CVE-2019-11988

A Remote Unauthorized Access vulnerability was identified in HPE Smart Update Manager (SUM) earlier than version 8.3.5.

Source: CVE-2019-11988

CVE-2019-12276

A Path Traversal vulnerability in Controllers/LetsEncryptController.cs in LetsEncryptController in GrandNode 4.40 allows remote, unauthenticated attackers to retrieve arbitrary files on the web server via specially crafted LetsEncrypt/Index?fileName= HTTP requests. A patch for this issue was made on 2019-05-30 in GrandNode 4.40.

Source: CVE-2019-12276

CVE-2019-9187

ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190226 allows SSRF via the aggregate plugin. The impact also includes reading local files via file: URIs.

Source: CVE-2019-9187

CVE-2019-9189

On Prima Systems FlexAir devices through 2.4.9api3, an authenticated user can upload Python (.py) scripts and execute arbitrary code with root privileges.

Source: CVE-2019-9189

CVE-2019-12196

A SQL injection vulnerability in /client/api/json/v2/nfareports/compareReport in Zoho ManageEngine NetFlow Analyzer 12.3 allows attackers to execute arbitrary SQL commands via the DeviceID parameter.

Source: CVE-2019-12196

CVE-2019-5394

The HPE Nonstop Maintenance Entity family of products are vulnerable to local disclosure of information, such as system layout and configuration.

Source: CVE-2019-5394

CVE-2019-11226

CMS Made Simple 2.2.10 has XSS via the m1_name parameter in "Add Article" under Content -> Content Manager -> News.

Source: CVE-2019-11226

CVE-2019-11987

A security vulnerability in HPE Smart Update Manager (SUM) prior to v8.4 could allow local unauthorized elevation of privilege.

Source: CVE-2019-11987

CVE-2019-1868

A vulnerability in the web-based management interface of Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to access sensitive system information. The vulnerability is due to improper access control to files within the web-based management interface. An attacker could exploit this vulnerability by sending a malicious request to an affected device. A successful exploit could allow the attacker to access sensitive system information.

Source: CVE-2019-1868

CVE-2019-1861

A vulnerability in the software update feature of Cisco Industrial Network Director could allow an authenticated, remote attacker to execute arbitrary code. The vulnerability is due to improper validation of files uploaded to the affected application. An attacker could exploit this vulnerability by authenticating to the affected system using administrator privileges and uploading an arbitrary file. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges.

Source: CVE-2019-1861