13538 matches found
Microsoft Office Word Information Disclosure (CVE-2019-0561)
An information disclosure vulnerability exists in the Word component of Microsoft Office. This vulnerability is due to improper handling of fields. Successful exploitation of this vulnerability would allow remote attackers to gain access to sensitive information...
Dovecot Submission-Login Service NULL Pointer Dereference Denial of Service (CVE-2019-11494)
A denial-of-service vulnerability exists in the Dovecot server. The vulnerability is due to a NULL pointer dereference in the submission-login service when authentication is aborted. Successful exploitation of this vulnerability could cause a partial denial of service of the affected system...
Microsoft VBScript Remote Code Execution (CVE-2019-1390)
A remote code execution vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Win32k Information Disclosure (CVE-2019-1436)
An information disclosure vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability would allow a remote attacker to obtain sensitive information...
Electronic Arts Origin Client URI Handler Remote Code Execution (CVE-2019-12828)
A remote code execution vulnerability exists in the Electronic Arts Origin Client. The vulnerability is due to improper sanitization of user-supplied data which may be passed to the application as an option regarding the DLL loading path. A remote attacker could exploit the vulnerability by...
Schneider Electric IIoT Monitor downloadCSV Directory Traversal (CVE-2018-7835)
A directory traversal vulnerability exists in Schneider Electric IIoT. The vulnerability is due to insufficient validation of a user supplied path prior to using it in file operations...
Foxit Reader and PhantomPDF XFA xdpContent Information Disclosure (CVE-2018-3956)
An information disclosure exists in Foxit Reader and PhantomPDF. This vulnerability is due to improper handling of the xdpContent property of a submit object...
Microsoft Visual Studio Vscontent Information Disclosure (CVE-2019-0537)
An information disclosure vulnerability exists in Microsoft visual studio. Successful exploitation of this vulnerability would allow a remote attacker to obtain sensitive information...
Adobe Acrobat and Reader Out-of-Bounds Write (APSB19-41: CVE-2019-8098)
An out of bounds write vulnerability exists in Adobe Acrobat and Reader. Successful exploitation of this vulnerability could allow a remote attacker to obtain sensitive information...
Microsoft Edge Chakra Scripting Engine Memory Corruption (CVE-2019-1197)
A memory corruption vulnerability exists in Microsoft Edge. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
WordPress WP Live Chat Plugin Arbitrary File Upload (CVE-2019-11185)
An Arbitrary File Upload vulnerability exists in WordPress Live Chat Plugin. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the effected system...
Citrix SD-WAN Center Command Injection (CVE-2019-10883)
A Command Injection vulnerability exists in Citrix SD-WAN Center. This vulnerability is due to insufficient validation of user-supplied data in one of the controllers. Successful exploitation of this vulnerability would allow remote attacker to execute arbitrary OS commands on the remote host...
Microsoft Edge Chakra Scripting Engine Memory Corruption (CVE-2019-0989)
A memory corruption vulnerability exists in Microsoft Edge. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Edge Chakra Scripting Engine Memory Corruption (CVE-2019-0992)
A memory corruption vulnerability exists in Microsoft Edge. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Edge Chakra Scripting Engine Memory Corruption (CVE-2019-1024)
A memory corruption vulnerability exists in Microsoft Edge. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Edge Elevation of Privilege (CVE-2019-0938)
An elevation of privilege vulnerability exists in Microsoft Edge. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Windows Kernel Elevation of Privilege (CVE-2019-0881)
An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Adobe Flash Player Use After Free (APSB19-26: CVE-2019-7837)
A use-after-free vulnerability exists in Adobe Flash Player. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Windows LUAFV Elevation of Privilege (CVE-2019-0730)
An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Browser Scripting Engine Memory Corruption (CVE-2019-0609)
A memory corruption vulnerability exists in Microsoft Browser. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
WordPress Core Local File Inclusion Remote Code Execution (CVE-2019-8942)
A remote code execution vulnerability exists in WordPress Core. Successful exploitation of this vulnerability could allow a remote attacker with at least author privileges to execute arbitrary code on the target server...
Microsoft Windows SMB Remote Code Execution (CVE-2019-0633)
A remote code execution vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Rockwell RSLogix 5000 RNA Denial of Service (CVE-2011-3489)
A denial of service vulnerability exists in Rockwell RSLogix 5000. A remote attacker could exploit this vulnerability by sending a specially crafted request to the target system...
Microsoft Edge Chakra Scripting Engine Memory Corruption (CVE-2019-0568)
A memory corruption vulnerability exists in Microsoft Edge. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
IBM Operational Decision Manager External Entity Injection (CVE-2018-1821)
An XML external entity XXE injection vulnerability exist in IBM Operational Decision. The vulnerability is due to a failure to properly handle external entity references in XML files. A remote attacker could exploit this vulnerability by enticing a target user into opening a crafted XML file with...
Microsoft Internet Explorer Scripting Engine Memory Corruption (CVE-2018-8643)
A memory corruption vulnerability exists in Microsoft Internet Explorer. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Adobe Flash Player Out-of-bounds read (APSB18-39: CVE-2018-15978)
A out of bounds read vulnerability exists in Adobe Flash Player. Successful exploitation of this vulnerability could allow a remote attacker to obtain sensitive information...
Western Digital MyBook Live Remote Code Execution (CVE-2018-18472)
A command injection vulnerability exist in WD MyBook Live and WD MyCloud NAS models. The vulnerability is due to the language change and modifies functionality in the REST API. A remote, unauthenticated attacker can exploit the vulnerability by sending a maliciously crafted packet to the target...
Yi Technology Home Camera cloudAPI SSID Code Execution (CVE-2018-3910)
A remote code execution vulnerability exists in Yi Home Camera. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Google PDFium Out-of-bounds read (CVE-2018-16076)
An out-of-bounds and vulnerability exists in Google PDFium. The vulnerability is due to an error in parsing a malformed JBIG2 image stream in a PDF document. Successful exploitation could result in sensitive data exposure and memory corruption...
Microsoft Edge Scripting Engine Memory Corruption (CVE-2018-8459)
A memory corruption vulnerability exists in Microsoft Edge. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Internet Explorer Scripting Engine Memory Corruption (CVE-2018-8371)
A memory corruption vulnerability exists in Microsoft Internet Explorer. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Adobe Acrobat and Reader Out-of-bounds read (APSB18-21: CVE-2018-5044; CVE-2019-7771; CVE-2019-7780)
A out of bounds read vulnerability exists in Adobe Acrobat and Reader. Successful exploitation of this vulnerability could allow a remote attacker to obtain sensitive information...
Microsoft Windows Remote Code Execution (CVE-2018-8210)
A remote code execution vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Win32k Elevation of Privilege (CVE-2018-8233)
An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Oracle WebLogic Remote Diagnosis Assistant rda_tfa_hrs Command Injection (CVE-2018-2616)
A command injection vulnerability exists in the web console of the Oracle WebLogic Remote Diagnosis Assistant. The vulnerability is due to a failure on the part of the application to properly parse input supplied to the rdatfahrs menu command...
Microsoft Access Remote Code Execution (CVE-2018-0903)
A remote code execution vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Windows Remote Code Execution (CVE-2018-0842)
A remote code execution vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
ZyXEL PK5001Z Modem Authentication Bypass (CVE-2016-10401)
An Unauthorized Access Vulnerability exists in ZyXEL PK5001Z Modem. Successful exploitation of this vulnerability could allow a remote attacker to gain administrator level access on the affected device...
HPE Intelligent Management Center userSelectPagingContent Expression Language Injection (CVE-2017-12521)
An Expression Language injection vulnerability exists in HPE Intelligent Management Center. The vulnerability is due to a lack of validation on a request parameter on requests sent to the server. A remote attacker can exploit this vulnerability by sending a crafted request to the target server...
HPE Intelligent Management Center saveSelectedDevices Expression Language Injection (CVE-2017-12491)
An Expression Language injection vulnerability exists in HPE Intelligent Management Center. The vulnerability is due to insufficient handling of a parameter passed to the saveSelectedDevices method through a GWT RPC request. A remote, authenticated attacker can exploit this vulnerability by sendi...
Adobe Acrobat And Reader Use After Free (APSB17-24: CVE-2017-11224)
A use after free vulnerability exists in Adobe Acrobat And Reader. The vulnerability is due to a freed memory area being reused by another object. This provides a remote attacker with an unintended memory access -- potentially leading to code corruption, control-flow hijack, or information leak...
HPE Intelligent Management Center dbman RestoreZipFile Command Injection (CVE-2017-5821)
A command injection vulnerability exists in the dbman component of HPE Intelligent Management Center. The vulnerability is due to missing validation of user-provided parameters when handling RestoreZipFile commands. A remote, unauthenticated attacker can exploit the vulnerability by sending a...
Microsoft LNK Remote Code Execution (CVE-2017-8464; CVE-2018-0978)
A vulnerability has been found in the way Windows Explorer handles LNK files. An attacker exploiting this vulnerability could achieve Remote Code Execution...
Microsoft Windows Cursor Elevation of Privilege (CVE-2017-8466)
An elevation of privilege vulnerability exists in Microsoft Windows. The vulnerability is caused when Windows fails to properly handle objects in memory. A remote attacker can exploit this vulnerability by enticing a user to run a specially crafted executable file...
Digium Asterisk CDR ast_cdr_setuserfield Buffer Overflow (CVE-2017-16671; CVE-2017-7617)
A buffer overflow exists in the CDR engine of Digium Asterisk. The vulnerability is due to a lack of size checking when setting the user field of a CDR. A remote, authenticated attacker can exploit this vulnerability by sending a crafted message to an affected Asterisk server...
Microsoft Windows Uniscribe Information Disclosure (MS17-011: CVE-2017-0085)
An information disclosure vulnerability exists in Microsoft Windows. The vulnerability is due to the way Windows Uniscribe handles objects in the memory. A remote attacker can exploit this vulnerability by enticing the target user to open a specially crafted ttf file...
Microsoft Outlook Remote Code Execution (CVE-2017-0106)
A remote code execution vulnerability exists in Microsoft Outlook. The vulnerability is due to the way Microsoft Outlook parses specially crafted email messages. A remote attacker can exploit this vulnerability by enticing the target user to open a specially crafted email message...
Microsoft Windows Graphics Component Remote Code Execution (MS17-013: CVE-2017-0014)
A remote code execution vulnerability exists in Windows Graphics Component. The vulnerability is due to the way Windows Graphics Component handles objects in memory. A remote attacker can exploit this vulnerability by enticing the target user to open a specially crafted file...
Adobe Acrobat and Reader Use After Free (APSB17-01: CVE-2017-2956; CVE-2017-2957)
A remote code execution vulnerability has been reported in Adobe Acrobat and Reader. The vulnerability is due to a use-after-free error in Adobe Reader and Acrobat while handling a specially crafted PDF file. A remote attacker can exploit this vulnerability by enticing a target user to open a...