CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-1571
https://notcve.org/view.php?id=CVE-2019-1571
The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the RADIUS server settings. La herramienta Expedition Migration, en versiones 1.1.8 y anteriores, podría permitir que un atacante autenticado ejecute JavaScript o HTML arbitrarios en las opciones del servidor RADIUS. • http://www.securityfocus.com/bid/107564 https://securityadvisories.paloaltonetworks.com/Home/Detail/142 https://www.tenable.com/security/research/tra-2019-13 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1572
https://notcve.org/view.php?id=CVE-2019-1572
PAN-OS 9.0.0 may allow an unauthenticated remote user to access php files. **RECHAZADA** NO USAR ESTE NÚMERO DE CANDIDATO. ConsultIDs: CVE-2019-1571. Motivo: Este candidato es una réplica de reserva de CVE-2019-1571. Notas: Todos los usuarios de CVE deben hacer referencia a CVE-2019-1571 en lugar de este candidato. • http://www.securityfocus.com/bid/107720 https://security.paloaltonetworks.com/CVE-2019-1572 •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-1570
https://notcve.org/view.php?id=CVE-2019-1570
The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the LDAP server settings. La herramienta Expedition Migration, en versiones 1.1.8 y anteriores, podría permitir que un atacante autenticado ejecute JavaScript o HTML arbitrarios en las opciones del servidor LDAP. • http://www.securityfocus.com/bid/107564 https://securityadvisories.paloaltonetworks.com/Home/Detail/142 https://www.tenable.com/security/research/tra-2019-13 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-1569
https://notcve.org/view.php?id=CVE-2019-1569
The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the User Mapping Settings for account name of admin user. La herramienta Expedition Migration, en versiones 1.1.8 y anteriores, podría permitir que un atacante autenticado ejecute JavaScript o HTML arbitrarios en las opciones de mapeo de usuarios para el nombre de cuenta del usuario administrador. • http://www.securityfocus.com/bid/107564 https://securityadvisories.paloaltonetworks.com/Home/Detail/142 https://www.tenable.com/security/research/tra-2019-13 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 1%CPEs: 180EXPL: 0CVE-2019-1559 – 0-byte record padding oracle
https://notcve.org/view.php?id=CVE-2019-1559
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html http://www.securityfocus.com/bid/107174 https://access. • CWE-203: Observable Discrepancy CWE-325: Missing Cryptographic Step •