6867 matches found
Microsoft Windows PDF CVE-2017-0293 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions. Technologies Affected Microsof...
Symantec Messaging Gateway Multiple Vulnerabilities
SUMMARY Symantec has released an update to address three issues that were discovered in the Symantec Messaging Gateway SMG. AFFECTED PRODUCTS Symantec Messaging Gateway SMG --- CVE | Affected Versions | Remediation CVE-2017-6326 CVE-2017-6324 CVE-2017-6325 | Prior to 10.6.3 | Upgrade to 10.6.3 an...
Microsoft Outlook CVE-2017-8507 Memory Corruption Vulnerability
Description Microsoft Outlook is prone to a remote memory-corruption vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions. Technologies Affected...
Microsoft SharePoint CVE-2017-0255 Cross Site Scripting Vulnerability
Description Microsoft SharePoint is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may...
Microsoft Windows CVE-2017-0191 Denial of Service Vulnerability
Description Microsoft Windows is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft...
Microsoft Office CVE-2017-0105 Information Disclosure Vulnerability
Description Microsoft Office is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft Office 2010 32-bit edition SP2 Microsoft Office 2010 64-bit edition SP2 Microsoft...
Microsoft Office CVE-2017-0019 Memory Corruption Vulnerability
Description Microsoft Office is prone to a remote memory-corruption vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions. Technologies Affected...
Microsoft Windows Kernel CVE-2017-0103 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to gain elevated privileges. Technologies Affected Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows Server 2008 R...
Microsoft Windows Input Method Editor CVE-2016-7221 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to gain elevated system privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems...
Microsoft Windows Kernel CVE-2016-3371 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to gain elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft...
Microsoft Windows Kernel 'Win32k.sys' CVE-2016-0167 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. A local attacker can exploit this issue to execute arbitrary code in kernel mode with elevated privileges. Technologies Affected Microsoft Windows 10 for 32-bit Systems Microsof...
SA113 : January 2016 NTP Security Vulnerabilities
SUMMARY Blue Coat products using affected versions of the NTP software distribution from ntp.org are susceptible to multiple vulnerabilities. A remote attacker may exploit these vulnerabilities to set the victim's system time to an arbitrary value or cause it to become out of sync. The attacker c...
Microsoft Windows Kernel CVE-2016-0040 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code in kernel mode with elevated privileges. Technologies Affected Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Syste...
Microsoft Windows Kernel CVE-2015-6175 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code in kernel mode with elevated privileges. Technologies Affected Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems...
Microsoft Windows CVE-2015-6131 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. Successful exploits allow attackers to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will result in a denial-of-service condition. Technologies Affected Microsoft Window...
Microsoft Office CVE-2015-6094 Memory Corruption Vulnerability
Description Microsoft Office is prone to a remote memory-corruption vulnerability because it fails to properly handle objects in memory. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in...
Microsoft VBScript and JScript CVE-2015-6052 ASLR Security Bypass Vulnerability
Description Microsoft VBScript and JScript are prone to a security-bypass vulnerability. An attacker can leverage this issue to bypass certain security restrictions and execute arbitrary code by exploiting another vulnerability in the application. Technologies Affected Microsoft Internet Explorer...
Microsoft Internet Explorer and Edge CVE-2015-2485 Remote Memory Corruption Vulnerability
Description Microsoft Internet Explorer and Edge are prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently...
Microsoft Windows OpenType Fonts CVE-2015-2458 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. Successful exploits allow attackers to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will result in a denial-of-service condition. Technologies Affected Microsoft Window...
Microsoft Windows Mount Manager CVE-2015-1769 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to gain elevated privileges within the context of the affected system. Technologies Affected Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based...
Microsoft Windows Kernel 'Win32k.sys' CVE-2015-2382 Local Information Disclosure Vulnerability
Description Microsoft Windows is prone to a local information-disclosure vulnerability. An attacker can leverage this issue to disclose kernel memory and obtain sensitive information that may aid in further attacks. Technologies Affected Avaya CallPilot 4.0 Avaya CallPilot 4.0.1 Avaya CallPilot 5...
Microsoft SQL Server CVE-2015-1761 Privilege Escalation Vulnerability
Description Microsoft SQL Server is prone to a privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges. Technologies Affected Avaya Meeting Exchange - Client Registration Server 5.0 Avaya Meeting Exchange - Client Registration Server 5.0.1 Avaya Meeting...
Adobe Flash Player ActionScript 3 ByteArray Use After Free Remote Memory Corruption Vulnerability
Description Adobe Flash Player is prone to a remote memory-corruption vulnerability because of a use-after-free error. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a...
Microsoft Windows CVE-2015-1643 Remote Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a remote privilege-escalation vulnerability. An attacker can exploit this issue to gain admin privileges on a targeted system. Technologies Affected Avaya CallPilot 4.0 Avaya CallPilot 4.0.1 Avaya CallPilot 5.0 Avaya CallPilot 5.0.1 Avaya CallPilot 5.1.0...
Microsoft Internet Explorer CVE-2015-1625 Remote Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in...
Microsoft Word CVE-2015-0064 Memory Corruption Vulnerability
Description Microsoft Word is prone to a memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Technologies Affected Microsoft Office 2010 Service Pack 2...
Microsoft Internet Explorer CVE-2014-6366 Remote Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in...
Microsoft Internet Explorer CVE-2014-2810 Remote Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Successfully exploiting this issue may allow attackers to execute arbitrary code in the context of the application. Failed exploit attempts will result in denial-of-service conditions. Internet Explorer ...
Symantec Data Insight Management Console HTML Injection and Cross-Site Scripting
SUMMARY The management console for Symantec Data Insight does not sufficiently validate/sanitize arbitrary input in two separate fields within the management GUI. This could potentially allow unauthorized command execution or potential malicious redirection. AFFECTED PRODUCTS Product | Version |...
Oracle Java SE CVE-2013-2470 Memory Corruption Vulnerability
Description Oracle Java SE is prone to a memory-corruption vulnerability in Java Runtime Environment. Attackers can exploit this issue to execute arbitrary code within the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions...
IBM Lotus Notes CVE-2013-2977 Integer Overflow Vulnerability
Description IBM Lotus Notes is prone to an integer-overflow vulnerability. Successful exploits may allow attackers to execute arbitrary code in the context of affected applications. Failed exploit attempts will likely result in denial-of-service conditions. Technologies Affected IBM Lotus Notes 8...
Microsoft Windows 'Win32k.sys' CVE-2013-1283 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to gain elevated privileges and to read arbitrary amounts of kernel memory. Technologies Affected Avaya Aura Conferencing 6.0 SP1 Standard Avaya Aura Conferencing 6.0.0...
Adobe Acrobat And Reader CVE-2013-0641 Remote Code Execution Vulnerability
Description Adobe Acrobat and Reader are prone to an unspecified remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the affected application or to crash the application. Little information is available for this issue. We will...
Microsoft Remote Desktop Protocol CVE-2012-2526 Remote Code Execution Vulnerability
Description Microsoft Remote Desktop Protocol is prone to a remote code-execution vulnerability. Successful exploits will allow the attacker to execute arbitrary code in the context of the affected process. This may facilitate a complete system compromise. Failed attacks may cause denial-of-servi...
Oracle Java SE and Java for Business CVE-2010-0094 Remote Java Runtime Environment Vulnerability
Description Oracle Java SE and Java for Business are prone to a remote vulnerability in Java Runtime Environment. The vulnerability can be exploited over multiple protocols. An attacker does not require privileges to exploit this vulnerability. This vulnerability affects the following supported...
Microsoft GDI+ WMF Image File Buffer Overflow Vulnerability
Description Microsoft GDI+ is prone to a buffer-overflow vulnerability because the vector graphics linked library improperly allocates memory when parsing WMF image files. Successfully exploiting this issue would allow an attacker to corrupt memory and execute arbitrary code in the context of the...
IBM Lotus Domino HTTP Redirect Buffer Overflow Vulnerability
...
Session Hijacking Vulnerability in ProxySG and ASG
Summary The ASG and ProxySG management consoles are susceptible to a session hijacking vulnerability. A remote attacker, with access to the appliance management interface, can hijack the session of a currently logged-in user and access the management console. Affected Products Advanced Secure...
Symantec Endpoint Protection Multiple Issues
Summary Symantec has released updates to address issues that were discovered in the Symantec Endpoint Protection SEP, Symantec Endpoint Protection Manager SEPM, and Symantec Endpoint Protection Small Business Edition SEP SBE products. At this time, Symantec is not aware of any exploitations or...
SAP Disclosure Management CVE-2020-6303 Input Validation Security Vulnerability
Description SAP Disclosure Management is prone to a security vulnerability because it fails to properly sanitize user-supplied input. An attacker may exploit this issue to obtain sensitive information, access or modify data within the context of the affected application; this may aid in further...
Microsoft Windows Common Log File System CVE-2020-0634 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Window...
OpenBSD CVE-2019-19726 Local Privilege Escalation Vulnerability
Description OpenBSD is prone to a local privilege escalation vulnerability. A local attacker can exploit this issue to gain elevated privileges. OpenBSD versions 6.1, 6.2, 6.5 and 6.6 are vulnerable. Other versions may also be affected. Technologies Affected OpenBSD Openbsd 6.1 OpenBSD Openbsd 6....
Google Chrome Prior to 79.0.3945.117 Use After Free Vulnerability
Description Google Chrome is prone to a use-after-free vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the browser, or cause denial-of-service conditions. Versions prior to Chrome 79.0.3945.117 are vulnerable. Technologies Affected Google Chrome 0.1.38....
Symantec Critical System Protection CVE-2019-18374 Unspecified Authentication Bypass Vulnerability
Description Symantec Critical System Protection is prone to an unspecified authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. Symantec Critical System Protection CSP...
Microsoft Azure Stack CVE-2019-1234 Spoofing Vulnerability
Description Microsoft Azure Stack is prone to a security vulnerability that may allow attackers to conduct spoofing attacks. An attacker can exploit this issue to conduct spoofing attacks and perform unauthorized actions; other attacks are also possible. Technologies Affected Microsoft Azure Stac...
Microsoft Internet Explorer VBScript Engine CVE-2019-1390 Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the current user. Failed exploit attempts may result in a denial of service condition. Internet explorer 9, 10, and 11 are...
libarchive CVE-2019-18408 Arbitrary Code Execution Vulnerability
Description libarchive is prone to an arbitrary code-execution vulnerability. Attackers may leverage this issue to execute arbitrary code on the affected system. Failed attacks will cause denial-of-service conditions. Technologies Affected Ubuntu Ubuntu Linux 14.04 ESM Ubuntu Ubuntu Linux 16.04 L...
Broadcom Brocade SANnav CVE-2019-16206 Information Disclosure Vulnerability
Description Broadcom Brocade SANnav is prone to an information disclosure vulnerability Successfully exploiting this issue may allow an attacker to obtain sensitive information that may aid in further attacks or cause a denial-of-service condition. Versions prior to Brocade SANnav 2.0 are...
Cisco Expressway Series and Telepresence VCS CVE-2019-12705 Cross Site Scripting Vulnerability
Description Cisco Expressway Series and Telepresence Video Communication Server VCS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting us...
Oracle Java SE/Java SE Embedded CVE-2019-2973 Remote Security Vulnerability
Description Oracle Java SE and Java SE Embedded are prone to a remote security vulnerability. The vulnerability can be exploited over Multiple protocols. This issue affects the 'JAXP' component. This vulnerability affects the following supported versions: Java SE: 7u231, 8u221, 11.0.4, 13; Java S...