Skip to main content
CVE-2019-3894 HIGH This Week

It was discovered that the ElytronManagedThread in Wildfly's Elytron subsystem in versions from 11 to 16 stores a SecurityIdentity to run the thread as. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Wildfly Jboss Enterprise Application Platform
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2019-1857 HIGH This Week

A vulnerability in the web-based management interface of Cisco HyperFlex HX-Series could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco CSRF Hx220C M5 Firmware Hx240C M5 Firmware Hx240C Large Form Factor Firmware +11
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2019-1807 HIGH This Week

A vulnerability in the session management functionality of the web UI for the Cisco Umbrella Dashboard could allow an authenticated, remote attacker to access the Dashboard via an active, user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Session Fixation Cisco Information Disclosure Umbrella
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2019-1724 HIGH This Week

A vulnerability in the session management functionality of the web-based interface for Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Rv325 Dual Wan Gigabit Vpn Router Firmware Rv320 Dual Gigabit Wan Vpn Router Software
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2019-1713 HIGH This Week

A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco CSRF Adaptive Security Appliance Software
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2019-1714 HIGH This Week

A vulnerability in the implementation of Security Assertion Markup Language (SAML) 2.0 Single Sign-On (SSO) for Clientless SSL VPN (WebVPN) and AnyConnect Remote Access VPN in Cisco Adaptive Security. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Firepower Threat Defense Adaptive Security Appliance Software
NVD
CVSS 3.1
8.6
EPSS
2.0%
CVE-2019-1708 HIGH This Week

A vulnerability in the Internet Key Exchange Version 2 Mobility and Multihoming Protocol (MOBIKE) feature for the Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Cisco Firepower Threat Defense Adaptive Security Appliance Software
NVD
CVSS 3.1
8.6
EPSS
2.0%
CVE-2019-1706 HIGH This Week

A vulnerability in the software cryptography module of the Cisco Adaptive Security Virtual Appliance (ASAv) and Firepower 2100 Series running Cisco Adaptive Security Appliance (ASA) Software could. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software
NVD
CVSS 3.1
8.6
EPSS
1.1%
CVE-2019-1703 HIGH This Week

A vulnerability in the internal packet-processing functionality of Cisco Firepower Threat Defense (FTD) Software for the Cisco Firepower 2100 Series could allow an unauthenticated, remote attacker to. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Firepower Threat Defense
NVD
CVSS 3.1
8.6
EPSS
2.9%
CVE-2019-1694 HIGH This Week

A vulnerability in the TCP processing engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software Firepower Threat Defense
NVD
CVSS 3.1
8.6
EPSS
2.5%
CVE-2019-1590 HIGH This Week

A vulnerability in the Transport Layer Security (TLS) certificate validation functionality of Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Cisco Information Disclosure Nx Os
NVD
CVSS 3.0
8.1
EPSS
1.0%
CVE-2019-1816 HIGH This Week

A vulnerability in the log subscription subsystem of the Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Web Security Appliance
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2019-1709 HIGH This Week

A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to perform a command injection attack. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Firepower Threat Defense Secure Firewall Management Center
NVD
CVSS 3.0
7.8
EPSS
0.7%
CVE-2019-1699 HIGH This Week

A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to perform a command injection attack. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Secure Firewall Management Center
NVD
CVSS 3.0
7.8
EPSS
0.7%
CVE-2019-1682 HIGH This Week

A vulnerability in the FUSE filesystem functionality for Cisco Application Policy Infrastructure Controller (APIC) software could allow an authenticated, local attacker to escalate privileges to root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cisco Application Policy Infrastructure Controller
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-1592 HIGH This Week

A vulnerability in the background operations functionality of Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an authenticated, local attacker to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cisco Nx Os
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-6619 HIGH This Week

On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, the Traffic Management Microkernel (TMM) may restart when a virtual server has an HTTP/2 profile with Application Layer Protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Application Acceleration Manager Big Ip Link Controller +4
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2019-6612 HIGH This Week

On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, DNS query TCP connections that are aborted before receiving a response from a DNS cache may cause TMM to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Application Acceleration Manager Big Ip Link Controller +5
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2019-6611 HIGH This Week

When BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8 are processing certain rare data sequences occurring in PPTP VPN traffic, the BIG-IP system may execute. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Application Acceleration Manager Big Ip Link Controller +9
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2019-1817 HIGH This Week

A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliance could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Web Security Appliance
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2019-1715 HIGH This Week

A vulnerability in the Deterministic Random Bit Generator (DRBG), also known as Pseudorandom Number Generator (PRNG), used in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Adaptive Security Appliance Device Manager Firepower Threat Defense
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2019-1704 HIGH This Week

Multiple vulnerabilities in the Server Message Block (SMB) Protocol preprocessor detection engine for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, adjacent or remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Firepower Threat Defense
NVD
CVSS 3.0
7.5
EPSS
2.2%
CVE-2019-1697 HIGH This Week

A vulnerability in the implementation of the Lightweight Directory Access Protocol (LDAP) feature in Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software Firepower Threat Defense
NVD
CVSS 3.0
7.5
EPSS
2.0%
CVE-2019-1687 HIGH This Week

A vulnerability in the TCP proxy functionality for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software Firepower Threat Defense
NVD
CVSS 3.1
7.5
EPSS
2.9%
CVE-2019-1635 HIGH This Week

A vulnerability in the call-handling functionality of Session Initiation Protocol (SIP) Software for Cisco IP Phone 7800 Series and 8800 Series could allow an unauthenticated, remote attacker to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Ip Conference Phone 7832 Firmware Ip Conference Phone 8832 Firmware Ip Phone 7811 Firmware +13
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2019-1696 HIGH This Week

Multiple vulnerabilities in the Server Message Block (SMB) Protocol preprocessor detection engine for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, adjacent or remote. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Secure Firewall Management Center Firepower Threat Defense
NVD
CVSS 3.0
7.4
EPSS
1.8%
CVE-2019-6616 HIGH This Week

On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, administrative users with TMSH access can overwrite critical system files on BIG-IP which can result in. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Application Acceleration Manager Big Ip Link Controller +9
NVD
CVSS 3.1
7.2
EPSS
1.6%
CVE-2019-1859 HIGH This Week

A vulnerability in the Secure Shell (SSH) authentication process of Cisco Small Business Switches software could allow an attacker to bypass client-side certificate authentication and revert to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSH Authentication Bypass Cisco Sg200 50 Firmware Sg200 50P Firmware +112
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2019-1836 HIGH This Week

A vulnerability in the system shell for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to use symbolic links to. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Cisco Nx Os
NVD
CVSS 3.1
7.1
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy