Search Results (83266 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-1591 1 Cisco 2 Nexus 9000, Nx-os 2024-11-21 7.8 High
A vulnerability in a specific CLI command implementation of Cisco Nexus 9000 Series ACI Mode Switch Software could allow an authenticated, local attacker to escape a restricted shell on an affected device. The vulnerability is due to insufficient sanitization of user-supplied input when issuing a specific CLI command with parameters on an affected device. An attacker could exploit this vulnerability by authenticating to the device CLI and issuing certain commands. A successful exploit could allow the attacker to escape the restricted shell and execute arbitrary commands with root-level privileges on the affected device. This vulnerability only affects Cisco Nexus 9000 Series ACI Mode Switches that are running a release prior to 14.0(3d).
CVE-2019-1584 1 Zingbox 1 Inspector 2024-11-21 9.8 Critical
A security vulnerability exists in Zingbox Inspector version 1.293 and earlier, that allows for remote code execution if the Inspector were sent a malicious command from the Zingbox cloud, or if the Zingbox Inspector were tampered with to connect to an attacker's cloud endpoint.
CVE-2019-1583 1 Paloaltonetworks 1 Twistlock 2024-11-21 N/A
Escalation of privilege vulnerability in the Palo Alto Networks Twistlock console 19.07.358 and earlier allows a Twistlock user with Operator capabilities to escalate privileges to that of another user. Active interaction with an affected component is required for the payload to execute on the victim.
CVE-2019-1582 1 Paloaltonetworks 1 Pan-os 2024-11-21 N/A
Memory corruption in PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow an administrative user to cause arbitrary memory corruption by rekeying the current client interactive session.
CVE-2019-1581 1 Paloaltonetworks 1 Pan-os 2024-11-21 9.8 Critical
A remote code execution vulnerability in the PAN-OS SSH device management interface that can lead to unauthenticated remote users with network access to the SSH management interface gaining root access to PAN-OS. This issue affects PAN-OS 7.1 versions prior to 7.1.24-h1, 7.1.25; 8.0 versions prior to 8.0.19-h1, 8.0.20; 8.1 versions prior to 8.1.9-h4, 8.1.10; 9.0 versions prior to 9.0.3-h3, 9.0.4.
CVE-2019-1580 1 Paloaltonetworks 1 Pan-os 2024-11-21 N/A
Memory corruption in PAN-OS 7.1.24 and earlier, PAN-OS 8.0.19 and earlier, PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow a remote, unauthenticated user to craft a message to Secure Shell Daemon (SSHD) and corrupt arbitrary memory.
CVE-2019-1578 1 Paloaltonetworks 1 Minemeld 2024-11-21 N/A
Cross-site scripting vulnerability in Palo Alto Networks MineMeld version 0.9.60 and earlier may allow a remote attacker able to convince an authenticated MineMeld admin to type malicious input in the MineMeld UI could execute arbitrary JavaScript code in the admin’s browser.
CVE-2019-1576 1 Paloaltonetworks 1 Pan-os 2024-11-21 8.8 High
Command injection in PAN-0S 9.0.2 and earlier may allow an authenticated attacker to gain access to a remote shell in PAN-OS, and potentially run with the escalated user’s permissions.
CVE-2019-1574 1 Paloaltonetworks 1 Expedition Migration Tool 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in Palo Alto Networks Expedition Migration tool 1.1.12 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the Devices View.
CVE-2019-1571 1 Paloaltonetworks 1 Expedition 2024-11-21 N/A
The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the RADIUS server settings.
CVE-2019-1570 1 Paloaltonetworks 1 Expedition 2024-11-21 N/A
The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the LDAP server settings.
CVE-2019-1569 1 Paloaltonetworks 1 Expedition 2024-11-21 N/A
The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the User Mapping Settings for account name of admin user.
CVE-2019-1568 1 Paloaltonetworks 1 Demisto 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in Palo Alto Networks Demisto 4.5 build 40249 may allow an unauthenticated attacker to run arbitrary JavaScript or HTML.
CVE-2019-1567 1 Paloaltonetworks 1 Expedition Migration Tool 2024-11-21 N/A
The Expedition Migration tool 1.1.6 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the User Mapping Settings.
CVE-2019-1566 1 Paloaltonetworks 1 Pan-os 2024-11-21 6.1 Medium
The PAN-OS management web interface in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML.
CVE-2019-1565 1 Paloaltonetworks 1 Pan-os 2024-11-21 N/A
The PAN-OS external dynamics lists in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an attacker that is authenticated in Next Generation Firewall with write privileges to External Dynamic List configuration to inject arbitrary JavaScript or HTML.
CVE-2019-1490 1 Microsoft 1 Skype For Business 2024-11-21 5.4 Medium
A spoofing vulnerability exists when a Skype for Business Server does not properly sanitize a specially crafted request, aka 'Skype for Business Server Spoofing Vulnerability'.
CVE-2019-1485 1 Microsoft 9 Internet Explorer, Windows 10, Windows 7 and 6 more 2024-11-21 7.5 High
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'.
CVE-2019-1468 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2024-11-21 8.8 High
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Win32k Graphics Remote Code Execution Vulnerability'.
CVE-2019-1457 1 Microsoft 1 Office 2024-11-21 7.8 High
A security feature bypass vulnerability exists in Microsoft Office software by not enforcing macro settings on an Excel document, aka 'Microsoft Office Excel Security Feature Bypass'.