CVE-2019-12649 Cisco IOS XE Software Digital Signature Verification Bypass Vulnerability

A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install and boot a malicious software image or execute unsigned binaries on an affected device. The vulnerability exists because, under certain circumstances, an affected...

EulerOS 2.0 SP5 : binutils (EulerOS-SA-2019-1799)

According to the versions of the binutils packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - elflink.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.28, has a 'member access within null pointer'...

CVE-2019-9154

Improper Verification of a Cryptographic Signature in OpenPGP.js =4.1.2 allows an attacker to pass off unsigned data as signed...

CVE-2019-14684

A DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0 in which, if exploited, would allow an attacker to load an arbitrary unsigned DLL into the signed service's process. This process is very similar, yet not identical to CVE-2019-14687...

CVE-2019-14687

A DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0 in which, if exploited, would allow an attacker to load an arbitrary unsigned DLL into the signed service's process. This process is very similar, yet not identical to CVE-2019-14684...

CVE-2019-14687

A DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0 in which, if exploited, would allow an attacker to load an arbitrary unsigned DLL into the signed service's process. This process is very similar, yet not identical to CVE-2019-14684...

Spoofing

A DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0 in which, if exploited, would allow an attacker to load an arbitrary unsigned DLL into the signed service's process. This process is very similar, yet not identical to CVE-2019-14684...

CVE-2019-14687

A DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0 in which, if exploited, would allow an attacker to load an arbitrary unsigned DLL into the signed service's process. This process is very similar, yet not identical to CVE-2019-14684...

CVE-2019-14684

A DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0 in which, if exploited, would allow an attacker to load an arbitrary unsigned DLL into the signed service's process. This process is very similar, yet not identical to CVE-2019-14687...

CVE-2019-6171

A vulnerability was reported in various BIOS versions of older ThinkPad systems that could allow a user with administrative privileges or physical access the ability to update the Embedded Controller with unsigned firmware...

Design/Logic Flaw

A vulnerability was reported in various BIOS versions of older ThinkPad systems that could allow a user with administrative privileges or physical access the ability to update the Embedded Controller with unsigned firmware...

gd: Unsigned integer underflow _gdContributionsAlloc()

Integer underflow in the gdContributionsAlloc function in gdinterpolation.c in the GD Graphics Library aka libgd before 2.2.4 allows remote attackers to have unspecified impact via vectors related to decrementing the u variable...

PT-2019-18002 · Lenovo · Thinkpad

Name of the Vulnerable Software and Affected Versions: ThinkPad systems affected versions not specified Description: A reported issue in certain ThinkPad systems' BIOS could allow a user with administrative privileges or physical access to update the Embedded Controller with unsigned firmware...

OPENSUSE-SU-2019:1911-1 Security update for icedtea-web

This update for icedtea-web to version 1.7.2 fixes the following issues: Security issues fixed: - CVE-2019-10181: Fixed an unsigned code injection in a signed JAR file bsc1142835 - CVE-2019-10182: Fixed a path traversal while processing elements of JNLP files results in arbitrary file overwrite...

Microsoft Live Accounts Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Outlook Web Access OWA regarding a possible unsigned token. An attacker who successfully exploited this vulnerability could have access to another person's email inbox. To exploit this vulnerability, an attacker would first have to replace an...

RHEL 7 : icedtea-web (RHSA-2019:2003)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2003 advisory. The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It...

RHEL 8 : icedtea-web (RHSA-2019:2004)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2004 advisory. The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It...

Oracle Linux 7 : icedtea-web (ELSA-2019-2003)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-2003 advisory. - added patch1, patch4 and patch11 to fix CVE-2019-10182 - added patch2 to fix CVE-2019-10181 - added patch3 and patch33 to fix CVE-2019-10185 Tenable...

Oracle Linux 8 : icedtea-web (ELSA-2019-2004)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-2004 advisory. - added patch1, patch4 and patch11 to fix CVE-2019-10182 - added patch2 to fix CVE-2019-10181 - added patch3 and patch33 to fix CVE-2019-10185 Tenable...

Applocker Evasion - Microsoft Workflow Compiler

This module will assist you in evading Microsoft Windows Applocker and Software Restriction Policies. This technique utilises the Microsoft signed binaries Microsoft.Workflow.Compiler.exe to execute user supplied code. This module requires Metasploit: https://metasploit.com/download Current sourc...