• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-345

CVE-2019-16000

February 26, 2023 by

A vulnerability in the automatic update process of Cisco Umbrella Roaming Client for Windows could allow an authenticated, local attacker to install arbitrary, unapproved applications on a targeted device. The vulnerability is due to insufficient verification of the Windows Installer. An attacker could exploit this vulnerability by placing a file in a specific location in the Windows file system. A successful exploit could allow the attacker to bypass configured policy and install unapproved applications.

CVE-2019-16007

February 26, 2023 by

A vulnerability in the inter-service communication of Cisco AnyConnect Secure Mobility Client for Android could allow an unauthenticated, local attacker to perform a service hijack attack on an affected device or cause a denial of service (DoS) condition. The vulnerability is due to the use of implicit service invocations. An attacker could exploit this vulnerability by persuading a user to install a malicious application. A successful exploit could allow the attacker to access confidential user information or cause a DoS condition on the AnyConnect application.

CVE-2019-15971

February 26, 2023 by

A vulnerability in the MP3 detection engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured content filters on the device. The vulnerability is due to improper validation of certain MP3 file types. An attacker could exploit this vulnerability by sending a crafted MP3 file through the targeted device. A successful exploit could allow the attacker to bypass configured content filters that would normally drop the email.

CVE-2019-15613

February 26, 2023 by

A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend their behaviour on the file extension when checking file mimetypes.

CVE-2019-15162

February 26, 2023 by

rpcapd/daemon.c in libpcap before 1.9.1 on non-Windows platforms provides details about why authentication failed, which might make it easier for attackers to enumerate valid usernames.

CVE-2019-13483

February 26, 2023 by

Auth0 Passport-SharePoint before 0.4.0 does not validate the JWT signature of an Access Token before processing. This allows attackers to forge tokens and bypass authentication and authorization mechanisms.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 14
  • Go to page 15
  • Go to page 16
  • Go to page 17
  • Go to page 18
  • Interim pages omitted …
  • Go to page 34
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE