Overview : |
Cisco Firepower Management Center Remote Code Execution VulnerabilityCWE-20 / CVE-2019-12689 A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system of an affected device. Cisco Firepower Management Center SQL Injection VulnerabilitiesCWE-89 / CVE-2019-12679, CVE-2019-12680, CVE-2019-12681, CVE-2019-12682, CVE-2019-12683, CVE-2019-12684, CVE-2019-12685, CVE-2019-12686 Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. Cisco FXOS Software and Firepower Threat Defense Software Command Injection VulnerabilitiesCWE-20 / CVE-2019-12699 Multiple vulnerabilities in the CLI of Cisco FXOS Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute commands on the underlying operating system (OS) with root privileges. Cisco FTD, FMC, and FXOS Software Pluggable Authentication Module Denial of Service VulnerabilityCWE-400 / CVE-2019-12700 A vulnerability in the configuration of the Pluggable Authentication Module (PAM) used in Cisco Firepower Threat Defense (FTD) Software, Cisco Firepower Management Center (FMC) Software, and Cisco FXOS Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. Cisco Firepower Threat Defense Software Multi-instance Container Escape VulnerabilitiesCWE-216 / CVE-2019-12674, CVE-2019-12675 Multiple vulnerabilities in the multi-instance feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to escape the container for their FTD instance and execute commands with root privileges in the host namespace. Cisco Firepower Management Center Remote Code Execution VulnerabilityCWE-119 / CVE-2019-12687, CVE-2019-12688 A vulnerability in the web UI of the Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. Cisco Firepower Management Center Command Injection VulnerabilityCWE-78 / CVE-2019-12690 A vulnerability in the web UI of the Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to inject arbitrary commands that are executed with the privileges of the root user of the underlying operating system. Multiple Cisco Unified Communications Products Cross-Site Request Forgery VulnerabilityCWE-352 / CVE-2019-1915 A vulnerability in the web-based interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition (SME), Cisco Unified Communications Manager IM and Presence (Unified CM IM&P) Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. Cisco Adaptive Security Appliance Software SSL VPN Denial of Service VulnerabilityCWE-172 / CVE-2019-12677 A vulnerability in the Secure Sockets Layer (SSL) VPN feature of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition that prevents the creation of new SSL/Transport Layer Security (TLS) connections to an affected device. Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software OSPF LSA Processing Denial of Service VulnerabilityCWE-20 / CVE-2019-12676 A vulnerability in the Open Shortest Path First (OSPF) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SIP Inspection Denial of Service VulnerabilityCWE-191 / CVE-2019-12678 A vulnerability in the Session Initiation Protocol (SIP) inspection module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software IKEv1 Denial of Service VulnerabilityCWE-113 / CVE-2019-15259 A vulnerability in Cisco Unified Contact Center Express (UCCX) Software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. Cisco Security Manager Java Deserialization VulnerabilityCWE-20 / CVE-2019-12630 A vulnerability in the Java deserialization function used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. Cisco Prime Infrastructure Cross-Site Scripting VulnerabilityCWE-79 / CVE-2019-12713 A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. Cisco Prime Infrastructure Cross-Site Scripting VulnerabilityCWE-79 / CVE-2019-12712 A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. Cisco Identity Services Engine Cross-Site Scripting VulnerabilityCWE-79 / CVE-2019-12631 A vulnerability in the web-based guest portal of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. Cisco IC3000 Industrial Compute Gateway Denial of Service VulnerabilityCWE-400 / CVE-2019-12714 A vulnerability in the web-based management interface of Cisco IC3000 Industrial Compute Gateway could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. Cisco Firepower Threat Defense Software Command Injection VulnerabilityCWE-20 / CVE-2019-12694 A vulnerability in the command line interface (CLI) of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker with administrative privileges to execute commands on the underlying operating system with root privileges. Cisco Firepower Management Center Directory Traversal VulnerabilityCWE-22 / CVE-2019-12691 A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to perform a directory traversal attack on an affected device. Cisco Firepower System Software Detection Engine RTF and RAR Malware and File Policy Bypass VulnerabilitiesCWE-693 / CVE-2019-12696, CVE-2019-12697 Multiple vulnerabilities in the Cisco Firepower System Software Detection Engine could allow an unauthenticated, remote attacker to bypass configured Malware and File Policies for RTF and RAR file types. Cisco Firepower Management Center Software File and Malware Policy Bypass VulnerabilityCWE-20 / CVE-2019-12701 A vulnerability in the file and malware inspection feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass the file and malware inspection policies on an affected system. Cisco Email Security Appliance Filter Bypass VulnerabilityCWE-20 / CVE-2019-12706 A vulnerability in the Sender Policy Framework (SPF) functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the configured user filters on an affected device. Cisco Unified Communications Manager XML External Expansion VulnerabilityCWE-611 / CVE-2019-12711 A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to access sensitive information or cause a denial of service (DoS) condition. Cisco Unified Communications Manager Cross-Site Scripting VulnerabilityCWE-79 / CVE-2019-12716 A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. Cisco Unified Communications Manager Cross-Site Scripting VulnerabilityCWE-79 / CVE-2019-12715 A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. Multiple Cisco Unified Communications Products Cross-Site Scripting VulnerabilityCWE-79 / CVE-2019-12707 A vulnerability in the web-based interface of multiple Cisco Unified Communications products could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. Cisco Unified Communications Manager SQL Injection VulnerabilityCWE-89 / CVE-2019-12710 A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an authenticated, remote attacker to impact the confidentiality of an affected system by executing arbitrary SQL queries. Cisco Adaptive Security Appliance and Firepower Threat Defense Software WebVPN Cross-Site Scripting VulnerabilityCWE-79 / CVE-2019-12695 A vulnerability in the Clientless SSL VPN (WebVPN) portal of Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. Cisco Adaptive Security Appliance Software Secure Copy Denial of Service VulnerabilityCWE-704 / CVE-2019-12693 A vulnerability in the Secure Copy (SCP) feature of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software WebVPN CPU Denial of Service VulnerabilityCWE-400 / CVE-2019-12698 A vulnerability in the WebVPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause increased CPU utilization on an affected device. |
Cisco announces vulnerabilities
CVE-2024-53490 : CLOUDFAVORITES FAVORITES-WEB 1.3.0 SECURITYFILTER.JAVA PATH TRAVERSAL
Description Favorites-web 1.3.0 favorites-web has a directory traversal vulnerability in SecurityFilter.java. References https://github.com/DYX217/directory-traversal For More Information CVERecord
CVE-2024-54679 : CYBERPANEL RESTARTMYSQL DENIAL OF SERVICE
Description CyberPanel (aka Cyber Panel) before 6778ad1 does not require the FilemanagerAdmin capability for restartMySQL actions. References https://github.com/usmannasir/cyberpanel/commit/6778ad1eaae41f72365da8fd021f9a60369600dc For More
CVE-2024-38829 : VMWARE SPRING LDAP UP TO 2.4.3/3.0.9/3.1.7/3.2.7 STRING.TOLOWERCASE/STRING.TOUPPERCASE CASE SENSITIVITY
Description A vulnerability in VMware Tanzu Spring LDAP allows data exposure for case sensitive comparisons. This issue affects Spring LDAP: