CVE-2019-15975
Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
Source: CVE-2019-15975
CVE-2019-15976
Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
Source: CVE-2019-15976
CVE-2019-15977
Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
Source: CVE-2019-15977
CVE-2019-15978
Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with administrative privileges on the DCNM application to inject arbitrary commands on the underlying operating system (OS). For more information about these vulnerabilities, see the Details section of this advisory. Note: The severity of these vulnerabilities is aggravated by the vulnerabilities described in the Cisco Data Center Network Manager Authentication Bypass Vulnerabilities advisory, published simultaneously with this one.
Source: CVE-2019-15978
CVE-2019-5990
Access analysis CGI An-Analyzer released in 2019 June 24 and earlier allow remote attackers to obtain a login password via HTTP referer.
Source: CVE-2019-5990
CVE-2019-5987
Access analysis CGI An-Analyzer released in 2019 June 24 and earlier allows remote authenticated attackers to execute arbitrary OS commands via the Management Page.
Source: CVE-2019-5987
CVE-2019-5988
Stored cross-site scripting vulnerability in Access analysis CGI An-Analyzer released in 2019 June 24 and earlier allows remote attackers to inject arbitrary web script or HTML via the Management Page.
Source: CVE-2019-5988
CVE-2019-5989
DOM-based cross-site scripting vulnerability in Access analysis CGI An-Analyzer released in 2019 June 24 and earlier allows remote attackers to inject arbitrary web script or HTML via the Analysis Object Page.
Source: CVE-2019-5989
CVE-2019-20354
The web application component of piSignage before 2.6.4 allows a remote attacker (authenticated as a low-privilege user) to download arbitrary files from the Raspberry Pi via api/settings/log?file=../ path traversal. In other words, this issue is in the player API for log download.
Source: CVE-2019-20354
CVE-2019-20352
In Netwide Assembler (NASM) 2.15rc0, a heap-based buffer over-read occurs (via a crafted .asm file) in set_text_free when called from expand_one_smacro in asm/preproc.c.
Source: CVE-2019-20352