Page 3 of 15 results (0.016 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

An SQL injection vulnerability exists in the management interface of Zingbox Inspector versions 1.288 and earlier, that allows for unsanitized data provided by an authenticated user to be passed from the web UI into the database. Se presenta una vulnerabilidad de inyección SQL en la interfaz de administración de Zingbox Inspector versiones 1.288 y anteriores, lo que permite que los datos no saneados provistos por un usuario autenticado sean pasados desde la interfaz de usuario web hacia la base de datos. • https://security.paloaltonetworks.com/CVE-2019-15016 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0

A command injection vulnerability exists in the Zingbox Inspector versions 1.286 and earlier, that allows for an authenticated user to execute arbitrary system commands in the CLI. Se presenta una vulnerabilidad de inyección de comandos en el Zingbox Inspector versiones 1.286 y anteriores, que permite a un usuario autenticado ejecutar comandos arbitrarios de sistema en el directorio CLI. • https://security.paloaltonetworks.com/CVE-2019-15014 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

A security vulnerability exists in the Zingbox Inspector versions 1.293 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector that could result in command injection. Se presenta una vulnerabilidad de seguridad en Zingbox Inspector, versiones 1.293 y anteriores, que podría permitir a un atacante suministrar una imagen de actualización de software no válida al Zingbox Inspector que podría resultar en la inyección de comandos. • https://security.paloaltonetworks.com/CVE-2019-15020 • CWE-346: Origin Validation Error •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector. Se presenta una vulnerabilidad de seguridad en Zingbox Inspector, versiones 1.294 y anteriores, que podría permitir a un atacante suministrar una imagen de actualización de software no válida a Zingbox Inspector. • https://security.paloaltonetworks.com/CVE-2019-15019 • CWE-20: Improper Input Validation •

CVSS: 9.3EPSS: 0%CPEs: 12EXPL: 0

Intel PSET Application Install wrapper of Intel Parallel Studio XE, Intel System Studio, Intel VTune Amplifier, Intel Inspector, Intel Advisor, Intel MPI Library, Intel Trace Analyzer and Collector, Intel Integrated Performance Primitives, Cryptography for Intel Integrated Performance Primitives, Intel Math Kernel Library, Intel Data Analytics Acceleration Library, and Intel Threading Building Blocks before 2017 Update 2 allows an attacker to launch a process with escalated privileges. Intel PSET Application Install wrapper de Intel Parallel Studio XE, Intel System Studio, Intel VTune Amplifier, Intel Inspector, Intel Advisor, Intel MPI Library, Intel Trace Analyzer y Collector, Intel Integrated Performance Primitives, Cryptography for Intel Integrated Performance Primitives, Intel Math Kernel Library, Intel Data Analytics Acceleration Library y Intel Threading Building Blocks en versiones anteriores a 2017 Update 2 permite a un atacante iniciar un proceso con privilegios escalados. • http://www.securityfocus.com/bid/96482 https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00070&languageid=en-fr •