Recent vulnerabilities and exploits

NA
CVE-2019-0626

A vulnerability in the DHCP server component of Microsoft Windows could allow an authenticated, remote attacker to execute arbitrary code on a targeted system.The vulnerability is due to improper memory operations that are performed by the affected software when handling DHCP pac...

NA
CVE-2018-2025

CVE-2018-2025-0-3- 010 Editor template for ACE archive format & CVE-2018-2025[0-3]...

NA
CVE-2018-5744

ISC BIND is vulnerable to a denial of service, caused by a flaw when process messages with a specific combination of EDNS options. By sending a specially-crafted packet, a remote attacker could exploit this vulnerability to cause a denial of service condition....

NA
CVE-2019-6465

ISC BIND could allow a remote attacker to obtain sensitive information, caused by the failure to properly apply controls for zone transfers to Dynamically Loadable Zones (DLZs) if the zones are writable. An attacker could exploit this vulnerability to request and receive a zone t...

NA
CVE-2018-5745

ISC BIND is vulnerable to a denial of service, caused by an error in the managed-keys feature. By replacing a trust anchor's keys with keys which use an unsupported algorithm, a remote authenticated attacker could exploit this vulnerability to cause an assertion failure....

NA
CVE-2019-1681

A vulnerability in the TFTP service of Cisco Network Convergence System 1000 Series software could allow an unauthenticated, remote attacker to retrieve arbitrary files from the targeted device, possibly resulting in information disclosure. The vulnerability is due to improper va...

NA
CVE-2019-1691

A vulnerability in the detection engine of Cisco Firepower Threat Defense Software could allow an unauthenticated, remote attacker to cause the unexpected restart of the SNORT detection engine, resulting in a denial of service (DoS) condition. The vulnerability is due to the inco...

NA
CVE-2019-1685

A vulnerability in the Security Assertion Markup Language (SAML) single sign-on (SSO) interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. The vuln...

NA
CVE-2019-1684

A vulnerability in the Cisco Discovery Protocol or Link Layer Discovery Protocol (LLDP) implementation for the Cisco IP Phone 7800 and 8800 Series could allow an unauthenticated, adjacent attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial ...

NA
CVE-2019-1664

A vulnerability in the hxterm service of Cisco HyperFlex Software could allow an unauthenticated, local attacker to gain root access to all nodes in the cluster. The vulnerability is due to insufficient authentication controls. An attacker could exploit this vulnerability by conn...

NA
CVE-2019-1665

A vulnerability in the web-based management interface of Cisco HyperFlex software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to...