|
219451
|
6.1 |
MEDIUM
Network
|
netis-systems
|
dl4343_firmware
|
On Netis DL4323 devices, XSS exists via the urlFQDN parameter to form2url.cgi (aka the Keyword field of the URL Blocking Configuration).
|
CWE-79
Cross-site Scripting
|
CVE-2019-20070
|
2024-11-21 13:38 |
2019-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219452
|
5.3 |
MEDIUM
Network
|
cisco
|
content_security_management_appliance
asyncos
email_security_appliance
|
A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) could allow an unauthen…
|
CWE-20
Improper Input Validation
|
CVE-2019-1983
|
2024-11-21 13:37 |
2020-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219453
|
8.6 |
HIGH
Network
|
cisco
|
email_security_appliance
asyncos
|
A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause the CPU utilization …
|
CWE-20
Improper Input Validation
|
CVE-2019-1947
|
2024-11-21 13:37 |
2020-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219454
|
7.2 |
HIGH
Network
|
cisco
|
unified_contact_center_express
unified_ip_interactive_voice_response
|
A vulnerability in the Administration Web Interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to upload arbitrary files and execute commands …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-1888
|
2024-11-21 13:37 |
2020-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219455
|
6.6 |
MEDIUM
Physics
|
cisco
|
identity_services_engine
unified_computing_system
|
A vulnerability in the firmware of the Cisco UCS C-Series Rack Servers could allow an authenticated, physical attacker to bypass Unified Extensible Firmware Interface (UEFI) Secure Boot validation ch…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2019-1736
|
2024-11-21 13:37 |
2020-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219456
|
7.8 |
HIGH
Local
|
ricoh
|
streamline_nx_pc_client
streamline_nx_client_tool
|
An issue was discovered in RICOH Streamline NX Client Tool and RICOH Streamline NX PC Client that allows attackers to escalate local privileges.
|
NVD-CWE-noinfo
|
CVE-2019-20001
|
2024-11-21 13:37 |
2020-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219457
|
9.8 |
CRITICAL
Network
|
nec
|
sv8100_firmware
|
On Aspire-derived NEC PBXes, including all versions of SV8100 devices, a set of documented, static login credentials may be used to access the DIM interface.
|
CWE-287
Improper Authentication
|
CVE-2019-20033
|
2024-11-21 13:37 |
2020-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219458
|
6.5 |
MEDIUM
Network
|
nec
|
sv8100_firmware
sv9100_firmware
sl1100_firmware
sl2100_firmware
|
An attacker with access to an InMail voicemail box equipped with the find me/follow me feature on Aspire-derived NEC PBXes, including all versions of SV8100, SV9100, SL1100 and SL2100 devices, may ac…
|
NVD-CWE-noinfo
|
CVE-2019-20032
|
2024-11-21 13:37 |
2020-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219459
|
9.1 |
CRITICAL
Network
|
nec
|
um8000_firmware
um4730_firmware
|
NEC UM8000, UM4730 and prior non-InMail voicemail systems with all known software versions may permit an infinite number of login attempts in the telephone user interface (TUI), effectively allowing …
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2019-20031
|
2024-11-21 13:37 |
2020-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219460
|
7.8 |
HIGH
Local
|
nec
|
um8000_firmware
|
An attacker with knowledge of the modem access number on a NEC UM8000 voicemail system may use SSH tunneling or standard Linux utilities to gain access to the system's LAN port. All versions are affe…
|
NVD-CWE-noinfo
|
CVE-2019-20030
|
2024-11-21 13:37 |
2020-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
