CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
251 CVE-2019-1658 CSRF 2019-01-24 2019-01-24
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections in the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious, customized link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device via a web browser and with the privileges of the user.
252 CVE-2019-1657 2019-01-24 2019-01-24
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability in Cisco AMP Threat Grid could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to unsafe creation of API keys. An attacker could exploit this vulnerability by using insecure credentials to gain unauthorized access to the affected device. An exploit could allow the attacker to gain unauthorized access to information by using the API key credentials.
253 CVE-2019-1656 2019-01-24 2019-01-24
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to access the shell of the underlying Linux operating system on the affected device. The vulnerability is due to improper input validation in the affected software. An attacker could exploit this vulnerability by sending crafted commands to the affected device. An exploit could allow the attacker to gain shell access with a nonroot user account to the underlying Linux operating system on the affected device and potentially access system configuration files with sensitive information. This vulnerability only affects console connections from CIMC. It does not apply to remote connections, such as telnet or SSH.
254 CVE-2019-1655 Exec Code XSS 2019-01-24 2019-01-24
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability in the web-based management interface of Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
255 CVE-2019-1651 DoS Exec Code Overflow 2019-01-24 2019-01-24
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability in the vContainer of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to cause a denial of service (DoS) condition and execute arbitrary code as the root user. The vulnerability is due to improper bounds checking by the vContainer. An attacker could exploit this vulnerability by sending a malicious file to an affected vContainer instance. A successful exploit could allow the attacker to cause a buffer overflow condition on the affected vContainer, which could result in a DoS condition that the attacker could use to execute arbitrary code as the root user.
256 CVE-2019-1650 2019-01-24 2019-01-24
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the save command in the CLI of the affected software. An attacker could exploit this vulnerability by modifying the save command in the CLI of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the underlying operating system of an affected device and escalate their privileges to the root user.
257 CVE-2019-1648 +Priv 2019-01-24 2019-01-24
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability in the user group configuration of the Cisco SD-WAN Solution could allow an authenticated, local attacker to gain elevated privileges on an affected device. The vulnerability is due to a failure to properly validate certain parameters included within the group configuration. An attacker could exploit this vulnerability by writing a crafted file to the directory where the user group configuration is located in the underlying operating system. A successful exploit could allow the attacker to gain root-level privileges and take full control of the device.
258 CVE-2019-1647 Bypass 2019-01-24 2019-01-24
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, adjacent attacker to bypass authentication and have direct unauthorized access to other vSmart containers. The vulnerability is due to an insecure default configuration of the affected system. An attacker could exploit this vulnerability by directly connecting to the exposed services. An exploit could allow the attacker to retrieve and modify critical system files.
259 CVE-2019-1646 2019-01-24 2019-01-24
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability in the local CLI of the Cisco SD-WAN Solution could allow an authenticated, local attacker to escalate privileges and modify device configuration files. The vulnerability exists because user input is not properly sanitized for certain commands at the CLI. An attacker could exploit this vulnerability by sending crafted commands to the CLI of an affected device. A successful exploit could allow the attacker to establish an interactive session with elevated privileges. The attacker could then use the elevated privileges to further compromise the device or obtain additional configuration data from the device.
260 CVE-2019-1645 2019-01-24 2019-01-24
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability in the Cisco Connected Mobile Experiences (CMX) software could allow an unauthenticated, adjacent attacker to access sensitive data on an affected device. The vulnerability is due to a lack of input and validation checking mechanisms for certain GET requests to API's on an affected device. An attacker could exploit this vulnerability by sending HTTP GET requests to an affected device. An exploit could allow the attacker to use this information to conduct additional reconnaissance attacks.
261 CVE-2019-1644 DoS 2019-01-23 2019-01-23
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability in the UDP protocol implementation for Cisco IoT Field Network Director (IoT-FND) could allow an unauthenticated, remote attacker to exhaust system resources, resulting in a denial of service (DoS) condition. The vulnerability is due to improper resource management for UDP ingress packets. An attacker could exploit this vulnerability by sending a high rate of UDP packets to an affected system within a short period of time. A successful exploit could allow the attacker to exhaust available system resources, resulting in a DoS condition.
262 CVE-2019-1641 Exec Code 2019-01-23 2019-01-23
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or email attachment and persuading the user to open the file with the affected software. Successful exploitation could allow the attacker to execute arbitrary code on the affected system.
263 CVE-2019-1640 Exec Code 2019-01-23 2019-01-23
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or email attachment and persuading the user to open the file with the affected software. Successful exploitation could allow the attacker to execute arbitrary code on the affected system.
264 CVE-2019-1639 Exec Code 2019-01-23 2019-01-23
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or email attachment and persuading the user to open the file with the affected software. Successful exploitation could allow the attacker to execute arbitrary code on the affected system.
265 CVE-2019-1638 Exec Code 2019-01-23 2019-01-23
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or email attachment and persuading the user to open the file with the affected software. Successful exploitation could allow the attacker to execute arbitrary code on the affected system.
266 CVE-2019-1637 Exec Code 2019-01-23 2019-01-23
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or email attachment and persuading the user to open the file with the affected software. Successful exploitation could allow the attacker to execute arbitrary code on the affected system.
267 CVE-2019-1636 Exec Code 2019-01-23 2019-01-23
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability in the Cisco Webex Teams client, formerly Cisco Spark, could allow an attacker to execute arbitrary commands on a targeted system. This vulnerability is due to unsafe search paths used by the application URI that is defined in Windows operating systems. An attacker could exploit this vulnerability by convincing a targeted user to follow a malicious link. Successful exploitation could cause the application to load libraries from the directory targeted by the URI link. The attacker could use this behavior to execute arbitrary commands on the system with the privileges of the targeted user if the attacker can place a crafted library in a directory that is accessible to the vulnerable system.
268 CVE-2019-1258 2019-08-14 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
An elevation of privilege vulnerability exists in Azure Active Directory Authentication Library On-Behalf-Of flow, in the way the library caches tokens, aka 'Azure Active Directory Authentication Library Elevation of Privilege Vulnerability'.
269 CVE-2019-1229 2019-08-14 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
An elevation of privilege vulnerability exists in Dynamics On-Premise v9, aka 'Dynamics On-Premise Elevation of Privilege Vulnerability'.
270 CVE-2019-1228 2019-08-14 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1227.
271 CVE-2019-1227 2019-08-14 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1228.
272 CVE-2019-1226 Exec Code 2019-08-14 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services? Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1181, CVE-2019-1182, CVE-2019-1222.
273 CVE-2019-1225 2019-08-14 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
An information disclosure vulnerability exists when the Windows RDP server improperly discloses the contents of its memory, aka 'Remote Desktop Protocol Server Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1224.
274 CVE-2019-1224 2019-08-14 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
An information disclosure vulnerability exists when the Windows RDP server improperly discloses the contents of its memory, aka 'Remote Desktop Protocol Server Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1225.
275 CVE-2019-1223 DoS 2019-08-14 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability'.
276 CVE-2019-1222 Exec Code 2019-08-14 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services? Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1181, CVE-2019-1182, CVE-2019-1226.
277 CVE-2019-1218 2019-08-14 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
A spoofing vulnerability exists in the way Microsoft Outlook iOS software parses specifically crafted email messages, aka 'Outlook iOS Spoofing Vulnerability'.
278 CVE-2019-1213 Exec Code Mem. Corr. 2019-08-14 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP server, aka 'Windows DHCP Server Remote Code Execution Vulnerability'.
279 CVE-2019-1212 DoS Mem. Corr. 2019-08-14 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
A memory corruption vulnerability exists in the Windows Server DHCP service when processing specially crafted packets, aka 'Windows DHCP Server Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1206.
280 CVE-2019-1211 2019-08-14 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
An elevation of privilege vulnerability exists in Git for Visual Studio when it improperly parses configuration files, aka 'Git for Visual Studio Elevation of Privilege Vulnerability'.
281 CVE-2019-1206 DoS Mem. Corr. 2019-08-14 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server, aka 'Windows DHCP Server Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1212.
282 CVE-2019-1205 Exec Code 2019-08-14 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1201.
283 CVE-2019-1204 2019-08-14 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
An elevation of privilege vulnerability exists when Microsoft Outlook initiates processing of incoming messages without sufficient validation of the formatting of the messages, aka 'Microsoft Outlook Elevation of Privilege Vulnerability'.
284 CVE-2019-1203 XSS 2019-08-14 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.
285 CVE-2019-1202 2019-08-14 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
An information disclosure vulnerability exists in the way Microsoft SharePoint handles session objects, aka 'Microsoft SharePoint Information Disclosure Vulnerability'.
286 CVE-2019-1201 Exec Code 2019-08-14 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1205.
287 CVE-2019-1200 Exec Code 2019-08-14 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka 'Microsoft Outlook Remote Code Execution Vulnerability'.
288 CVE-2019-1199 Exec Code Mem. Corr. 2019-08-14 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
A remote code execution vulnerability exists in Microsoft Outlook when the software fails to properly handle objects in memory, aka 'Microsoft Outlook Memory Corruption Vulnerability'.
289 CVE-2019-1198 2019-08-14 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
An elevation of privilege exists in SyncController.dll, aka 'Microsoft Windows Elevation of Privilege Vulnerability'.
290 CVE-2019-1197 Exec Code Mem. Corr. 2019-08-14 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1131, CVE-2019-1139, CVE-2019-1140, CVE-2019-1141, CVE-2019-1195, CVE-2019-1196.
291 CVE-2019-1196 Exec Code Mem. Corr. 2019-08-14 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1131, CVE-2019-1139, CVE-2019-1140, CVE-2019-1141, CVE-2019-1195, CVE-2019-1197.
292 CVE-2019-1195 Exec Code Mem. Corr. 2019-08-14 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1131, CVE-2019-1139, CVE-2019-1140, CVE-2019-1141, CVE-2019-1196, CVE-2019-1197.
293 CVE-2019-1194 Exec Code Mem. Corr. 2019-08-14 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1133.
294 CVE-2019-1193 Exec Code Mem. Corr. 2019-08-14 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption Vulnerability'.
295 CVE-2019-1192 Bypass 2019-08-14 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
A security feature bypass vulnerability exists when Microsoft browsers improperly handle requests of different origins, aka 'Microsoft Browsers Security Feature Bypass Vulnerability'.
296 CVE-2019-1190 Exec Code 2019-08-14 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
An elevation of privilege vulnerability exists in the way that the Windows kernel image handles objects in memory.An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.The security update addresses the vulnerability by ensuring the Windows kernel image properly handles objects in memory., aka 'Windows Image Elevation of Privilege Vulnerability'.
297 CVE-2019-1188 Exec Code 2019-08-14 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remote Code Execution Vulnerability'.
298 CVE-2019-1187 DoS 2019-08-14 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
A denial of service vulnerability exists when the XmlLite runtime (XmlLite.dll) improperly parses XML input, aka 'XmlLite Runtime Denial of Service Vulnerability'.
299 CVE-2019-1186 2019-08-14 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
An elevation of privilege vulnerability exists in the way that the wcmsvc.dll handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1173, CVE-2019-1174, CVE-2019-1175, CVE-2019-1177, CVE-2019-1178, CVE-2019-1179, CVE-2019-1180, CVE-2019-1184.
300 CVE-2019-1185 2019-08-14 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
An elevation of privilege vulnerability exists due to a stack corruption in Windows Subsystem for Linux, aka 'Windows Subsystem for Linux Elevation of Privilege Vulnerability'.
Total number of vulnerabilities : 1161   Page : 1 2 3 4 5 6 (This Page)7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.