6867 matches found
Microsoft Windows LNK CVE-2019-1280 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to execute arbitrary code on the target system. Failed attacks may cause denial of service conditions. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit...
Oracle Communications Billing and Revenue Management CVE-2019-12086 Remote Security Vulnerability
Description Oracle Communications Billing and Revenue Management is prone to a remote security vulnerability. The vulnerability can be exploited over the 'HTTP' protocol. The 'Billing Care' and 'Business Operations Center jackson-databind' components are affected. This vulnerability affects the...
Microsoft Excel CVE-2019-1112 Information Disclosure Vulnerability
Description Microsoft Excel is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft...
Microsoft Windows WLAN Service CVE-2019-1085 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based...
OnApp CVE-2019-12491 Command Execution Vulnerability
Description OnApp is prone to a remote command-execution vulnerability. Successfully exploiting this issue may allow an attacker to execute arbitrary commands with root privileges in the context of the affected server. OnApp versions 5.0 prior to 5.0.0-88, 5.1 through 5.4, 5.5 prior to 5.5.0-93,...
Microsoft Windows JET Database Engine CVE-2019-0898 Remote Code Execution Vulnerability
Description Microsoft Windows JET Database Engine is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of an affected system. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10...
Microsoft Windows Win32k CVE-2019-0776 Local Information Disclosure Vulnerability
Description Microsoft Windows is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version...
Microsoft Edge Chakra Scripting Engine CVE-2019-0590 Remote Memory Corruption Vulnerability
Description Microsoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft ChakraCore Microsoft...
Microsoft Excel CVE-2018-8627 Information Disclosure Vulnerability
Description Microsoft Excel is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft Excel 2010 SP2 32-bit editions Microsoft Excel 2010 SP2 64-bit editions Microsoft Exce...
Microsoft Windows Image File Loading CVE-2018-8475 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely cause a denial-of-service condition. Technologies Affected Microsoft Windows ...
Microsoft Jet Database Engine CVE-2018-8392 Buffer Overflow Vulnerability
Description Microsoft Jet Database Engine is prone to a buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. An attacker can exploit this issue to execute arbitrary code in the context of an affect...
SA162: Multiple ASG and ProxySG Vulnerabilities
SUMMARY The Symantec ASG and ProxySG management consoles are susceptible to several vulnerabilities. A remote attacker, with access to the management console, can cause denial of service through management console application crashes. A malicious appliance administrator can also inject arbitrary...
Microsoft Windows StructuredQuery CVE-2018-0825 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the current user. Failed exploit attempts may result in a denial of service condition. Technologies Affected Microsoft Windows 10 Version...
Microsoft Windows CVE-2017-11927 Information Disclosure Vulnerability
Description Microsoft Windows is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 16...
Microsoft Word CVE-2017-11854 Memory Corruption Vulnerability
Description Microsoft Word is prone to a memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Technologies Affected Microsoft Excel 2007 SP3 Microsoft...
Microsoft Office CVE-2017-11884 Memory Corruption Vulnerability
Description Microsoft Office is prone to a memory-corruption vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions. Technologies Affected Microsoft Exc...
Microsoft Windows CVE-2017-11783 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code with elevated privileges in the context of the affected system. Successful exploit would allow an attacker to take control over an affected syste...
Microsoft Internet Explorer and Edge CVE-2017-8736 Information Disclosure Vulnerability
Description Microsoft Internet Explorer and Edge are prone to an information-disclosure vulnerability. Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft Edge Microsoft Internet Explorer 11 Recommendations Run...
Microsoft Windows PDF CVE-2017-0293 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions. Technologies Affected Microsof...
Microsoft .NET Framework CVE-2017-0248 Security Bypass Vulnerability
Description Microsoft .NET Framework is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks. Technologies Affected Microsoft .NET Framework 2.0 SP2 Microsoft .NET...
Microsoft Windows ADFS CVE-2017-0159 Security Bypass Vulnerability
Description Microsoft Windows is prone to a security-bypass vulnerability. An attacker can leverage this issue to bypass certain security restrictions and perform unauthorized actions. Technologies Affected Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703...
Microsoft Windows Hyper-V CVE-2017-0183 Remote Denial of Service Vulnerability
Description Microsoft Windows is prone to a remote denial of service vulnerability. An attacker can exploit this issue to crash the host machine, resulting in a denial of service condition. Technologies Affected Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 for...
Microsoft Windows Hyper-V CVE-2017-0075 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. Successful exploits allow attackers to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will result in a denial of service condition. Technologies Affected Microsoft Window...
Microsoft Windows Kernel 'Win32k.sys' CVE-2017-0079 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. A local attacker can exploit this issue to execute arbitrary code in kernel mode with elevated privileges. Technologies Affected Microsoft Windows 10 for 32-bit Systems Microsof...
Microsoft Windows Kernel 'Win32k.sys' CVE-2016-0167 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. A local attacker can exploit this issue to execute arbitrary code in kernel mode with elevated privileges. Technologies Affected Microsoft Windows 10 for 32-bit Systems Microsof...
Microsoft SharePoint CVE-2016-0039 Cross Site Scripting Vulnerability
Description Microsoft SharePoint is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may...
Microsoft Windows Kernel CVE-2016-0040 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code in kernel mode with elevated privileges. Technologies Affected Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Syste...
Microsoft Internet Explorer and Edge CVE-2015-2485 Remote Memory Corruption Vulnerability
Description Microsoft Internet Explorer and Edge are prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently...
Microsoft Windows Mount Manager CVE-2015-1769 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to gain elevated privileges within the context of the affected system. Technologies Affected Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based...
Microsoft SQL Server CVE-2015-1761 Privilege Escalation Vulnerability
Description Microsoft SQL Server is prone to a privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges. Technologies Affected Avaya Meeting Exchange - Client Registration Server 5.0 Avaya Meeting Exchange - Client Registration Server 5.0.1 Avaya Meeting...
Microsoft Internet Explorer CVE-2014-6366 Remote Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in...
Microsoft Internet Explorer CVE-2014-6327 Remote Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in...
Microsoft Windows CVE-2014-4114 OLE Package Manager Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the affected application. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user...
Symantec Data Insight Management Console HTML Injection and Cross-Site Scripting
SUMMARY The management console for Symantec Data Insight does not sufficiently validate/sanitize arbitrary input in two separate fields within the management GUI. This could potentially allow unauthorized command execution or potential malicious redirection. AFFECTED PRODUCTS Product | Version |...
Symantec Endpoint Protection Privilege Assumption, Policy Bypass, Local Elevation of Privilege
SUMMARY The Management Console in Symantec Endpoint Protection does not properly validate user authentication, which could potentially allow a user to assume another users identity and privileges on the console. Symantec Endpoint Protection clients do not sufficiently restrict custom policies,...
Oracle Java SE CVE-2013-2470 Memory Corruption Vulnerability
Description Oracle Java SE is prone to a memory-corruption vulnerability in Java Runtime Environment. Attackers can exploit this issue to execute arbitrary code within the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions...
Adobe Acrobat And Reader CVE-2013-0641 Remote Code Execution Vulnerability
Description Adobe Acrobat and Reader are prone to an unspecified remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the affected application or to crash the application. Little information is available for this issue. We will...
Microsoft .NET Framework CVE-2012-2519 DLL Loading Arbitrary Code Execution Vulnerability
Description Microsoft .NET Framework is prone to a vulnerability that lets attackers execute arbitrary code. An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location which contains a specially crafted Dynamic...
Microsoft GDI+ EMF Image Processing Integer Overflow Memory Corruption Vulnerability
Description Microsoft GDI+ is prone to a remote memory-corruption vulnerability that occurs when an application that uses the library tries to process a specially crafted Enhanced Metafile EMF image file. An attacker can exploit this issue to execute arbitrary code with the privileges of the...
Microsoft PowerPoint (CVE-2010-2573) Heap Corruption Vulnerability
Description Microsoft PowerPoint is prone to a remote heap-corruption vulnerability. An attacker can exploit this issue to execute arbitrary code with user-level privileges, facilitating the complete compromise of an affected computer. Failed exploit attempts will result in a denial-of-service...
Microsoft Windows Shortcut 'LNK/PIF' Files Automatic File Execution Vulnerability
Description Microsoft Windows is prone to a vulnerability that may allow a file to automatically run because the software fails to properly handle 'LNK' files or 'PIF' files. An attacker may exploit this issue to execute arbitrary code. The attacker must entice a victim to view a specially crafte...
Microsoft GDI+ WMF Image File Buffer Overflow Vulnerability
Description Microsoft GDI+ is prone to a buffer-overflow vulnerability because the vector graphics linked library improperly allocates memory when parsing WMF image files. Successfully exploiting this issue would allow an attacker to corrupt memory and execute arbitrary code in the context of the...
Microsoft Windows Search Indexer CVE-2020-0631 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code with elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for...
Symantec Critical System Protection CVE-2019-18374 Unspecified Authentication Bypass Vulnerability
Description Symantec Critical System Protection is prone to an unspecified authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. Symantec Critical System Protection CSP...
Linux Kernel CVE-2019-14898 Incomplete Fix Local Race Condition Vulnerability
Description The Linux Kernel is prone to a local race-condition vulnerability. An attacker can exploit this issue to obtain sensitive information and cause a denial-of-service condition. This may lead to other attacks. Technologies Affected Linux kernel 2.6.38 Linux kernel 2.6.38.2 Linux kernel...
Cisco Small Business RV Series Routers CVE-2019-15957 Remote Command Injection Vulnerability
Description Cisco Small Business RV Series Routers are prone to a remote command injection vulnerability. Successfully exploiting this issue may allow an attacker to execute arbitrary commands with root privileges in the context of the affected device. This issue is being tracked by Cisco Bug IDs...
Cisco Expressway Series and Telepresence VCS CVE-2019-12705 Cross Site Scripting Vulnerability
Description Cisco Expressway Series and Telepresence Video Communication Server VCS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting us...
Oracle Java SE/Java SE Embedded CVE-2019-2973 Remote Security Vulnerability
Description Oracle Java SE and Java SE Embedded are prone to a remote security vulnerability. The vulnerability can be exploited over Multiple protocols. This issue affects the 'JAXP' component. This vulnerability affects the following supported versions: Java SE: 7u231, 8u221, 11.0.4, 13; Java S...
Microsoft Windows JET Database Engine CVE-2019-1358 Remote Code Execution Vulnerability
Description Microsoft Windows JET Database Engine is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of an affected system. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10...
Multiple Cisco Unified Communications Products Cross Site Request Forgery Vulnerability
Description Multiple Cisco Unified Communications Products are prone to a cross-site request-forgery vulnerability because the application does not properly validate HTTP requests. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions in the context of the...