2154 matches found
CVE-2019-9423
Removed by vendor...
Russian APT Map Reveals 22,000 Connections Between 2000 Malware Samples
Though Russia still has an undiversified and stagnant economy, it was one of the early countries in the world to realize the value of remotely conducted cyber intrusions. In recent years, many Russia hacking groups have emerged as one of the most sophisticated nation-state actors in cyberspace,...
Russian APT Map Reveals 22,000 Connections Between 2000 Malware Samples
Though Russia still has an undiversified and stagnant economy, it was one of the early countries in the world to realize the value of remotely conducted cyber intrusions. In recent years, many Russia hacking groups have emerged as one of the most sophisticated nation-state actors in cyberspace,...
Microsoft Windows Win32k CVE-2019-1256 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code in kernel mode with elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version...
Command Execution Vulnerability in the Zeppelin Platform
Apache Zeppelin is a web-based open source framework that makes interactive data analysis feasible.Zeppelin provides data analysis, data visualization and other features. A command execution vulnerability exists in the Zeppelin platform that can be exploited by an attacker to gain server privileg...
The vulnerability of the PAN-OS operating system, related to the operation of data out of the buffer in memory, allows attackers to cause memory corruption.
The vulnerability of the PAN-OS operating system is related to the operation of data out of the buffer in memory. Exploiting this vulnerability can allow a malicious actor to cause memory corruption or service failures when the current client interactive session is re-executed...
EVABS - Extremely Vulnerable Android Labs
An open source Android application that is intentionally vulnerable so as to act as a learning platform for Android application security beginners. The effort is to introduce beginners with very limited or zero knowledge to some of the major and commonly found real-world based Android application...
Design/Logic Flaw
In the endCall function of TelecomManager.java, there is a possible Denial of Service due to a missing permission check. This could lead to local denial of access to Emergency Services with User execution privileges needed. User interaction is not needed for exploitation. Product: Android...
How Do Threats Align With Detection And Solutions?
There are many different threats targeting many different areas of a corporate network. Have you ever wondered how those threats are stopped? What threats impact which areas of a network? What technology detects and blocks those threats? I wanted to build an interactive graphic to answer those...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...
Microsoft Windows Text Services Framework MSCTF - Multiple Vulnerabilities
The msctf subsystem is part of the Text Services Framework, The TSF manages things like input methods, keyboard layouts, text processing and so on. There are two main components, the ctfmon server and the msctf client. The ctfmon service creates an ALPC port in a well known location, to which...
Microsoft Windows Text Services Framework MSCTF - Multiple Vulnerabilities
The msctf subsystem is part of the Text Services Framework, The TSF manages things like input methods, keyboard layouts, text processing and so on. There are two main components, the ctfmon server and the msctf client. The ctfmon service creates an ALPC port in a well known location, to which...
Microsoft Windows CVE-2019-1174 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to gain the elevated privileges on the system. Technologies Affected Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based...
Microsoft Windows Kernel CVE-2019-1159 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code in with elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-base...
Microsoft Windows Win32k CVE-2019-1169 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code in kernel mode with elevated privileges. Technologies Affected Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Syste...
Microsoft Windows CVE-2019-1175 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to gain the elevated privileges on the system. Technologies Affected Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1803 for 32-bit...
Microsoft Windows CVE-2019-1185 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with elevated privileges. Technologies Affected Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based...
RHEL 7 : libssh2 (RHSA-2019:2399)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2399 advisory. The libssh2 packages provide a library that implements the SSH2 protocol. Security Fixes: libssh2: Integer overflow in transport read...
SUSE SLED15 / SLES15 Security Update : polkit (SUSE-SU-2019:2018-1)
This update for polkit fixes the following issues : Security issue fixed : CVE-2019-6133: Fixed improper caching of auth decisions, which could bypass uid checking in the interactive backend bsc1121826. Note that Tenable Network Security has extracted the preceding description block directly from...
NewStart CGSL MAIN 4.05 : openssh-latest Multiple Vulnerabilities (NS-SA-2019-0146)
The remote NewStart CGSL host, running version MAIN 4.05, has openssh-latest packages installed that are affected by multiple vulnerabilities: - scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice...