| Look At This Overview : |
Cisco Firepower Management Center Remote Code Execution VulnerabilityManay CWE-20 / CVE-2019-12689 A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system of an affected device. Cisco Firepower Management Center SQL Injection VulnerabilitiesCWE-89 / CVE-2019-12679, CVE-2019-12680, CVE-2019-12681, CVE-2019-12682, CVE-2019-12683, CVE-2019-12684, CVE-2019-12685, CVE-2019-12686 Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. Cisco FXOS Software and Firepower Threat Defense Software Command Injection VulnerabilitiesCWE-20 / CVE-2019-12699 Multiple vulnerabilities in the CLI of Cisco FXOS Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute commands on the underlying operating system (OS) with root privileges. Cisco FTD, FMC, and FXOS Software Pluggable Authentication Module Denial of Service VulnerabilityCWE-400 / CVE-2019-12700 A vulnerability in the configuration of the Pluggable Authentication Module (PAM) used in Cisco Firepower Threat Defense (FTD) Software, Cisco Firepower Management Center (FMC) Software, and Cisco FXOS Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. Cisco Firepower Threat Defense Software Multi-instance Container Escape VulnerabilitiesCWE-216 / CVE-2019-12674, CVE-2019-12675 Multiple vulnerabilities in the multi-instance feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to escape the container for their FTD instance and execute commands with root privileges in the host namespace. Cisco Firepower Management Center Remote Code Execution VulnerabilityCWE-119 / CVE-2019-12687, CVE-2019-12688 A vulnerability in the web UI of the Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. Cisco Firepower Management Center Command Injection VulnerabilityCWE-78 / CVE-2019-12690 A vulnerability in the web UI of the Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to inject arbitrary commands that are executed with the privileges of the root user of the underlying operating system. Multiple Cisco Unified Communications Products Cross-Site Request Forgery VulnerabilityCWE-352 / CVE-2019-1915 A vulnerability in the web-based interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition (SME), Cisco Unified Communications Manager IM and Presence (Unified CM IM&P) Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. Cisco Adaptive Security Appliance Software SSL VPN Denial of Service VulnerabilityCWE-172 / CVE-2019-12677 A vulnerability in the Secure Sockets Layer (SSL) VPN feature of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition that prevents the creation of new SSL/Transport Layer Security (TLS) connections to an affected device. Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software OSPF LSA Processing Denial of Service VulnerabilityCWE-20 / CVE-2019-12676 A vulnerability in the Open Shortest Path First (OSPF) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SIP Inspection Denial of Service VulnerabilityCWE-191 / CVE-2019-12678 A vulnerability in the Session Initiation Protocol (SIP) inspection module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software IKEv1 Denial of Service VulnerabilityCWE-113 / CVE-2019-15259 A vulnerability in Cisco Unified Contact Center Express (UCCX) Software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. Cisco Security Manager Java Deserialization VulnerabilityCWE-20 / CVE-2019-12630 A vulnerability in the Java deserialization function used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. Cisco Prime Infrastructure Cross-Site Scripting VulnerabilityCWE-79 / CVE-2019-12713 A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. Cisco Prime Infrastructure Cross-Site Scripting VulnerabilityCWE-79 / CVE-2019-12712 A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. Cisco Identity Services Engine Cross-Site Scripting VulnerabilityCWE-79 / CVE-2019-12631 A vulnerability in the web-based guest portal of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. Cisco IC3000 Industrial Compute Gateway Denial of Service VulnerabilityCWE-400 / CVE-2019-12714 A vulnerability in the web-based management interface of Cisco IC3000 Industrial Compute Gateway could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. Cisco Firepower Threat Defense Software Command Injection VulnerabilityCWE-20 / CVE-2019-12694 A vulnerability in the command line interface (CLI) of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker with administrative privileges to execute commands on the underlying operating system with root privileges. Cisco Firepower Management Center Directory Traversal VulnerabilityCWE-22 / CVE-2019-12691 A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to perform a directory traversal attack on an affected device. Cisco Firepower System Software Detection Engine RTF and RAR Malware and File Policy Bypass VulnerabilitiesCWE-693 / CVE-2019-12696, CVE-2019-12697 Multiple vulnerabilities in the Cisco Firepower System Software Detection Engine could allow an unauthenticated, remote attacker to bypass configured Malware and File Policies for RTF and RAR file types. Cisco Firepower Management Center Software File and Malware Policy Bypass VulnerabilityCWE-20 / CVE-2019-12701 A vulnerability in the file and malware inspection feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass the file and malware inspection policies on an affected system. Cisco Email Security Appliance Filter Bypass VulnerabilityCWE-20 / CVE-2019-12706 A vulnerability in the Sender Policy Framework (SPF) functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the configured user filters on an affected device. Cisco Unified Communications Manager XML External Expansion VulnerabilityCWE-611 / CVE-2019-12711 A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to access sensitive information or cause a denial of service (DoS) condition. Cisco Unified Communications Manager Cross-Site Scripting VulnerabilityCWE-79 / CVE-2019-12716 A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. Cisco Unified Communications Manager Cross-Site Scripting VulnerabilityCWE-79 / CVE-2019-12715 A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. Multiple Cisco Unified Communications Products Cross-Site Scripting VulnerabilityCWE-79 / CVE-2019-12707 A vulnerability in the web-based interface of multiple Cisco Unified Communications products could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. Cisco Unified Communications Manager SQL Injection VulnerabilityCWE-89 / CVE-2019-12710 A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an authenticated, remote attacker to impact the confidentiality of an affected system by executing arbitrary SQL queries. Cisco Adaptive Security Appliance and Firepower Threat Defense Software WebVPN Cross-Site Scripting VulnerabilityCWE-79 / CVE-2019-12695 A vulnerability in the Clientless SSL VPN (WebVPN) portal of Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. Cisco Adaptive Security Appliance Software Secure Copy Denial of Service VulnerabilityCWE-704 / CVE-2019-12693 A vulnerability in the Secure Copy (SCP) feature of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software WebVPN CPU Denial of Service VulnerabilityCWE-400 / CVE-2019-12698 A vulnerability in the WebVPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause increased CPU utilization on an affected device. |
Cisco announces vulnerabilities
- Prophaze WAF
- October 3, 2019
- 9:16 am
- Prophaze WAF
- October 3, 2019
- 9:16 am
Common Vulnerabilityies and Exposures
Contact us to get started
CVE-2024-22144 : ELI SCHEETZ ANTI-MALWARE SECURITY AND BRUTE-FORCE FIREWALL PLUGIN CODE INJECTION
Description Improper Control of Generation of Code (‘Code Injection’) vulnerability in Eli Scheetz Anti-Malware Security and Brute-Force Firewall gotmls allows
CVE-2024-26922 : LINUX KERNEL UP TO 6.9-RC4 AMDGPU PRIVILEGE ESCALATION
Description In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more
CVE-2024-21511 : MYSQL2 UP TO 3.9.6 READCODEFOR TIMEZONE CODE INJECTION
Description Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the