6867 matches found
SA111 : OpenSSL Vulnerabilities 28-Jan-2016
SUMMARY Blue Coat products using affected versions of OpenSSL 1.0.2, 1.0.1, and 0.9.8 are susceptible to multiple vulnerabilities. A remote attacker can exploit these vulnerabilities to obtain ephemeral Diffie-Hellman DHE private key information and perform man-in-the-middle attacks on SSL/TLS...
Linux Kernel CVE-2019-20054 Null Pointer Dereference Denial of Service Vulnerability
Description Linux Kernel is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause denial-of-service conditions. Linux Kernel versions prior to 5.0.6 are vulnerable. Technologies Affected Linux kernel 3.0 Linux kernel 3.0-rc1 Linux kernel 3.0.1 Linux kernel 3.0.18...
libxslt CVE-2019-13117 Information Disclosure Vulnerability
Description libxslt is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. libxslt 1.1.33 is vulnerable; other versions may also be affected. Technologies Affected Oracle JDKLinux Production Release...
FasterXML Jackson-databind CVE-2019-12814 Information Disclosure Vulnerability
Description FasterXML Jackson-databind is prone to an information-disclosure vulnerability. An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. FasterXML jackson-databind versions 2.x through 2.9.9 are vulnerable. Technologies Affected FasterXML...
Apache Tomcat CVE-2018-8037 Information Disclosure Vulnerability
Description Apache Tomcat is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Apache Tomcat 8.5.5 through 8.5.31 and 9.0.0.M9 through 9.0.9 are vulnerable. Technologies Affected Apache Tomcat 8.5.11...
Microsoft Windows DNSAPI CVE-2018-8225 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of an affected system. Failed exploit attempts may result in a denial of service condition. Technologies Affected Microsoft Windows 10 Versi...
Microsoft Office CVE-2017-11825 Remote Code Execution Vulnerability
Description Microsoft Office is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions. Technologies Affected Microsoft...
Symantec Norton Password Manager CVE-2019-19546 Information Disclosure Vulnerability
Description Symantec Norton Password Manager is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Symantec Norton Password Manager versions prior to 6.6.2.5 are vulnerable. Technologies...
Microsoft Windows Comctl32 CVE-2019-1043 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft Windows 10 Version 16...
Microsoft Windows JET Database Engine CVE-2019-0598 Remote Code Execution Vulnerability
Description Microsoft Windows JET Database Engine is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of an affected system. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10...
Microsoft Windows 'bowser.sys' CVE-2018-8271 Local Information Disclosure Vulnerability
Description Microsoft Windows is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version...
Microsoft PowerPoint CVE-2017-8742 Remote Code Execution Vulnerability
Description Microsoft PowerPoint is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions. Technologies Affected...
SA131 : TCP Session Hijacking in Operating Systems Supporting RFC 5961
SUMMARY Blue Coat products that include a vulnerable version of an operating system that supports RFC 5961 are susceptible to a TCP session hijacking vulnerability. A remote, off-path attacker can infer the sequence numbers of an existing TCP connection, and either reset the connection or inject...
Microsoft Windows TrueType Fonts CVE-2015-2464 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. Successful exploits allow attackers to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will result in a denial-of-service condition. Technologies Affected Microsoft .NET...
Microsoft Windows DLL Loading CVE-2015-0096 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. Technologies Affected Avaya CallPilot...
Adobe Reader and Acrobat CVE-2014-8451 Information Disclosure Vulnerability
Description Adobe Reader and Acrobat are prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. Technologies Affected Adobe Acrobat 10.0 Adobe Acrobat 10.0.1 Adobe Acrobat 10.0.2 Adobe Acrobat...
Microsoft Excel CVE-2014-6361 Memory Corruption Vulnerability
Description Microsoft Excel is prone to a memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Technologies Affected Microsoft Excel 2007 SP3 Microsoft...
Microsoft .NET Framework ClickOnce CVE-2014-4073 Remote Privilege Escalation Vulnerability
Description Microsoft .NET Framework is prone to a remote privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges within the context of the application; this can result in the attacker gaining complete control of the affected system. Technologies Affecte...
PHP CVE-2019-11044 Multiple Unspecified Security Vulnerabilities
Description PHP is prone to multiple unspecified security vulnerabilities. An attacker can exploit these issues to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. PHP 7.2.0 through 7.2.25, 7.3.0 through 7.3.12 and 7.4.0 are...
Samba CVE-2019-14870 Remote Security Bypass Vulnerability
Description Samba is prone to a security-bypass vulnerability. Successful exploit may allow attackers to bypass certain security restrictions and gain unauthorized access to resources. Samba 4.x versions prior to 4.11.3, 4.10.11 and 4.9.17 are vulnerable. Technologies Affected Samba Samba 4.0.0...
Multiple Cisco Products CVE-2019-15992 Remote Code Execution Vulnerability
Description Multiple Cisco Products are prone to a remote code-execution vulnerability. Successfully exploiting this issue will allow attackers to execute arbitrary code within the context of the application. This issue is being tracked by Cisco Bug IDs CSCvr85295 and CSCvr96680 . Technologies...
Multiple Intel Products CVE-2019-0155 Local Privilege Escalation Vulnerability
Description Multiple Intel Products are prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to gain elevated privileges, obtain sensitive information, cause memory corruption or denial-of-service conditions. Technologies Affected Intel 6th generation Core...
PHP CVE-2019-11050 Denial of Service Vulnerability
Description PHP is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause denial-of-service condition. PHP versions prior to 7.4.1 are vulnerable. Technologies Affected PHP PHP 7.0.0 PHP PHP 7.0.1 PHP PHP 7.0.10 PHP PHP 7.0.11 PHP PHP 7.0.12 PHP PHP 7.0.13 PHP PHP...
SAP Customer Relationship Management CVE-2019-0368 Cross Site Scripting Vulnerability
Description SAP Customer Relationship Management CRM is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. Remote attackers can exploit this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the...
Microsoft Open Enclave SDK CVE-2019-1369 Information Disclosure Vulnerability
Description Microsoft Open Enclave SDK is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft Open Enclave SDK Recommendations Run all software as a nonprivileged user...
Microsoft .NET Framework CVE-2019-1083 Denial of Service Vulnerability
Description Microsoft .NET Framework is prone to a remote denial of service vulnerability. An attacker can exploit this issue to cause a denial of service condition. Technologies Affected Microsoft .NET Framework 2.0 SP2 Microsoft .NET Framework 3.0 SP2 Microsoft .NET Framework 3.5 Microsoft .NET...
Microsoft Word CVE-2019-1034 Remote Code Execution Vulnerability
Description Microsoft Word is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions. Technologies Affected Microsoft...
Microsoft .NET CVE-2019-0864 Denial of Service Vulnerability
Description Microsoft .NET is prone to a remote denial of service vulnerability. An attacker can exploit this issue to cause a denial of service condition. Technologies Affected Microsoft .NET Framework 2.0 Microsoft .NET Framework 3.0 Microsoft .NET Framework 3.5 Microsoft .NET Framework 3.5.1...
Microsoft Internet Explorer CVE-2019-0768 Security Bypass Vulnerability
Description Microsoft Internet Explorer is prone to a security-bypass vulnerability. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. This may lead to other attacks. Internet Explorer 11 is vulnerable. Technologies...
Microsoft Windows CVE-2017-0055 Cross Site Scripting Vulnerability
Description Microsoft Windows is prone to a cross-site-scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may...
Multiple Intel Processors Side Channel CVE-2019-11135 Information Disclosure Vulnerability
Description Multiple Intel Processors are prone to a local information-disclosure vulnerability. A local attacker can leverage this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Citrix Hypervisor 8.0 Citrix XenServer 7.0 Citrix XenServer 7.1 LTSR CU2...
Mozilla Firefox ESR CVE-2019-11758 Memory Corruption Vulnerability
Description Mozilla Firefox ESR is prone to a memory-corruption vulnerability. A remote attacker can leverage this issue to execute arbitrary code within the context of the application. Successful exploits will compromise the application and possibly the underlying system. This issue is fixed in:...
Microsoft Windows Imaging API CVE-2019-1311 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of an affected system. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for...
Microsoft Windows CVE-2019-1346 Denial of Service Vulnerability
Description Microsoft Windows is prone to a denial of service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft...
Microsoft Windows DHCP Server CVE-2019-0725 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the system account. Failed exploit attempts will likely result in denial-of-service conditions. Technologies Affected Microsoft Windows...
Microsoft Windows JET Database Engine CVE-2019-0895 Remote Code Execution Vulnerability
Description Microsoft Windows JET Database Engine is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of an affected system. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10...
SA100 : Apache Tomcat Vulnerabilities
SUMMARY Blue Coat products using affected versions of Tomcat 8.x, 7.x, and 6.x are susceptible to multiple vulnerabilities. A remote attacker may exploit these vulnerabilities to gain unauthorized read access or escalated privileges, or to conduct denial of service, HTTP request smuggling, or...
Microsoft Office CVE-2015-2377 Memory Corruption Vulnerability
Description Microsoft Office is prone to a remote memory-corruption vulnerability because it fails to properly handle objects in memory. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in...
Linux Kernel CVE-2019-19332 Local Denial of Service Vulnerability
Description Linux Kernel is prone to a local denial-of-service vulnerability. Attackers can exploit this issue to crash the affected application, denying service to legitimate users. Technologies Affected Linux kernel 2.0.0 Linux kernel 2.0.1 Linux kernel 2.0.10 Linux kernel 2.0.11 Linux kernel...
SAP BusinessObjects Business Intelligence CVE-2019-0398 Cross Site Request Forgery Vulnerability
Description SAP BusinessObjects Business Intelligence Platform is prone to an unspecified cross-site request-forgery vulnerability because the application fails to properly validate HTTP requests. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain...
Linux Kernel Multiple Memory Leak Denial of Service Vulnerabilities
Description Linux Kernel is prone to multiple denial-of-service vulnerabilities. Successful exploitation of these issues may cause excessive memory consumption, resulting in denial-of-service conditions. Versions prior to Linux kernel 5.3.8 are vulnerable. Technologies Affected Linux kernel 2.6.0...
Microsoft Windows Remote Desktop Protocol Client CVE-2019-1108 Information Disclosure Vulnerability
Description Microsoft Windows is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 16...
Microsoft Exchange Server CVE-2019-1084 Information Disclosure Vulnerability
Description Microsoft Exchange Server is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Exchange Server 2010 SP3 Microsoft Exchange Server 2013 Cumulative...
Microsoft Internet Explorer Scripting Engine CVE-2019-1004 Remote Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft Internet...
Microsoft Office SharePoint CVE-2019-1134 Cross Site Scripting Vulnerability
Description Microsoft Office SharePoint is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This...
Microsoft Edge Chakra Scripting Engine CVE-2019-1002 Remote Memory Corruption Vulnerability
Description Microsoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft ChakraCore Microsoft...
Microsoft Windows SMB Server CVE-2019-0821 Information Disclosure Vulnerability
Description Microsoft Windows is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 16...
Microsoft Skype for Android CVE-2019-0622 Local Privilege Escalation Vulnerability
Description Microsoft Skype for Android is prone to a local privilege-escalation vulnerability. An attacker with physical access can exploit this issue to gain elevated privileges. Technologies Affected Microsoft Skype for Android 8.35 Recommendations Permit local access for trusted individuals...
Microsoft PowerPoint CVE-2018-8628 Remote Code Execution Vulnerability
Description Microsoft PowerPoint is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions. Technologies Affected...
Microsoft Windows NetBIOS CVE-2017-0174 Denial of Service Vulnerability
Description Microsoft Windows is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft...