Advisory ID: BGD-2019-0013 Version: 1.00 Probability: medium CVE ID: CVE-2019-1745 Damage: medium Publication date: 2019-04-16 Description: A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with elevated privileges. The vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and...
Read More
Advisory ID: BGD-2019-0012 Version: 1.00 Probability: medium CVE ID: CVE-2019-1828 Damage: medium Publication date: 2019-04-16 Description: A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to access administrative credentials. The vulnerability exists because affected devices use weak encryption algorithms for user credentials. An attacker could exploit this vulnerability by...
Read More
Advisory ID: BGD-2019-0011 Version: 1.00 Probability: high CVE ID: CVE-2019-1598 Damage: medium Publication date: 2019-04-01 Description: Multiple vulnerabilities in the implementation of the Lightweight Directory Access Protocol (LDAP) feature in Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to the improper...
Read More
Advisory ID: BGD-2019-0009 Version: 1.04 Probability: medium CVE ID: CVE-2019-1601(nx-os) Damage: medium Publication date: 2019-03-20 Description: A vulnerability in the filesystem permissions of Cisco NX-OS Software could allow an authenticated, local attacker to gain read and write access to a critical configuration file. The vulnerability is due to a failure to impose strict filesystem permissions on the targeted device. An attacker could exploit this vulnerability...
Read More
Advisory ID: BGD-2019-0007 Version: 1.00 Probability: high CVE ID: CVE-2019-1663 Damage: high Publication date: 2019-03-12 Description: A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. Impact: A remote attacker could exploit this vulnerability to...
Read More
Advisory ID: BGD-2019-0006 Version: 1.00 Probability: high CVE ID: CVE-2019-1663 Damage: high Publication date: 2019-03-11 Description: A vulnerability in the web-based management interface of the PRODUCT could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to CAUSE. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Product(s) affected: Vulnerable: Cisco...
Read More
Advisory ID: BGD-2019-0002 Version: 1.01 Probability: medium Damage: high Publication date: 2019-03-11 Description: Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact: A remote attacker could entice a user to view a specially crafted web page possibly resulting in the execution of arbitrary code with the privileges of the process or cause a Denial of Service...
Read More
Advisory ID: BGD-2019-0004 Version: 1.00 Probability: high CVE ID: CVE-2019-1663 Damage: high Publication date: 2019-03-11 Description: A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied...
Read More
Advisory ID: BGD-2019-0003 Version: 1.00 Probability: medium CVE ID: CVE-2018-20799 Damage: low Publication date: 2019-03-11 Description: In pfSense 2.4.4_1, blocking of source IP addresses on the basis of failed HTTPS authentication is inconsistent with blocking of source IP addresses on the basis of failed SSH authentication (the behavior does not match the sshguard documentation), which might make it easier for attackers to bypass intended access...
Read More
Advisory ID: Taranis-2019-0001 Version: 1.10 Probability: medium CVE ID: CVE-2019-0595 Damage: medium Publication date: 2019-03-11 Description: CVE-2019-0595 (windows_10, windows_7, windows_8.1, windows_rt_8.1, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019) A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka Jet Database Engine Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2019-0596, CVE-2019-0597, CVE-2019-0598, CVE-2019-0599, CVE-2019-0625. Product(s) affected: huawei NIP1000...
Read More
