RSA Archer versions, prior to 6.5 SP1, contain an information exposure vulnerability. Users’ session information is logged in plain text in the RSA Archer log files. An authenticated malicious local …
CVE-2019-3711 (authentication_manager)
RSA Authentication Manager versions prior to 8.4 P1 contain an Insecure Credential Management Vulnerability. A malicious Operations Console administrator may be able to obtain the value of a domain password …
CVE-2019-9750 (iotivity)
In IoTivity through 1.3.1, the CoAP server interface can be used for Distributed Denial of Service attacks using source IP address spoofing and UDP-based traffic amplification. The reflected traffic is …
CVE-2019-9748 (tinysvcmdns)
In tinysvcmdns through 2018-01-16, an mDNS server processing a crafted packet can perform arbitrary data read operations up to 16383 bytes from the start of the buffer. This can lead …
CVE-2019-9747 (tinysvcmdns)
In tinysvcmdns through 2018-01-16, a maliciously crafted mDNS (Multicast DNS) packet triggers an infinite loop while parsing an mDNS query. When mDNS compressed labels point to each other, the function …
CVE-2019-9749 (fluent_bit)
An issue was discovered in the MQTT input plugin in Fluent Bit through 1.0.4. When this plugin acts as an MQTT broker (server), it mishandles incoming network messages. After processing …
CVE-2015-2254 (oceanstor_uds_firmware)
Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to capture and change patch loading information resulting in the deletion of directory files and compromise of system …
CVE-2019-0274 (mobile_platform_sdk)
SAP Mobile Platform SDK allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service (i.e. denial of service). Fixed in versions 3.1 …
CVE-2019-0270 (advanced_business_application_programming_platform_kernel, advanced_business_application_programming_platform_krnl32nuc, advanced_business_application_programming_platform_krnl32uc, advanced_business_application_programming_platform_krnl64nuc, advanced_business_application_programming_platform_krnl64uc)
ABAP Server of SAP NetWeaver and ABAP Platform fail to perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has been corrected in the following …
CVE-2019-0271 (advanced_business_application_programming_platform, advanced_business_application_programming_server, sap_kernel)
ABAP Server (used in NetWeaver and Suite/ERP) and ABAP Platform does not sufficiently validate an XML document accepted from an untrusted source, leading to an XML External Entity (XEE) vulnerability. …