106 matches found
CVE-2020-3974
CVE-2020-3974 affects VMware Fusion 11.x (pre-11.5.5), VMware Remote Console for Mac 11.x (pre-11.2.0), and Horizon Client for Mac 5.x (pre-5.4.3). It is a local privilege-escalation due to improper XPC Client validation, allowing a normal-privilege user to gain root access. Exploitation requires...
Tenable Nessus < 8.6.0 Denial of Service vulnerability (TNS-2019-05)
According to its self-reported version, the Tenable Nessus application running on the remote host is prior or equal to 8.5.2. It is, therefore, affected by a denial of service vulnerability due to a flaw where certain files could be overwritten arbitrarily. An authenticated, remote attacker could...
CVE-2019-3974
Nessus 8.5.2 and earlier on Windows platforms were found to contain an issue where certain system files could be overwritten arbitrarily, potentially creating a denial of service condition...
CVE-2019-3974
Nessus 8.5.2 and earlier on Windows platforms were found to contain an issue where certain system files could be overwritten arbitrarily, potentially creating a denial of service condition...
CVE-2019-3974
CVE-2019-3974 affects Tenable Nessus on Windows (versions 8.5.2 and earlier). The issue allows arbitrary overwriting of certain system files, potentially causing a denial-of-service condition. Root cause: file overwrite flaw in Nessus’ Windows file handling. Affected product/version per sources: ...
Tenable Nessus <= 8.5.2 File Overwrite Vulnerability (TNS-2019-05)
Tenable Nessus on Windows is prone to an arbitrary file overwrite vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Ubuntu 16.04 LTS : VCFtools vulnerabilities (USN-3974-1)
The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3974-1 advisory. It was discovered that VCFtools improperly handled certain input. If a user was tricked into opening a crafted input file, VCFtools could be made to cras...
CVE-2018-3974
GOG Galaxy 1.2.45.61 on Windows is affected by a local privilege escalation due to insecure file permissions in the install directory. An attacker can overwrite GalaxyClientService.exe, which runs as LocalSystem, enabling arbitrary code execution with system privileges at boot. Root cause: overly...
CVE-2017-3974
CVE-2017-3974 is rejected/not used and does not represent an active vulnerability entry.
CVE-2017-3974
...
Debian DSA-3974-1 : tomcat8 - security update
Two issues were discovered in the Tomcat servlet and JSP engine. - CVE-2017-7674 Rick Riemer discovered that the Cross-Origin Resource Sharing filter did not add a Vary header indicating possible different responses, which could lead to cache poisoning. - CVE-2017-7675 stretch only Markus...
Debian: Security Advisory (DSA-3974-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SAP NetWeaver AS JAVA 7.1 < 7.5 - ctcprotocol Servlet XXE
Exploit for java platform in category web applications Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5 Vendor URL: http://SAP.com Bug: XXE Sent: 20.10.2015 Reported: 21.10.2015 Vendor response: 21.10.2015 Date of Public Advisory: 08.03.2016 Reference: SAP...
CVE-2016-3974
XML external entity XXE vulnerability in the Configuration Wizard in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to cause a denial of service, conduct SMB Relay attacks, or access arbitrary files via a crafted XML request to tcmonitoringwebserviceweb/ServerNodesWSService, aka SA...
CVE-2016-3974
CVE-2016-3974 affects SAP NetWeaver AS JAVA 7.1–7.5. An XML External Entity (XXE) vulnerability in the Configuration Wizard/ctcprotocol servlet allows remote attackers to cause a denial of service, perform SMB relay actions, or read arbitrary files via a crafted XML to the ServerNodesWSService en...
CVE-2015-3974
The CVE-2015-3974 entry concerns the EasyIO-30P-SF 32-bit controller that ships with hard-coded credentials. Affected firmware versions are before 0.5.21 and before 2.0.5.21, used across multiple OEM products. Root cause: use of a hard-coded password, enabling remote attackers to gain complete ac...
CVE-2014-3974
AuraCMS 3.0 and earlier is affected by an XSS in filemanager.php (via the viewdir parameter). The vulnerability stems from unsanitized input in viewdir, enabling injection of arbitrary script/HTML. Affected product is AuraCMS; version scope is 3.0 and earlier. Public references indicate the issue...
CVE-2014-3974
creationtimestamp| type| source ---|---|--- 2014-05-28 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/33555...
Mozilla Firefox ESR Multiple Vulnerabilities - August12 (Windows)
This host is installed with Mozilla Firefox ESR and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbmozillafirefoxesrmultvulnaug12win.nasl 6079 2017-05-08 09:03:33Z teissa $ Mozilla Firefox ESR Multiple Vulnerabilities - August12 Windows Authors: Arun Kallavi Copyright:...
Mozilla Firefox ESR Multiple Vulnerabilities (Aug 2012) - Windows
Mozilla Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...