Search Results (83330 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-3747 1 Dell 5 Emc Idpa Dp4400, Emc Idpa Dp5800, Emc Idpa Dp8300 and 2 more 2024-11-21 4.8 Medium
Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a stored cross-site scripting vulnerability. A remote malicious ACM admin user may potentially exploit this vulnerability to store malicious HTML or JavaScript code in Cloud DR add-on specific field. When victim users access the page through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application.
CVE-2019-3729 1 Dell 1 Bsafe Micro-edition-suite 2024-11-21 2.4 Low
RSA BSAFE Micro Edition Suite versions prior to 4.4 (in 4.0.x, 4.1.x, 4.2.x and 4.3.x) are vulnerable to a Heap-based Buffer Overflow vulnerability when parsing ECDSA signature. A malicious user with adjacent network access could potentially exploit this vulnerability to cause a crash in the library of the affected system.
CVE-2019-3727 1 Dell 2 Emc Recoverpoint, Recoverpoint For Virtual Machines 2024-11-21 N/A
Dell EMC RecoverPoint versions prior to 5.1.3 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an OS command injection vulnerability in the installation feature of Boxmgmt CLI. A malicious boxmgmt user may potentially be able to execute arbitrary commands as root.
CVE-2019-3725 1 Rsa 2 Netwitness, Security Analytics 2024-11-21 N/A
RSA Netwitness Platform versions prior to 11.2.1.1 and RSA Security Analytics versions prior to 10.6.6.1 are vulnerable to a Command Injection vulnerability due to missing input validation in the product. A remote unauthenticated malicious user could exploit this vulnerability to execute arbitrary commands on the server.
CVE-2019-3721 1 Dell 1 Emc Openmanage Server Administrator 2024-11-21 7.5 High
Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 contain an Improper Range Header Processing Vulnerability. A remote unauthenticated attacker may send crafted requests with overlapping ranges to cause the application to compress each of the requested bytes, resulting in a crash due to excessive memory consumption and preventing users from accessing the system.
CVE-2019-3710 1 Dell 1 Emc Networking Os10 2024-11-21 8.1 High
Dell EMC Networking OS10 versions prior to 10.4.3 contain a cryptographic key vulnerability due to an underlying application using undocumented, pre-installed X.509v3 key/certificate pairs. An unauthenticated remote attacker with the knowledge of the default keys may potentially be able to intercept communications or operate the system with elevated privileges.
CVE-2019-3709 1 Dell 1 Emc Isilonsd Management Server 2024-11-21 N/A
IsilonSD Management Server 1.1.0 contains a cross-site scripting vulnerability while registering vCenter servers. A remote attacker can trick an admin user to potentially exploit this vulnerability to execute malicious HTML or JavaScript code in the context of the admin user.
CVE-2019-3708 1 Dell 1 Emc Isilonsd Management Server 2024-11-21 N/A
IsilonSD Management Server 1.1.0 contains a cross-site scripting vulnerability while uploading an OVA file. A remote attacker can trick an admin user to potentially exploit this vulnerability to execute malicious HTML or JavaScript code in the context of the admin user.
CVE-2019-3705 1 Dell 4 Idrac6 Firmware, Idrac7 Firmware, Idrac8 Firmware and 1 more 2024-11-21 9.8 Critical
Dell EMC iDRAC6 versions prior to 2.92, iDRAC7/iDRAC8 versions prior to 2.61.60.60, and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22 and 3.23.23.23 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to crash the webserver or execute arbitrary code on the system with privileges of the webserver by sending specially crafted input data to the affected system.
CVE-2019-3704 1 Dell 2 Emc Vnx2, Emc Vnx2 Firmware 2024-11-21 N/A
VNX Control Station in Dell EMC VNX2 OE for File versions prior to 8.1.9.236 contains OS command injection vulnerability. Due to inadequate restriction configured in sudores, a local authenticated malicious user could potentially execute arbitrary OS commands as root by exploiting this vulnerability.
CVE-2019-3702 1 Lifesize 6 Icon 300, Icon 300 Firmware, Icon 500 and 3 more 2024-11-21 N/A
A Remote Code Execution issue in the DNS Query Web UI in Lifesize Icon LS_RM3_3.7.0 (2421) allows remote authenticated attackers to execute arbitrary commands via a crafted DNS Query address field in a JSON API request.
CVE-2019-3701 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2024-11-21 N/A
An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. The privileged user "root" with CAP_NET_ADMIN can create a CAN frame modification rule that makes the data length code a higher value than the available CAN frame data size. In combination with a configured checksum calculation where the result is stored relatively to the end of the data (e.g. cgw_csum_xor_rel) the tail of the skb (e.g. frag_list pointer in skb_shared_info) can be rewritten which finally can cause a system crash. Because of a missing check, the CAN drivers may write arbitrary content beyond the data registers in the CAN controller's I/O memory when processing can-gw manipulated outgoing frames.
CVE-2019-3686 1 Suse 1 Openqa 2024-11-21 6.5 Medium
openQA before commit c172e8883d8f32fced5e02f9b6faaacc913df27b was vulnerable to XSS in the distri and version parameter. This was reported through the bug bounty program of Offensive Security
CVE-2019-3683 2 Hp, Suse 3 Helion Openstack, Keystone-json-assignment, Openstack Cloud 2024-11-21 8.8 High
The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full "member" role access to every project. This allowed these users to access, modify, create and delete arbitrary resources, contrary to expectations.
CVE-2019-3681 2 Opensuse, Suse 5 Factory, Leap, Osc and 2 more 2024-11-21 7.5 High
A External Control of File Name or Path vulnerability in osc of SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Software Development Kit 12-SP5, SUSE Linux Enterprise Software Development Kit 12-SP4; openSUSE Leap 15.1, openSUSE Factory allowed remote attackers that can change downloaded packages to overwrite arbitrary files. This issue affects: SUSE Linux Enterprise Module for Development Tools 15 osc versions prior to 0.169.1-3.20.1. SUSE Linux Enterprise Software Development Kit 12-SP5 osc versions prior to 0.162.1-15.9.1. SUSE Linux Enterprise Software Development Kit 12-SP4 osc versions prior to 0.162.1-15.9.1. openSUSE Leap 15.1 osc versions prior to 0.169.1-lp151.2.15.1. openSUSE Factory osc versions prior to 0.169.0 .
CVE-2019-3670 1 Mcafee 1 Web Advisor 2024-11-21 8 High
Remote Code Execution vulnerability in the web interface in McAfee Web Advisor (WA) 8.0.34745 and earlier allows remote unauthenticated attacker to execute arbitrary code via a cross site scripting attack.
CVE-2019-3646 1 Mcafee 1 Total Protection 2024-11-21 6.9 Medium
DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Free Antivirus Trial 16.0.R18 and earlier allows local users to execute arbitrary code via execution from a compromised folder placed by an attacker with administrator rights.
CVE-2019-3638 1 Mcafee 1 Web Gateway 2024-11-21 8.1 High
Reflected Cross Site Scripting vulnerability in Administrators web console in McAfee Web Gateway (MWG) 7.8.x prior to 7.8.2.13 allows remote attackers to collect sensitive information or execute commands with the MWG administrator's credentials via tricking the administrator to click on a carefully constructed malicious link.
CVE-2019-3631 1 Mcafee 1 Enterprise Security Manager 2024-11-21 7.2 High
Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to execute arbitrary code via specially crafted parameters.
CVE-2019-3630 1 Mcafee 1 Enterprise Security Manager 2024-11-21 7.2 High
Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to execute arbitrary code via specially crafted parameters.