6867 matches found
Microsoft Edge CVE-2018-8567 Remote Privilege Escalation Vulnerability
Description Microsoft Edge is prone to a remote privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges. Technologies Affected Microsoft Edge Recommendations Block external access at the network boundary, unless external parties require service. Filter...
Microsoft SQL Server CVE-2018-8273 Remote Code Execution Vulnerability
Description Microsoft SQL Server is prone to a remote code-execution vulnerability. Successful exploits can allow attackers to execute arbitrary code within the context of the SQL Server Database Engine service account. Failed exploit attempts may result in a denial-of-service condition...
Microsoft IIS Request Header Buffer Overflow Vulnerability
Description Microsoft IIS is prone to a remote buffer-overflow vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. This issue affects IIS 7.5 on Windows 7...
Microsoft Windows CVE-2013-3900 Remote Code Execution Vulnerability
Description Microsoft Windows Authenticode Signature Verification is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting victim to run or install a specially modified signed Portable Executable PE file. Successful exploits can allow attacke...
SA136 : OpenSSH Vulnerabilities
SUMMARY Blue Coat products using affected versions of OpenSSH are susceptible to several vulnerabilities. A remote attacker, with access to the management interface, can exploit these vulnerabilities to enumerate existing user accounts and cause denial of service through excessive CPU consumption...
OpenSSH Vulnerabilities Jan-Oct 2019
Summary Symantec SWG products using affected versions of OpenSSH are susceptible to multiple vulnerabilities. A malicious SCP server or SCP man-in-the-middle MITM attacker can modify state on the SCP client host. A local attacker can cause denial of service through OpenSSH application crashes...
Microsoft Windows Task Scheduler CVE-2019-1069 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to gain elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft...
LibGD CVE-2019-6977 Heap Buffer Overflow Vulnerability
Description LibGD is prone to a heap-based buffer-overflow vulnerability. An attacker can exploit these issues to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. LibGD 2.2.5 is...
Apple Safari APPLE-SA-2019-9-26-9 Multiple security Vulnerabilities
Description Apple Safari is prone to is prone to multiple security vulnerabilities. An attacker may exploit these issues to carry out phishing-style attacks or to obtain sensitive information that may aid in further attacks. Technologies Affected Apple Safari 1.0.0 Apple Safari 1.0.0 Apple Safari...
Microsoft Windows SMB Server CVE-2017-0147 Information Disclosure Vulnerability
Description Microsoft Windows is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 16...
SQLite CVE-2019-8457 Out of Bounds Read Heap Buffer Overflow Vulnerability
Description SQLite is prone to a remote heap-based buffer-overflow vulnerability. Attackers can exploit this issue to crash the application, resulting in a denial-of-service condition. Due to the nature of this issue, arbitrary code execution may be possible but this has not been confirmed...
Microsoft Office CVE-2016-7262 Remote Code Execution Vulnerability
Description Microsoft Office is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. Technologies Affected Microsoft Exc...
EMC RSA BSAFE Crypto-C Micro and Micro Edition Suite Multiple Security Vulnerabilities
Description EMC RSA BSAFE Crypto-C Micro and Micro Edition Suite are prone to the following security vulnerabilities: 1. Multiple information disclosure vulnerabilities 2. A denial-of-service vulnerability 3. A heap buffer overflow vulnerability An attacker can exploit these issues to gain...
Microsoft SQL Server CVE-2019-1068 Remote Code Execution Vulnerability
Description Microsoft SQL Server is prone to a remote code-execution vulnerability. Successful exploits can allow attackers to execute arbitrary code within the context of the SQL Server Database Engine service account. Failed exploit attempts may result in a denial-of-service condition...
Microsoft Internet Explorer and Edge CVE-2017-8529 Information Disclosure Vulnerability
Description Microsoft Internet Explorer and Edge are prone to an information disclosure vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Successful exploits will allow attackers to obtain sensitive information that may aid in...
Microsoft Windows .NET Framework CVE-2017-8759 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. Successfully exploiting this issue may allow attackers to execute arbitrary code in the context of the application. Failed exploit attempts will result in denial-of-service conditions. Technologies Affected Microsoft...
Microsoft Outlook Mailto Parameter Quoting Zone Bypass Vulnerability
Description Microsoft Outlook is prone to a vulnerability that may permit execution of arbitrary code on client systems. This issue is exposed through Outlook, but will reportedly cause Internet Explorer to load malicious content in the Local Zone. This is related to how mailto URIs are handled b...
Microsoft Office Outlook CVE-2017-11774 Security Bypass Vulnerability
Description Microsoft Office Outlook is prone to a security-bypass vulnerability because it fails to properly handle input. An attacker can leverage this issue to bypass certain security restrictions and execute arbitrary commands in the context of the affected application; this may aid in...
Microsoft Windows DirectX CVE-2018-8486 Information Disclosure Vulnerability
Description Microsoft Windows is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 16...
Symantec Security Update
Symantec Endpoint Protection, Data Center Security and Cloud Workload Protection Security Update Summary Symantec - A Division of Broadcom has released updates to address issues that were discovered in the Symantec Endpoint Protection Manager SEPM, Symantec Endpoint Protection SEP, Data Center...
SA151: ImageMagick RCE Vulnerability (ImageTragick)
SUMMARY Symantec Network Protection products using affected versions of ImageMagick are susceptible to the ImageTragick security vulnerability. A remote attacker can send crafted images and execute arbitrary code on the target. AFFECTED PRODUCTS The following products are vulnerable: Security...
Microsoft Windows Kernel CVE-2018-8330 Local Information Disclosure Vulnerability
Description Microsoft Windows is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version...
Microsoft SharePoint CVE-2017-8514 Cross Site Scripting Vulnerability
Description Microsoft SharePoint is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may...
Microsoft Windows NTFS CVE-2018-8411 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to run processes with elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Syste...
Microsoft SharePoint Server CVE-2018-8498 Remote Privilege Escalation Vulnerability
Description Microsoft SharePoint Server is prone to a remote privilege-escalation vulnerability because it fails to properly sanitize user-supplied input. An attacker may exploit this issue to gain elevated privileges. Successful exploits may aid in further attacks. Technologies Affected Microsof...
Microsoft Windows COM CVE-2017-0213 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code within the context of the application. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 16...
Microsoft Windows Subsystem for Linux CVE-2018-8329 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with elevated privileges. Technologies Affected Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for x64-based...
Apache Log4j CVE-2019-17571 Deserialization Remote Code Execution Vulnerability
Description Apache Log4j is prone to remote code-execution vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions. Apache Log4j versions through 1.2.17 are...
Microsoft SQL Server Management Studio CVE-2018-8533 Information Disclosure Vulnerability
Description Microsoft SQL Server Management Studio is prone to an information-disclosure vulnerability. An attacker can leverage this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft SQL Server Management Studio 17.9 Microsoft SQL Server...
Microsoft Internet Explorer CVE-2014-2811 Remote Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Successfully exploiting this issue may allow attackers to execute arbitrary code in the context of the application. Failed exploit attempts will result in denial-of-service conditions. Internet Explorer ...
Microsoft Edge Chakra Scripting Engine CVE-2018-8510 Remote Memory Corruption Vulnerability
Description Microsoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft ChakraCore Microsoft...
Microsoft Internet Explorer CVE-2018-8491 Remote Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Internet Explorer 11 is are vulnerable...
Microsoft Internet Explorer CVE-2018-8460 Remote Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Internet Explorer 11 is vulnerable...
Multiple Cisco Products CVE-2019-12700 Denial of Service Vulnerability
Description Multiple Cisco Products are prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause the resource exhaustion and reload the affected device, denying service to legitimate users. This issue is being tracked by Cisco bug IDs CSCvm92401, CSCvn83385...
Microsoft SharePoint Server CVE-2018-8488 Remote Privilege Escalation Vulnerability
Description Microsoft SharePoint Server is prone to a remote privilege-escalation vulnerability because it fails to properly sanitize user-supplied input. An attacker may exploit this issue to gain elevated privileges. Successful exploits may aid in further attacks. Technologies Affected Microsof...
Microsoft Windows Kernel 'Win32k.sys' CVE-2018-8453 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. A local attacker can exploit this issue to execute arbitrary code in kernel mode with elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit...
Microsoft ChakraCore Scripting Engine CVE-2018-8500 Remote Memory Corruption Vulnerability
Description Microsoft ChakraCore Scripting Engine is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsof...
Microsoft Windows SMB Server CVE-2019-0630 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to execute arbitrary code on the target system. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit...
Microsoft Office CVE-2017-11826 Memory Corruption Vulnerability
Description Microsoft Office is prone to a memory-corruption vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions. Technologies Affected Microsoft...
Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
Description Mozilla Firefox and Firefox ESR are prone to multiple security vulnerabilities. Attackers can exploit these issues to cause denial-of-service conditions, obtain sensitive information and bypass certain security restrictions and perform unauthorized actions. This may aid in further...
Microsoft Windows WCF/WIF SAML Token CVE-2019-1006 Authentication Bypass Vulnerability
Description Microsoft Windows is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and gain unauthorized access. This may lead to further attacks. Technologies Affected Microsoft .NET Framework 2.0 SP2 Microsoft .NET Framewo...
Microsoft Windows Remote Desktop Services CVE-2019-1226 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the affected system. Failed attacks will cause denial-of-service conditions. Technologies Affected Microsoft Windows 10 Version 1803 for...
GNU Bash CVE-2014-6271 Remote Code Execution Vulnerability
Description GNU Bash is prone to remote code execution vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. Technologies Affected Advantech EKI-1320 1.98...
Multiple CPU Hardware CVE-2017-5754 Information Disclosure Vulnerability
Description Multiple CPU Hardware are prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Apple Mac Os X 10.11.6 Apple iOS 11.2 Apple macOS 10.12.6 Apple macOS 10.13.2 Apple tvOS...
Microsoft SQL Server CVE-2015-1762 Remote Code Execution Vulnerability
Description Microsoft SQL Server is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of an affected system. Failed exploit attempts may result in a denial-of-service condition; this can result in the attacker gaining...
Microsoft Windows DHCP Server CVE-2019-0626 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the system account. Failed exploit attempts will likely result in denial-of-service conditions. Technologies Affected Microsoft Windows ...
CCBill WhereAmI.CGI Remote Arbitrary Command Execution Vulnerability
Description It has been reported that whereami.cgi distributed by CCBill does not properly handle some types of input. Because of this, an attacker may be able to gain access to a system with the privileges of the web server process. Technologies Affected CCBill whereami.cgi Recommendations Block...
Microsoft Visual Studio CVE-2018-1037 Information Disclosure Vulnerability
Description Microsoft Visual Studio is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft Visual Studio 2010 SP1 Microsoft Visual Studio 2012 Update 4 Microsoft Visual...
Apache Tomcat Vulnerabilities May 2020 - Mar 2021
Summary Symantec Network and Information Security NIS products using affected versions of Apache Tomcat may be susceptible to multiple vulnerabilities. A remote attacker may be able to execute arbitrary code on the target server, observe HTTP responses for other users' requests, obtain JSP source...
Adobe Flash Player CVE-2018-15982 Use After Free Remote Code Execution Vulnerability
Description Adobe Flash Player is prone to an unspecified remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition...