6867 matches found
Microsoft SharePoint CVE-2019-1202 Information Disclosure Vulnerability
Description Microsoft SharePoint is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Foundation 2010 SP2...
XStream API CVE-2019-10173 Deserialization Remote Code Execution Vulnerability
Description XStream API is prone to a remote code-execution vulnerability. Successfully exploiting this issue may allow an attacker to execute arbitrary commands in the context of the affected application. Xstream API versions 1.4.10 is vulnerable. Technologies Affected IBM QRadar 7.3.0 IBM QRada...
Apache Tomcat CVE-2019-10072 Incomplete Fix Denial of Service Vulnerability
Description Apache Tomcat is prone to a denial-of-service vulnerability. Attackers may leverage this issue to cause denial-of-service conditions. The following products are affected: Apache Tomcat 9.0.0.M1 through 9.0.19 Apache Tomcat 8.5.0 through 8.5.40 Technologies Affected Apache Tomcat 8.5.0...
Microsoft Windows RPC CVE-2017-8461 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to execute arbitrary code on the target system. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft Windows Server 2003 Microsoft Windows...
Microsoft Windows Kernel 'Win32k.sys' CVE-2014-4113 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code with elevated privileges and gain access to kernel memory. Technologies Affected Microsoft Exchange Server 2003 SP2 Microsoft Windows 7 for 32-bi...
Microsoft Internet Information Services ASP Remote Code Execution Vulnerability
Description Microsoft Internet Information Services IIS is prone to a remote code-execution vulnerability that can be exploited through malicious input to vulnerable ASP pages. A successful exploit of this vulnerability could let remote attackers execute arbitrary code in the context of the Worke...
Microsoft IIS ASP Remote Code Execution Vulnerability
Description Microsoft Internet Information Server IIS is prone to a remote code-execution vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. To exploit this issue, attackers must be able to place and execute...
Oracle Database Server CVE-2019-2956 Remote Security Vulnerability
Description Oracle Database Server is prone to a remote security vulnerability. The vulnerability can be exploited over the multiple protocols. For an exploit to succeed, the attacker must have 'Create Session' privilege. This vulnerability affects the following supported versions: 12.1.0.2,...
Microsoft Windows Error Reporting Manager CVE-2019-1315 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to gain the elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft...
Microsoft Dynamics On-Premise CVE-2019-1008 Security Bypass Vulnerability
Description Microsoft Dynamics is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. Technologies Affected Microsoft Dynamics 365 on-premises 8.2 Microsoft Dynamics 365 on-premises 9 Microsoft...
Linux Kernel CVE-2017-17558 Local Denial of Service Vulnerability
Description Linux Kernel is prone to a local denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. Due to the nature of this issue, privilege-escalation may be possible but this has not been confirmed. Linux kernel versions 4.14.5 and prior ar...
Microsoft ASP.NET Core CVE-2017-11770 Denial of Service Vulnerability
Description Microsoft ASP.NET Core is prone to a remote denial of service vulnerability. An attacker can exploit this issue to cause a denial of service condition. ASP.NET Core 1.0, 1.1 and 2.0 are vulnerable. Technologies Affected Microsoft ASP.NET Core 1.0 Microsoft ASP.NET Core 1.1 Microsoft...
Microsoft Windows CVE-2017-0165 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to gain elevated privileges. Technologies Affected Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 version 1511 for...
Microsoft Office CVE-2015-6172 Remote Code Execution Vulnerability
Description Microsoft Office is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions. Technologies Affected Microsoft...
Microsoft .NET Framework CVE-2014-0257 Remote Privilege Escalation Vulnerability
Description Microsoft .NET Framework is prone to a remote privilege-escalation vulnerability. An attacker can exploit this issue to elevate privileges, which may lead to a complete compromise of the affected system. Technologies Affected Avaya Aura Conferencing 6.0 SP1 Standard Avaya Aura...
Fortinet FortiOS CVE-2019-6693 Hardcoded Cryptographic Key Vulnerability
Description Fortinet FortiOS is prone to a hardcoded cryptographic key vulnerability. Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks. Versions prior to Fortinet FortiOS 5.6.11, 6.0.7 and 6.2.1 are vulnerable. Technologies Affected Fortinet...
Apache Thrift CVE-2019-0210 Remote Security Vulnerability
Description Apache Thrift is prone to a remote security vulnerability. An attacker can leverage this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. Apache Thrift versions 0.9.3 through 0.12.0 are vulnerable. Technologies Affected Apache...
Microsoft Internet Explorer and Edge CVE-2019-0608 Spoofing Vulnerability
Description Microsoft Internet Explorer and Edge are prone to a security vulnerability that may allow attackers to conduct spoofing attacks. An attacker can exploit this issue to conduct spoofing attacks and perform unauthorized actions; other attacks are also possible. Technologies Affected...
Microsoft Office SharePoint CVE-2019-1032 Cross Site Scripting Vulnerability
Description Microsoft Office SharePoint is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This...
Google Chrome Prior to 68.0.3440.75 Multiple Security Vulnerabilities
Description Google Chrome is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of the browser, obtain sensitive information, bypass security restrictions and perform unauthorized actions, or cause denial-of-service conditions...
Microsoft Outlook CVE-2017-0106 Remote Code Execution Vulnerability
Description Microsoft Outlook is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of an affected system. Failed exploit attempts may result in a denial of service condition; this can result in the attacker gaining complete...
Microsoft Windows CVE-2016-0101 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. Successful exploits allow attackers to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will result in a denial of service condition. Technologies Affected Microsoft Window...
SA117 : OpenSSL Vulnerabilities 1-Mar-2016
SUMMARY Blue Coat products using affected versions of OpenSSL are susceptible to multiple vulnerabilities. A remote attacker can exploit these vulnerabilities to decrypt live and recorded SSL sessions, cause denial of service through application crashes, and possibly execute arbitrary code. A...
SA104 : OpenSSH Vulnerabilities
SUMMARY Blue Coat products using affected versions of OpenSSH are susceptible to multiple vulnerabilities. An attacker, with access to the management interface, may exploit these vulnerabilities to conduct brute-force password guessing attacks, bypass access restrictions, log in as a different...
curl CVE-2019-5443 Local Code Injection Vulnerability
Description curl is prone to a vulnerability that lets attackers inject and execute arbitrary code. Successfully exploiting this issue may allow attackers to inject and execute arbitrary code. This may lead to other attacks. curl for windows versions prior to 7.65.12 are vulnerable. Technologies...
Microsoft Windows Hyper-V CVE-2019-0709 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of an affected system. Technologies Affected Microsoft Hyper-V Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10...
SA148: Linux Kernel Vulnerabilities Feb-Apr 2017
SUMMARY Symantec Network Protection products that include a vulnerable version of the Linux kernel are susceptible to multiple vulnerabilities. A remote attacker, with access to the management interface, can exploit these vulnerabilities to execute arbitrary code. The attacker can also cause deni...
Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
Description Apache Log4j is prone to remote code-execution vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions. Apache Log4j 2.0-alpha1 through 2.8.1 ar...
Microsoft Office CVE-2015-2470 Integer Underflow Remote Code Execution Vulnerability
Description Microsoft Office is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions. Technologies Affected Microsoft...
Symantec Norton Password Manager CVE-2019-18381 Cross-Origin Security Bypass Vulnerability
Description Symantec Norton Password Manager is prone to a security bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. Versions prior to Symantec Norton Password Manager...
Microsoft Windows CVE-2019-1341 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to gain the elevated privileges on the affected system. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-bas...
WebKit Multiple Cross Site Scripting and Memory Corruption Vulnerabilities
Description WebKit is prone to multiple cross-site scripting and memory-corruption vulnerabilities. Attackers can exploit these issues to execute arbitrary code on the affected system. Failed exploit attempts may result in a denial-of-service condition. Technologies Affected Apple iCloud 6.0 Appl...
Microsoft Windows Search CVE-2017-11771 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to execute arbitrary code on the target system. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit...
Oracle January 2020 Critical Patch Update Multiple Vulnerabilities
Description Oracle has released advance notification regarding the January 2020 Critical Patch Update CPU to be released on January 14, 2020. The update addresses 333 vulnerabilities affecting the following software: Oracle Database Server, versions 12.2.0.1, 18c, 19c Oracle Communications Design...
Microsoft Windows Remote Desktop Protocol CVE-2019-1489 Information Disclosure Vulnerability
Description Microsoft Windows Remote Desktop Protocol is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Windows XP SP3 Recommendations Block external acce...
Microsoft Windows CVE-2019-1342 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to gain the elevated privileges on the affected system. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-bas...
FreeIPA CVE-2019-14867 Denial of Service Vulnerability
Description FreeIPA is prone to a denial-of-service vulnerability. Attackers can exploit this issue to execute arbitrary code or crash the affected application, denying service to legitimate users. FreeIPA versions 4.6 prior to 4.6.7, versions 4.7 prior to 4.7.4 and versions 4.8 prior to 4.8.3 ar...
Microsoft Windows Certificate Dialog CVE-2019-1388 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Window...
Microsoft Azure App Service CVE-2019-1372 Remote Code Execution Vulnerability
Description Microsoft Azure App Service is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed attacks will cause denial-of-service conditions. Technologies Affected Microsoft Azure App Servi...
Microsoft Excel CVE-2019-1111 Remote Code Execution Vulnerability
Description Microsoft Excel is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions. Technologies Affected Microsoft...
Microsoft Jet Database Engine CVE-2017-8717 Buffer Overflow Vulnerability
Description Microsoft Jet Database Engine is prone to a buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. An attacker can exploit this issue to execute arbitrary code in the context of an affect...
Microsoft Windows Hyper-V CVE-2017-0051 Remote Denial of Service Vulnerability
Description Microsoft Windows is prone to a remote denial of service vulnerability. An attacker can exploit this issue to crash the host machine, resulting in a denial of service condition. Technologies Affected Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows Server 2016...
Microsoft Windows TCP/IP CVE-2014-4076 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code with elevated privileges. Technologies Affected Microsoft Windows Server 2003 SP2 Microsoft Windows Server 2003 x64 Edition Service Pack 2...
Symantec Endpoint Protection Security Update
Summary Symantec, A Division of Broadcom has released updates to address issues that were discovered in the Symantec Endpoint Protection SEP and Symantec Endpoint Protection Manager SEPM products. Affected Products Symantec Endpoint Protection Manager SEPM --- CVE | Affected Versions | Remediatio...
Symantec Messaging Gateway CVE-2019-18377 Privilege Escalation Vulnerability
Description Symantec Messaging Gateway is prone to a privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges on an affected system. Symantec Messaging Gateway versions prior to 10.7.3 are vulnerable. Technologies Affected Symantec Messaging Gateway 10.0...
Ruby Multiple Security Vulnerabilities
Description Ruby is prone to the following security vulnerabilities: 1. An authorization-bypass vulnerability 2. A denial-of-service vulnerability 3. An HTTP response-splitting vulnerability 4. A command-injection vulnerability An attacker can exploit these issues to bypass certain security...
Microsoft Windows Remote Desktop Protocol Server CVE-2019-1225 Information Disclosure Vulnerability
Description Microsoft Windows is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 18...
Microsoft Windows Remote Desktop Protocol Server CVE-2019-1224 Information Disclosure Vulnerability
Description Microsoft Windows is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 18...
Microsoft SharePoint Server CVE-2019-0668 Remote Privilege Escalation Vulnerability
Description Microsoft SharePoint Server is prone to a remote privilege-escalation vulnerability. An attacker may exploit this issue to gain elevated privileges. Successful exploits may aid in further attacks. Technologies Affected Microsoft SharePoint Enterprise Server 2013 Service Pack 1 Microso...
Microsoft Auto Updater for Mac CVE-2016-7300 Local Privilege Escalation Vulnerability
Description Microsoft Auto Updater for Mac is prone to a local privilege-escalation vulnerability. A local attacker can leverage this issue to execute arbitrary code with elevated privileges. Technologies Affected Microsoft Auto Updater for Mac Recommendations Permit local access for trusted...