6867 matches found
Cisco Security Manager CVE-2019-12630 Java Deserialization Command Execution Vulnerability
Description Cisco Security Manager is prone to a command-execution vulnerability. Attackers can exploit this issue to execute arbitrary commands within the context of the affected device. Failed exploit attempts may result in a denial-of-service condition. This issue is tracked by Cisco Bug ID...
Cisco Firepower Management Center Multiple Remote Code Execution Vulnerabilities
Description Cisco Firepower Management Center is prone to multiple remote code-execution vulnerabilities. An attacker can exploit these issues to execute arbitrary code on the affected system. This may aid in further attacks. These issues are being tracked by Cisco Bug IDs CSCvf87540 and...
Linux Kernel CVE-2019-18680 Denial of Service Vulnerability
Description Linux Kernel is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause denial-of-service conditions. Linux kernel versions 4.4.x prior to 4.4.195 are vulnerable. Technologies Affected Linux kernel 4.4.0-57 Linux kernel 4.4.1 Linux kernel 4.4.105 Linux...
Microsoft Windows Common Log File System CVE-2019-1214 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based...
Apache Commons Beanutils CVE-2019-10086 Remote Security Vulnerability
Description Apache Commons Beanutils is prone to a remote security vulnerability. An attacker can leverage this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. Apache Commons Beanutils 1.9.2, and 1.9.3 are vulnerable. Technologies Affected...
Microsoft Windows DirectX CVE-2019-0999 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker may exploit this issue to gain elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Window...
Microsoft Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability
Description Microsoft Azure DevOps Server and Team Foundation Server are prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Azure DevOps Server 2019 Microsoft...
Microsoft Windows Task Scheduler CVE-2019-0838 Local Information Disclosure Vulnerability
Description Microsoft Windows is prone to a local information-disclosure vulnerability. A local attacker can leverage this issue to disclose sensitive information that may aid in further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Versi...
Microsoft Open Enclave SDK CVE-2019-0876 Information Disclosure Vulnerability
Description Microsoft Open Enclave SDK is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft Open Enclave SDK Recommendations Run all software as a nonprivileged user...
Microsoft Edge Chakra Scripting Engine CVE-2019-0640 Remote Memory Corruption Vulnerability
Description Microsoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft ChakraCore Microsoft...
Microsoft Windows Hyper-V CVE-2018-8439 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. Successful exploits allow attackers to execute arbitrary code in the context of the host operating system. Failed exploit attempts will result in a denial of service condition. Technologies Affected Microsoft Hyper-V...
Microsoft Windows CLFS CVE-2018-0844 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with elevated privileges. Failed exploit attempts may result in a denial of service condition; this can result in the attacker gaining complete contro...
Microsoft Windows CVE-2018-0828 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code with elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for...
SA153: NSS Vulnerabilities Apr-May 2017
SUMMARY Symantec Network Protection products using affected versions of NSS are susceptible to two security vulnerabilities. A remote attacker can send empty SSLv2 messages and cause denial of service through application crashes. An attacker can also have unspecified impact by exploiting a...
Microsoft Exchange Server CVE-2017-8621 Open Redirection Vulnerability
Description Microsoft .NET Framework is prone to an open-redirection vulnerability because it fails to properly sanitize user-supplied input. An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may ...
Microsoft Office CVE-2017-8508 Security Bypass Vulnerability
Description Microsoft Office is prone to a security bypass vulnerability. An attacker can leverage this issue to bypass certain security restrictions and execute arbitrary code by exploiting another vulnerability in the application; this may aid in launching further attacks. Technologies Affected...
Microsoft Edge CVE-2017-0234 Remote Memory Corruption Vulnerability
Description Microsoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Faile...
Microsoft Windows Kernel 'Win32k.sys' CVE-2017-0058 Local Information Disclosure Vulnerability
Description Microsoft Windows is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information, bypass certain security restrictions and perform unauthorized actions. Successful exploits may lead to other attacks. Technologies Affect...
Microsoft Windows Graphics Component CVE-2017-0073 Local Information Disclosure Vulnerability
Description Microsoft Windows is prone to a local information-disclosure vulnerability. An attacker can leverage this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft Live Meeting 2007 Add-in Microsoft Live Meeting 2007 Console Microsoft Lync...
Microsoft Internet Explorer and Edge CVE-2016-7279 Remote Memory Corruption Vulnerability
Description Microsoft Internet Explorer and Edge are prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page. Attackers can exploit this issue to execute arbitrary code in the context of the currentl...
Microsoft Windows Kernel 'Win32k.sys' CVE-2016-3266 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. A local attacker can exploit this issue to execute arbitrary code in kernel mode with elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit...
Microsoft Windows Library Loading CVE-2015-6133 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will result in a denial-of-service condition. Technologies Affected Microsoft...
Microsoft Windows Kernel CVE-2015-6175 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code in kernel mode with elevated privileges. Technologies Affected Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems...
Microsoft Internet Explorer CVE-2015-1625 Remote Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in...
Adobe Flash Player CVE-2015-0313 Remote Code Execution Vulnerability
Description Adobe Flash Player is prone to an unspecified remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition...
Microsoft Windows CVE-2014-6322 Remote Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a remote privilege-escalation vulnerability. An attacker can exploit this vulnerability to execute arbitrary code with elevated privileges. Technologies Affected Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1...
Adobe Flash Player and AIR CVE-2014-0588 Use After Free Remote Code Execution Vulnerability
Description Adobe Flash Player and AIR are prone to an unspecified remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition...
Symantec Encryption Desktop for OS X World-Writable Files Insecure File Handling
SUMMARY Symantecs Encryption Desktop for OS X installs some temporary files with world-writable attributes during installation. In a multi-user environment, a malicious user could manipulate these world-writable files to read and write files or create files with another users permissions. AFFECTE...
Microsoft Windows TrueType Font CMAP Table CVE-2013-3894 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. Successful exploits will result in the execution of arbitrary code in the kernel-mode. Failed attempts will cause a denial-of-service condition. Technologies Affected Avaya Aura Conferencing Standard Avaya CallPilot...
Microsoft Windows CVE-2013-3175 Remote Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a remote privilege-escalation vulnerability. An attacker can exploit this vulnerability to execute arbitrary code with elevated privileges. Technologies Affected Avaya CallPilot 4.0 Avaya CallPilot 4.0.1 Avaya CallPilot 5.0 Avaya CallPilot 5.0.1 Avaya...
Multi-Vendor Autonomy Verity Keyview Filter Multiple Issues
SUMMARY Multiple sources have identified several security issues in Autonomys Verity Keyview Content Filter libraries. Symantec has updated the Keyview modules being shipped with Symantec products to address these issues. AFFECTED PRODUCTS Product | Version | Build | Solutions ---|---|---|---...
Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1880) Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel due to a NULL-pointer dereference error. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the...
Microsoft Hyper-V VMBus 'vmswitch.sys' Denial of Service Vulnerability
Description Microsoft Hyper-V is prone to a local denial-of-service vulnerability. Using a guest system, a local attacker can exploit this issue to force the Hyper-V server to become unresponsive, denying service to legitimate users. The denial-of-service conditions would also affect other guest...
Multiple Microsoft IIS Vulnerabilities
Description Microsoft Internet Information Services IIS is prone to multiple vulnerabilities. The first vulnerability may allow an attacker to obtain elevated privileges. This vulnerability can be exploited by an attacker to load and execute applications on the vulnerable server with SYSTEM level...
Oracle Database Server CVE-2020-2518 Remote Security Vulnerability
Description Oracle Database Server is prone to a remote security vulnerability. The vulnerability can be exploited over multiple protocols. The 'Java VM' component is affected. This vulnerability affects the following supported versions: 11.2.0.4, 18c and 19c. Technologies Affected Oracle Databas...
Oracle Siebel CRM CVE-2020-2559 Remote Security Vulnerability
Description Oracle Siebel CRM is prone to a remote security vulnerability. This vulnerability affects the 'UIF Open UI' component and can be exploited over the 'HTTP' protocol. This vulnerability affects the following supported versions: 19.7 and prior Technologies Affected Oracle Siebel UI...
Cisco Finesse CVE-2019-15278 Cross Site Scripting Vulnerability
Description Cisco Finesse is prone to a cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials...
WordPress CVE-2019-20042 HTML Injection Vulnerability
Description WordPress is prone to an HTML injection vulnerability. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is...
Microsoft SharePoint Server CVE-2019-1491 Information Disclosure Vulnerability
Description Microsoft SharePoint Server is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Foundation 2010 SP2...
Apple iOS and iPadOS CVE-2019-8857 Security Bypass Vulnerability
Description Apple iOS and iPadOS are prone to a security bypass vulnerability. Attackers can exploit this issue to bypass security restrictions and perform unauthorized actions. This issue is fixed in Apple iPadOS 13.3 and iOS 13.3. Technologies Affected Apple Ipad Mini- Apple iOS 10 Apple iOS...
Reliable Controls LicenseManager CVE-2019-18245 Local Code Execution Vulnerability
Description Reliable Controls LicenseManager is prone to a local code execution vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the application. Failed exploit attempts will likely cause a denial-of-service condition. Reliable Controls...
Multiple F5 BIG-IP Products CVE-2019-6671 Memory Leak Denial of Service Vulnerability
Description Multiple F5 BIG-IP Products are prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause a denial of service condition. Technologies Affected F5 BIG-IP AAM 13.1.0 F5 BIG-IP AAM 13.1.3 F5 BIG-IP AAM 14.0.0 F5 BIG-IP AAM 14.0.1 F5 BIG-IP AAM 14.1.0 F5 BIG-IP...
Linux Kernel Multiple Heap Buffer Overflow Vulnerabilities
Description Linux Kernel is prone to multiple heap-based buffer-overflow vulnerabilities because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Attackers can exploit these issues to execute arbitrary code within the context of the...
Symantec Endpoint Protection CVE-2019-18372 Local Privilege Escalation Vulnerability
Description Symantec Endpoint Protection is prone to a local privilege escalation vulnerability. A local attacker can leverage this issue to gain elevated privileges. Symantec Endpoint Protection SEP versions prior to 14.2 RU2 are vulnerable. Technologies Affected Symantec Endpoint Protection 11...
Oracle Java SE/Java SE Embedded CVE-2019-2945 Remote Security Vulnerability
Description Oracle Java SE and Java SE Embedded are prone to a remote security vulnerability. The vulnerability can be exploited over Multiple protocols. This issue affects the 'Networking' component. This vulnerability affects the following supported versions: Java SE: 7u231, 8u221, 11.0.4, 13;...
Ghidra CVE-2019-16941 Arbitrary Code Execution Vulnerability
Description Ghidra is prone to an arbitrary code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Ghidra versions through 9.0.4 are vulnerable. Technologies Affected NSA Ghidra 9.0 NSA Ghidra 9.0.1 NSA Ghidra 9.0...
Microsoft Windows LNK CVE-2019-1280 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to execute arbitrary code on the target system. Failed attacks may cause denial of service conditions. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit...
Oracle Communications Billing and Revenue Management CVE-2019-12086 Remote Security Vulnerability
Description Oracle Communications Billing and Revenue Management is prone to a remote security vulnerability. The vulnerability can be exploited over the 'HTTP' protocol. The 'Billing Care' and 'Business Operations Center jackson-databind' components are affected. This vulnerability affects the...
Microsoft Excel CVE-2019-1112 Information Disclosure Vulnerability
Description Microsoft Excel is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft...
OnApp CVE-2019-12491 Command Execution Vulnerability
Description OnApp is prone to a remote command-execution vulnerability. Successfully exploiting this issue may allow an attacker to execute arbitrary commands with root privileges in the context of the affected server. OnApp versions 5.0 prior to 5.0.0-88, 5.1 through 5.4, 5.5 prior to 5.5.0-93,...