Total
9858 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-15986 | 1 Cisco | 1 Unity Express | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the CLI of Cisco Unity Express could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. To exploit this vulnerability, an attacker would need valid administrator credentials. The vulnerability is due to improper input validation for certain CLI commands that are executed on a vulnerable system. An attacker could exploit this vulnerability by logging in to the system and sending crafted CLI commands. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root. | |||||
| CVE-2019-15974 | 1 Cisco | 1 Managed Services Accelerator | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web interface of Cisco Managed Services Accelerator (MSX) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by intercepting a user's HTTP request and modifying it into a request that causes the web interface to redirect the user to a specific malicious URL. A successful exploit could allow the attacker to redirect a user to a malicious web page. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites. | |||||
| CVE-2019-15966 | 1 Cisco | 1 Telepresence Advanced Media Gateway | 2024-11-21 | 6.8 MEDIUM | 7.7 HIGH |
| A vulnerability in the web application of Cisco TelePresence Advanced Media Gateway could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the lack of input validation in the web application. An attacker could exploit this vulnerability by sending a crafted authenticated HTTP request to the device. An exploit could allow the attacker to stop services on an affected device. The device may become inoperable and results in a denial of service (DoS) condition. | |||||
| CVE-2019-15959 | 1 Cisco | 10 Spa500 Series Ip Phones Firmware, Spa500ds, Spa500s and 7 more | 2024-11-21 | 4.6 MEDIUM | 6.6 MEDIUM |
| A vulnerability in Cisco Small Business SPA500 Series IP Phones could allow a physically proximate attacker to execute arbitrary commands on the device. The vulnerability is due to the presence of development testing and verification scripts that remained on the device. An attacker could exploit this vulnerability by accessing the physical interface of a device and inserting a USB storage device. A successful exploit could allow the attacker to execute scripts on the device in an elevated security context. | |||||
| CVE-2019-15958 | 1 Cisco | 2 Evolved Programmable Network Manager, Prime Infrastructure | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in the REST API of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network Manager (EPNM) could allow an unauthenticated remote attacker to execute arbitrary code with root privileges on the underlying operating system. The vulnerability is due to insufficient input validation during the initial High Availability (HA) configuration and registration process of an affected device. An attacker could exploit this vulnerability by uploading a malicious file during the HA registration period. A successful exploit could allow the attacker to execute arbitrary code with root-level privileges on the underlying operating system. Note: This vulnerability can only be exploited during the HA registration period. See the Details section for more information. | |||||
| CVE-2019-15957 | 1 Cisco | 11 Rv016 Multi-wan Vpn, Rv016 Multi-wan Vpn Firmware, Rv042 Dual Wan Vpn and 8 more | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker with administrative privileges to inject arbitrary commands into the underlying operating system. When processed, the commands will be executed with root privileges. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by providing malicious input to a specific field in the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system as the root user. | |||||
| CVE-2019-15915 | 1 Mi | 8 Dgnwg03lm, Dgnwg03lm Firmware, Mccgq01lm and 5 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, RTCGQ01LM devices. Attackers can utilize the "discover ZigBee network procedure" to perform a denial of service attack. | |||||
| CVE-2019-15914 | 1 Mi | 10 Dgnwg03lm, Dgnwg03lm Firmware, Mccgq01lm and 7 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, WSDCGQ01LM, RTCGQ01LM devices. Attackers can use the ZigBee trust center rejoin procedure to perform mutiple denial of service attacks. | |||||
| CVE-2019-15912 | 1 Asus | 14 As-101, As-101 Firmware, Dl-101 and 11 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices using ZigBee PRO. Attackers can use the ZigBee trust center rejoin procedure to perform mutiple denial of service attacks. | |||||
| CVE-2019-15910 | 1 Asus | 14 As-101, As-101 Firmware, Dl-101 and 11 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices using ZigBee PRO. Attackers can utilize the "discover ZigBee network procedure" to perform a denial of service attack. | |||||
| CVE-2019-15880 | 1 Freebsd | 1 Freebsd | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In FreeBSD 12.1-STABLE before r356911, and 12.1-RELEASE before p5, insufficient checking in the cryptodev module allocated the size of a kernel buffer based on a user-supplied length allowing an unprivileged process to trigger a kernel panic. | |||||
| CVE-2019-15874 | 2 Freebsd, Netapp | 2 Freebsd, Clustered Data Ontap | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In FreeBSD 12.1-STABLE before r356035, 12.1-RELEASE before 12.1-RELEASE-p4, 11.3-STABLE before r356036, and 11.3-RELEASE before 11.3-RELEASE-p8, incomplete packet data validation may result in memory access after it has been freed leading to a kernel panic or other unpredictable results. | |||||
| CVE-2019-15709 | 1 Fortinet | 3 Fortiap-s, Fortiap-u, Fortiap-w2 | 2024-11-21 | 8.5 HIGH | 6.5 MEDIUM |
| An improper input validation in FortiAP-S/W2 6.2.0 to 6.2.2, 6.0.5 and below, FortiAP-U 6.0.1 and below CLI admin console may allow unauthorized administrators to overwrite system files via specially crafted tcpdump commands in the CLI. | |||||
| CVE-2019-15705 | 1 Fortinet | 1 Fortios | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An Improper Input Validation vulnerability in the SSL VPN portal of FortiOS versions 6.2.1 and below, and 6.0.6 and below may allow an unauthenticated remote attacker to crash the SSL VPN service by sending a crafted POST request. | |||||
| CVE-2019-15640 | 1 Limesurvey | 1 Limesurvey | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Limesurvey before 3.17.10 does not validate both the MIME type and file extension of an image. | |||||
| CVE-2019-15639 | 1 Digium | 1 Asterisk | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| main/translate.c in Sangoma Asterisk 13.28.0 and 16.5.0 allows a remote attacker to send a specific RTP packet during a call and cause a crash in a specific scenario. | |||||
| CVE-2019-15624 | 3 Nextcloud, Opensuse, Suse | 3 Nextcloud Server, Backports, Suse Linux Enterprise Server | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders. | |||||
| CVE-2019-15324 | 1 Ad Inserter Project | 1 Ad Inserter | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The ad-inserter plugin before 2.4.22 for WordPress has remote code execution. | |||||
| CVE-2019-15289 | 1 Cisco | 7 Roomos, Telepresence Collaboration Endpoint, Webex Board 55 and 4 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| Multiple vulnerabilities in the video service of Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by sending crafted traffic to the video service of an affected endpoint. A successful exploit could allow the attacker to cause the video service to crash, resulting in a DoS condition on an affected device. | |||||
| CVE-2019-15288 | 1 Cisco | 3 Roomos, Telepresence Codec, Telepresence Collaboration Endpoint | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE), Cisco TelePresence Codec (TC), and Cisco RoomOS Software could allow an authenticated, remote attacker to escalate privileges to an unrestricted user of the restricted shell. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including specific arguments when opening an SSH connection to an affected device. A successful exploit could allow the attacker to gain unrestricted user access to the restricted shell of an affected device. | |||||