Lucene search
K

162 matches found

CVE
CVE
added 2019/05/16 6:17 p.m.95 views

CVE-2019-0947

Summary: CVE-2019-0947 is a remote code execution vulnerability in the Microsoft Office Access Connectivity Engine caused by improper handling of objects in memory. The available documents identify the affected component as the Office Access Connectivity Engine, but do not disclose affected versi...

9.3CVSS7.9AI score0.13695EPSS
Exploits0References1Affected Software1
OpenVAS
OpenVAS
added 2019/05/15 12:0 a.m.57 views

Microsoft Office 2013 Service Pack 1 Multiple Vulnerabilities (KB4464561)

This host is missing an important security update according to Microsoft KB4464561 Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...

9.3CVSS7.6AI score0.13695EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2019/05/15 12:0 a.m.75 views

Microsoft Office 2010 Service Pack 2 Multiple Vulnerabilities (KB4464567)

This host is missing an important security update according to Microsoft KB4464567 Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...

9.3CVSS7.6AI score0.13695EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2019/05/15 12:0 a.m.64 views

Microsoft Office 2016 Multiple Vulnerabilities (KB4464551)

This host is missing an important security update according to Microsoft KB4464551 Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...

9.3CVSS7.6AI score0.13695EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2019/05/14 7:0 a.m.28 views

Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by entici...

9.3CVSS4.3AI score0.13695EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/05/14 7:0 a.m.24 views

Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by entici...

9.3CVSS4.3AI score0.13695EPSS
Exploits0
Kaspersky
Kaspersky
added 2019/05/14 12:0 a.m.50 views

KLA11484 Multiple vulnerabilities in Microsoft Office

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to gain privileges, spoof user interface, obtain sensitive information, execute arbitrary code. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in...

9.3CVSS9AI score0.13695EPSS
Exploits0References24
NVD
NVD
added 2019/04/25 4:29 p.m.15 views

CVE-2018-20053

An issue was discovered on Cerner Connectivity Engine CCE 4 devices. The hostname, timezone, and NTP server configurations on the CCE device are vulnerable to command injection by sending a crafted configuration file over the network...

9.8CVSS9.7AI score0.02203EPSS
Exploits0References1
OSV
OSV
added 2019/04/25 4:29 p.m.5 views

CVE-2018-20052

An issue was discovered on Cerner Connectivity Engine CCE 4 devices. The user running the main CCE firmware has NOPASSWD sudo privileges to several utilities that could be used to escalate privileges to root. One example is the "sudo ln -s /tmp/script /etc/cron.hourly/script" command...

7.8CVSS5.8AI score0.00378EPSS
Exploits0References1
Prion
Prion
added 2019/04/25 4:29 p.m.12 views

Command injection

An issue was discovered on Cerner Connectivity Engine CCE 4 devices. The hostname, timezone, and NTP server configurations on the CCE device are vulnerable to command injection by sending a crafted configuration file over the network...

7.5CVSS9.6AI score0.02203EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2019/04/25 4:29 p.m.18 views

CVE-2018-20052

An issue was discovered on Cerner Connectivity Engine CCE 4 devices. The user running the main CCE firmware has NOPASSWD sudo privileges to several utilities that could be used to escalate privileges to root. One example is the "sudo ln -s /tmp/script /etc/cron.hourly/script" command...

7.8CVSS7.7AI score0.00378EPSS
Exploits0References1
OSV
OSV
added 2019/04/25 4:29 p.m.4 views

CVE-2018-20053

An issue was discovered on Cerner Connectivity Engine CCE 4 devices. The hostname, timezone, and NTP server configurations on the CCE device are vulnerable to command injection by sending a crafted configuration file over the network...

9.8CVSS5.8AI score0.02203EPSS
Exploits0References1
Prion
Prion
added 2019/04/25 4:29 p.m.11 views

Command injection

An issue was discovered on Cerner Connectivity Engine CCE 4 devices. The user running the main CCE firmware has NOPASSWD sudo privileges to several utilities that could be used to escalate privileges to root. One example is the "sudo ln -s /tmp/script /etc/cron.hourly/script" command...

7.2CVSS7.7AI score0.00378EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2019/04/25 3:43 p.m.39 views

CVE-2018-20053

CVE-2018-20053 affects Cerner Connectivity Engine (CCE) 4 devices. The hostname, timezone, and NTP server configurations on the CCE are vulnerable to command injection when a crafted configuration file is sent over the network. The available documents do not specify affected versions beyond “CCE ...

9.8CVSS9.5AI score0.02203EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/04/25 3:43 p.m.20 views

CVE-2018-20053

An issue was discovered on Cerner Connectivity Engine CCE 4 devices. The hostname, timezone, and NTP server configurations on the CCE device are vulnerable to command injection by sending a crafted configuration file over the network...

9.7AI score0.02203EPSS
Exploits0References1
CVE
CVE
added 2019/04/25 3:40 p.m.41 views

CVE-2018-20052

The CVE-2018-20052 entry concerns Cerner Connectivity Engine (CCE) 4 devices where the user running the main CCE firmware has NOPASSWD sudo privileges to several utilities, enabling potential root privilege escalation. A concrete example is the command: sudo ln -s /tmp/script /etc/cron.hourly/scr...

7.8CVSS7.7AI score0.00378EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/04/25 3:40 p.m.25 views

CVE-2018-20052

An issue was discovered on Cerner Connectivity Engine CCE 4 devices. The user running the main CCE firmware has NOPASSWD sudo privileges to several utilities that could be used to escalate privileges to root. One example is the "sudo ln -s /tmp/script /etc/cron.hourly/script" command...

7.8AI score0.00378EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2019/04/17 12:0 a.m.5 views

The vulnerability of the Microsoft Office Access Connectivity Engine component of the Microsoft Office software suite allows a perpetrator to execute arbitrary code.

The vulnerability of the Microsoft Office Access Connectivity Engine component of the Microsoft Office software suite is related to object processing errors in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially created file...

7.8CVSS7.6AI score0.10551EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2019/04/17 12:0 a.m.7 views

The vulnerability of the Microsoft Office Access Connectivity Engine component of the Microsoft Office software suite allows a perpetrator to execute arbitrary code.

The vulnerability of the Microsoft Office Access Connectivity Engine component of the Microsoft Office software suite is related to errors in object processing in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially created file...

7.8CVSS7.6AI score0.10551EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2019/04/17 12:0 a.m.6 views

The vulnerability of the Microsoft Office Access Connectivity Engine component of the Microsoft Office software suite allows a perpetrator to execute arbitrary code.

The vulnerability of the Microsoft Office Access Connectivity Engine component of the Microsoft Office software suite is related to errors in object handling in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially created file...

7.8CVSS7.6AI score0.10551EPSS
Exploits0References2
Rows per page
Query Builder