an unauthenticated, adjacent attacker to cause an affected device to reload, resulting in a denial of service condition. The vulnerability is due to insufficient error handling when an affected device has reached platform limitations. An attacker could exploit this vulnerability by sending a malicious series of IP ARP messages to an affected device. A successful exploit could allow the attacker to exhaust system resources, which would eventually cause the affected device to reload. | |||||
| CVE-2019-15956 | 1 Cisco | 2 Asyncos, Web Security Appliance | 2020-10-16 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability in the web management interface of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform an unauthorized system reset on an affected device. The vulnerability is due to improper authorization controls for a specific URL in the web management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could have a twofold impact: the attacker could either change the administrator password, gaining privileged access, or reset the network configuration details, causing a denial of service (DoS) condition. In both scenarios, manual intervention is required to restore normal operations. | |||||
| CVE-2019-13520 | 1 Fujielectric | 2 Alpha5 Smart Loader, Alpha5 Smart Loader Firmware | 2020-10-16 | 6.8 MEDIUM | 7.8 HIGH |
| Multiple buffer overflow issues have been identified in Alpha5 Smart Loader: All versions prior to 4.2. An attacker could use specially crafted project files to overflow the buffer and execute code under the privileges of the application. | |||||
| CVE-2019-14811 | 5 Artifex, Debian, Fedoraproject and 2 more | 5 Ghostscript, Debian Linux, Fedora and 2 more | 2020-10-16 | 6.8 MEDIUM | 7.8 HIGH |
| A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands. | |||||
| CVE-2019-14817 | 5 Artifex, Debian, Fedoraproject and 2 more | 5 Ghostscript, Debian Linux, Fedora and 2 more | 2020-10-16 | 6.8 MEDIUM | 7.8 HIGH |
| A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands. | |||||
| CVE-2019-1634 | 1 Cisco | 13 Encs 5100, Encs 5400, Integrated Management Controller Supervisor and 10 more | 2020-10-16 | 9.0 HIGH | 7.2 HIGH |
| A vulnerability in the Intelligent Platform Management Interface (IPMI) of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on the underlying operating system (OS). The vulnerability is due to insufficient input validation of user-supplied commands. An attacker who has administrator privileges and access to the network where the IPMI resides could exploit this vulnerability by submitting crafted input to the affected commands. A successful exploit could allow the attacker to gain root privileges on the affected device. | |||||
| CVE-2019-13522 | 1 Ezautomation | 1 Ez Plc Editor | 2020-10-16 | 6.8 MEDIUM | 7.8 HIGH |
| An attacker could use a specially crafted project file to corrupt the memory and execute code under the privileges of the EZ PLC Editor Versions 1.8.41 and prior. | |||||
| CVE-2019-13540 | 1 Deltaww | 1 Tpeditor | 2020-10-16 | 6.8 MEDIUM | 7.8 HIGH |
| Delta Electronics TPEditor, Versions 1.94 and prior. Multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, which may allow an attacker to remotely execute arbitrary code. | |||||
| CVE-2019-13556 | 1 Advantech | 1 Webaccess | 2020-10-16 | 6.5 MEDIUM | 8.8 HIGH |
| In WebAccess versions 8.4.1 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. | |||||
| CVE-2019-13921 | 1 Siemens | 1 Simatic Winac Rtx \(f\) 2010 | 2020-10-16 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in SIMATIC WinAC RTX (F) 2010 (All versions < SP3 Update 1). Affected versions of the software contain a vulnerability that could allow an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large HTTP request is sent to the executing service. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the service provided by the software. | |||||
| CVE-2019-1654 | 1 Cisco | 6 Aironet 1540, Aironet 1560, Aironet 1800 and 3 more | 2020-10-16 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in the development shell (devshell) authentication for Cisco Aironet Series Access Points (APs) running the Cisco AP-COS operating system could allow an authenticated, local attacker to access the development shell without proper authentication, which allows for root access to the underlying Linux OS. The attacker would need valid device credentials. The vulnerability exists because the software improperly validates user-supplied input at the CLI authentication prompt for development shell access. An attacker could exploit this vulnerability by authenticating to the device and entering crafted input at the CLI. A successful exploit could allow the attacker to access the AP development shell without proper authentication, which allows for root access to the underlying Linux OS. Software versions prior to 8.3.150.0, 8.5.135.0, and 8.8.100.0 are affected. | |||||