6867 matches found
SA134 : Linux Kernel Vulnerabilities Oct/Nov 2016
SUMMARY Blue Coat products that include a vulnerable version of the Linux kernel are susceptible to several vulnerabilities. A remote attacker, with access to the management interface, can exploit these vulnerabilities to cause denial of service through system crashes or have unspecified other...
Microsoft Office CVE-2016-7235 Memory Corruption Vulnerability
Description Microsoft Office is prone to a remote memory-corruption vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions. Technologies Affected...
SA114 : GNU C Library (glibc) Remote Code Execution February 2016
SUMMARY Blue Coat products using an affected version of the GNU C Library glibc are susceptible to a remote execution attack. A remote attacker can send a crafted DNS response to the glibc DNS resolver and cause the resolver to crash or execute arbitrary code. AFFECTED PRODUCTS The following...
Microsoft .NET Framework Model View Controller CVE-2015-2526 Remote Denial of Service Vulnerability
Description Microsoft .NET Framework is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to degrade the performance of a .NET-enabled website, causing a denial of service condition. Technologies Affected Avaya Meeting Exchange - Client Registration Server 6.0...
Microsoft Internet Explorer CVE-2014-6349 Remote Privilege Escalation Vulnerability
Description Microsoft Internet Explorer is prone to a remote privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges. Successful exploits may aid in further attacks. Internet Explorer 10 and 11 are vulnerable. Technologies Affected Avaya Aura Conferencin...
Microsoft Windows CVE-2020-0644 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code in kernel mode with elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version...
Google Chrome CVE-2019-13767 Use After Free Vulnerability
Description Google Chrome is prone to a use-after-free vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the browser, or cause denial-of-service conditions. Versions prior to Chrome 79.0.3945.88 are vulnerable. Technologies Affected Google Chrome 0.1.38.1...
Multiple Cisco Products CVE-2019-15958 Remote Code Execution Vulnerability
Description Multiple Cisco Products are prone to an remote code-execution vulnerability. Successfully exploiting this issue will allow attackers to execute arbitrary code within the context of the application. This issue is being tracked by Cisco Bug IDs CSCvp79419, CSCvp79611 . Technologies...
Oracle MICROS Relate CRM Software CVE-2019-2896 Remote Security Vulnerability
Description Oracle MICROS Relate CRM Software is prone to a remote security vulnerability. The vulnerability can be exploited over the 'HTTP' protocol. The 'Internal Operations' component is affected. This vulnerability affects the following supported versions: 7.1.0, 15.0.0, 16.0.0, 17.0.0 and...
Adobe Experience Manager Forms CVE-2019-8089 Cross Site Scripting Vulnerability
Description Adobe Experience Manager Forms is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected sit...
Linux Kernel CVE-2019-17351 Local Denial of Service Vulnerability
Description Linux Kernel is prone to a local denial-of-service vulnerability. A local attacker can exploit this issue cause a denial-of-service condition or possibly have other unspecified impact. Linux kernel prior to 5.2.3 are vulnerable. Technologies Affected Linux kernel 2.4.17 Linux kernel...
Microsoft Office SharePoint CVE-2019-1262 Cross Site Scripting Vulnerability
Description Microsoft Office SharePoint is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This...
Linux Kernel Vulnerabilities May-June 2019
SUMMARY Symantec Network Protection products using affected versions of the Linux kernel are susceptible to multiple vulnerabilities. A remote attacker can cause denial of service through resource exhaustion and memory corruption. A local attacker can escalate their privileges on the system...
Microsoft Windows DirectX CVE-2019-1018 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attackers may exploit this issue to gain elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windo...
Microsoft Edge Chakra Scripting Engine CVE-2019-0937 Remote Memory Corruption Vulnerability
Description Microsoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft ChakraCore Microsoft...
Microsoft Windows GDI Component CVE-2019-0758 Information Disclosure Vulnerability
Description Microsoft Windows is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 16...
Microsoft Windows Hyper-V CVE-2019-0886 Local Information Disclosure Vulnerability
Description Microsoft Windows is prone to local information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Hyper-V Microsoft Windows 10 Version 1607 for x64-based Systems Microso...
OpenSSL CVE-2019-1559 Information Disclosure Vulnerability
Description OpenSSL is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. OpenSSL 1.0.2 through 1.0.2q are vulnerable. Technologies Affected Bluecoat BCAAA 6.1 Bluecoat Mail Threat Defense 1...
Microsoft Team Foundation Server CVE-2019-0742 Cross Site Scripting Vulnerability
Description Microsoft Team Foundation Server is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to insert and display spoofed content and to execute arbitrary script code in the browser of an unsuspecting...
Microsoft Windows Kernel CVE-2019-0569 Local Information Disclosure Vulnerability
Description Microsoft Windows is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version...
Microsoft Windows Kernel CVE-2018-8336 Local Information Disclosure Vulnerability
Description Microsoft Windows is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks. Technologies Affected Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Syste...
Apache CXF CVE-2018-8039 TLS Hostname Verification Security Bypass Vulnerability
Description Apache CXF is prone to a security-bypass vulnerability. Successfully exploiting this issue may allow attackers to obtain sensitive information by conducting a man-in-the-middle attack. This may lead to other attacks. The following versions of product are vulnerable: Apache CXF 3.1.16...
Microsoft .NET CVE-2018-0765 Denial Of Service Vulnerability
Description Microsoft .NET is prone to denial-of-service vulnerability. Successful exploits will attackers to cause a denial of service condition. Technologies Affected Microsoft .NET Framework 2.0 Microsoft .NET Framework 3.0 Microsoft .NET Framework 3.5 Microsoft .NET Framework 3.5.1 Microsoft...
Microsoft Excel CVE-2018-1026 Remote Code Execution Vulnerability
Description Microsoft Excel is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions. Technologies Affected Microsoft...
Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
Description Apache POI is prone to multiple denial-of-service vulnerabilities. An attacker may exploit these issues to cause a denial-of-service condition, denying service to legitimate users. Versions prior to POI 3.17 are vulnerable. Technologies Affected Apache POI 0.1 Apache POI 0.10.0 Apache...
Microsoft ASP.NET Core CVE-2018-0784 Remote Privilege Escalation Vulnerability
Description Microsoft ASP.NET Core is prone to a remote privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges. Technologies Affected Microsoft ASP.NET Microsoft ASP.NET Core 2.0 Microsoft Windows 10 version 1703 for 32-bit Systems Recommendations Block...
Microsoft Windows Kernel CVE-2017-8564 Local Information Disclosure Vulnerability
Description Microsoft Windows is prone to a local information-disclosure vulnerability. A local attacker can leverage this issue to disclose sensitive information that may aid in further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Versi...
Microsoft Office CVE-2017-8506 DLL Loading Remote Code Execution Vulnerability
Description Microsoft Office is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions. Technologies Affected Microsoft...
Microsoft Windows CVE-2016-3236 WPAD Remote Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a remote privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges. Successful exploits may aid in further attacks. Technologies Affected Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based...
Microsoft Windows Server Message Block CVE-2016-3225 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code with elevated privileges. Technologies Affected Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft...
Symantec Endpoint Encryption Unquoted Service Path Local Elevation of Privilege
SUMMARY Symantec Endpoint Encryption SEE has an unquoted search path in EEDService. This could provide a non-privileged local user the ability to successfully insert arbitrary code in the root path. AFFECTED PRODUCTS Symantec Endpoint Encryption --- CVE | Affected Versions | Remediation...
Microsoft Office Web Apps CVE-2014-1813 Remote Code Execution Vulnerability
Description Microsoft Office Web Apps is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the W3WP service account user. Technologies Affected Microsoft Office Web Apps 2010 SP1 Microsoft Office Web Apps 2010 SP2...
Microsoft .NET Framework CVE-2013-3171 Remote Privilege Escalation Vulnerability
Description Microsoft .NET Framework is prone to a remote privilege-escalation vulnerability. An attacker can exploit this vulnerability to bypass certain Code Access Security CAS restrictions and gain elevated privileges. Technologies Affected Avaya CallPilot 4.0 Avaya CallPilot 4.0.1 Avaya...
Microsoft Windows TCP/IP CVE-2012-0179 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that affects the TCP/IP stack component 'tcpip.sys'. An attacker can exploit this issue to gain elevated privileges by executing arbitrary code in the context of another process. Failed exploit attempts may cause...
Adobe Flash Player CVE-2011-0609 'SWF' File Remote Memory Corruption Vulnerability
Description Adobe Flash Player is prone to a remote memory-corruption vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. Technologies...
Microsoft Visual Studio 'Msmask32.ocx' ActiveX Control Remote Buffer Overflow Vulnerability
Description The Microsoft Visual Studio ActiveX control, MaskedEdit, is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. An attacker can exploit this issue to execute arbitrary code in the context of an application...
Symantec AntiVirus Malformed RAR and CAB Compression Type Bypass
SUMMARY Two vulnerabilities have been identified in the Symantec Decomposer component used to decompose some types of archive content while scanning for malicious content. Risk Impact High Remote Access | Yes ---|--- Local Access | No Authentication Required | No Exploit publicly available | No...
Privilege Escalation and Information Disclosure Vulnerabilities in SMG
Summary Symantec Messaging Gateway SMG is susceptible to privilege escalation and information disclosure vulnerabilities. A malicious, authenticated, privileged user can further elevate their privileges on the system, or obtain a password for a remote SCP backup server that they might not otherwi...
Microsoft Windows Cryptographic Services CVE-2020-0620 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Window...
Oracle Solaris CVE-2020-2696 Local Security Vulnerability
Description Oracle Solaris is prone to a local security vulnerability. This issue affects the 'Common Desktop Environment' component. This vulnerability affects the following supported version: 10 Technologies Affected Oracle Solaris 10 Recommendations Permit local access for trusted individuals...
Oracle Java SE CVE-2020-2655 Remote Security Vulnerability
Description Oracle Java SE is prone to a remote security vulnerability. The vulnerability can be exploited over 'HTTPS' protocol. This issue affects the 'JSSE' component. This vulnerability affects the following supported versions: Java SE: 11.0.5, 13.0.1 Technologies Affected Oracle JDKLinux...
Microsoft Exchange Server '/Autodiscover' Server Side Request Forgery Security Bypass Vulnerability
Description Microsoft Exchange Server is prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. Microsoft Exchange Server 2013 Cumulative Update 22 and prior versions are...
CZ.NIC Knot Resolver CVE-2019-19331 Denial of Service Vulnerability
Description CZ.NIC Knot Resolver is prone to a denial-of-service vulnerability. Remote attackers can exploit this issue to cause denial-of-service condition. Knot Resolver versions prior to 4.3.0 are vulnerable. Technologies Affected CZ.NIC labs Knot Resolver 2.0.0 CZ.NIC labs Knot Resolver 2.1.0...
Infinispan CVE-2019-10174 Privilege Escalation Vulnerability
Description Infinispan is prone to a privilege-escalation vulnerability. A remote attacker can exploit this issue to gain elevated privileges and perform unauthorized actions on an affected system. Technologies Affected Redhat Enterprise Application Platform Continuous Delivery Redhat JBoss Data...
SAP UI5 HTTP Handler CVE-2019-0388 Unspecified Content Spoofing Vulnerability
Description SAP UI5 HTTP Handler is prone to an unspecified content-spoofing vulnerability. Attackers can exploit this issue to manipulate and spoof content, which may aid in further attacks. Technologies Affected SAP SAPUI5 SAP UI 7.5 SAP UI 7.51 SAP UI 7.52 SAP UI 7.53 SAP UI 7.54 Recommendatio...
Microsoft Windows OpenType Fonts CVE-2019-1456 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. Successful exploits allow attackers to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will result in a denial-of-service condition. Technologies Affected Microsoft Window...
Microsoft Windows Setup CVE-2019-1316 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Window...
Cisco Firepower Management Center Multiple SQL Injection Vulnerabilities
Description Cisco Firepower Management Center is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data or...
Python CVE-2019-16935 CRLF Multiple Cross Site Scripting Vulnerabilities
Description Python is prone to multiple cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the...
Multiple D-Link Products CVE-2019-16920 Remote Command Injection Vulnerability
Description Multiple D-Link products are prone to a command-injection vulnerability. Exploiting this issue could allow an attacker to execute arbitrary commands in the context of the affected device. Failed exploit attempts will likely result in denial-of-service conditions. Technologies Affected...