6867 matches found
Microsoft Windows Kernel 'Win32k.sys' CVE-2015-2363 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code in kernel mode with elevated privileges. Technologies Affected Avaya CallPilot 4.0 Avaya CallPilot 4.0.1 Avaya CallPilot 5.0 Avaya CallPilot 5.0....
Microsoft Internet Explorer CVE-2015-1754 Remote Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in...
Microsoft Windows Text Services CVE-2015-0081 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. Attackers can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Technologies Affected Avaya CallPilot 4.0 Avaya...
Microsoft Internet Explorer CVE-2014-2824 Remote Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Successfully exploiting this issue may allow attackers to execute arbitrary code in the context of the application. Failed exploit attempts will result in denial-of-service conditions. Internet Explorer ...
Microsoft Windows Kernel 'Win32k.sys' CVE-2014-1819 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code with elevated privileges and gain access to kernel memory. Technologies Affected Avaya Aura Conferencing 6.0 SP1 Standard Avaya Aura Conferencing...
Microsoft .NET Framework CVE-2014-0253 Remote Denial of Service Vulnerability
Description Microsoft .NET Framework is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause an ASP.NET server to become unresponsive, denying service to legitimate users. Technologies Affected Avaya Aura Conferencing 6.0 SP1 Standard Avaya Aura...
Microsoft Excel CVE-2013-3159 XML Files Handling Information Disclosure Vulnerability
Description Microsoft Excel is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft Excel 2003 SP3 Microsoft Excel 2007 SP3 Microsoft Excel 2010 SP1 32-bit editions...
Oracle Java SE CVE-2013-2460 Remote Java Runtime Environment Vulnerability
Description Oracle Java SE is prone to a remote vulnerability in Java Runtime Environment. An attacker can exploit this issue to bypass sandbox restrictions and execute arbitrary code in the context of the application. This vulnerability affects the following supported versions: 7 Update 21...
Microsoft SharePoint CVE-2012-1861 HTML Injection Vulnerability
Description Microsoft SharePoint is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication...
Microsoft Excel Memory Corruption CVE-2012-0143 Remote Code Execution Vulnerability
Description Microsoft Excel is prone to a remote code-execution vulnerability due to a memory-corruption error. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Excel file. Successful exploits may allow attackers to execute arbitrary code with the...
Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-2011) Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel due to a use-after-free error. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete...
Microsoft Exchange Server TNEF Decoding Remote Code Execution Vulnerability
Description Microsoft Exchange Server is prone to a remote code-execution vulnerability. Remote attackers may exploit this issue by sending maliciously constructed TNEF-encoded email data to vulnerable servers. This issue will be triggered when a user views or previews the malicious email...
Oracle iLearning CVE-2020-2709 Remote Security Vulnerability
Description Oracle iLearning is prone to a remote security vulnerability. The vulnerability can be exploited over the 'HTTP' protocol. The 'Learner Pages' component is affected. This vulnerability affects the following supported versions: 6.1 Technologies Affected Oracle iLearning 6.1...
Microsoft Excel CVE-2020-0653 Remote Code Execution Vulnerability
Description Microsoft Excel is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions. Technologies Affected Microsoft...
Microsoft Windows Search Indexer CVE-2020-0632 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code with elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for...
Fortinet FortiSIEM CVE-2019-16153 Hardcoded Credentials Vulnerability
Description Fortinet FortiSIEM is prone to a hard-coded credentials vulnerability. An attacker can exploit this issue to gain unauthorized access to the vulnerable device and perform unauthorized actions. Versions prior to Fortinet FortiSIEM 5.2.6 are vulnerable. Technologies Affected Fortinet...
Multiple VMware Products CVE-2019-5539 DLL Loading Local Privilege Escalation Vulnerability
Description Multiple VMware products are prone to a local privilege-escalation vulnerability. A local attacker can leverage this issue to gain administrator privileges on the machine. The following VMware products are affected: Workstation version 15.x is vulnerable Horizon View Agent version 7.x...
Microsoft Windows Kernel CVE-2019-1474 Local Information Disclosure Vulnerability
Description Microsoft Windows is prone to a local information-disclosure vulnerability. A local attacker can leverage this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version...
Adobe ColdFusion CVE-2019-8256 Remote Privilege Escalation Vulnerability
Description Adobe ColdFusion is prone to a remote privilege-escalation vulnerability. An attacker may exploit this issue to gain elevated privileges. Successful exploits may aid in further attacks. Technologies Affected Adobe ColdFusion 10 Adobe ColdFusion 10 Update 1 Adobe ColdFusion 10 Update 1...
Linux kernel CVE-2019-19318 Use After Free Local Denial of Service Vulnerability
Description Linux kernel is prone to a local denial-of-service vulnerability. An attacker can exploit this issue to crash the system, denying service to legitimate users. Linux kernel version 5.3.11 is vulnerable. Technologies Affected Linux kernel 5.3.11 Recommendations Permit local access for...
Cisco Small Business RV Series Routers CVE-2019-15990 Information Disclosure Vulnerability
Description Cisco Small Business RV Series Routers are prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCvq76840. Technologies Affected Cisco RV016...
SAP Diagnostics Agent CVE-2019-0390 Information Disclosure Vulnerability
Description SAP Diagnostics Agent is prone to an unspecified information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. SAP Diagnostic Agent LM-Service version 7.20 is vulnerable; other versions may also be...
Cisco Wireless LAN Controller CVE-2019-15276 Denial of Service Vulnerability
Description Cisco Wireless LAN Controller is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause a restart to the device, resulting in denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCvp92098. Technologies Affected Cisco Wireles...
Xen CVE-2019-18425 Privilege Escalation Vulnerability
Description Xen is prone to a privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges, obtain sensitive information or cause denial-of-service conditions. Technologies Affected Citrix Hypervisor 8.0 Citrix XenServer 7.0 Citrix XenServer 7.1 LTSR CU2 Citr...
Oracle MySQL Server CVE-2019-2948 Remote Security Vulnerability
Description Oracle MySQL Server is prone to a remote security vulnerability in 'Server: Optimizer' component. The vulnerability can be exploited over the 'MySQL' protocol. This vulnerability affects the following supported versions: 5.7.26 and prior, 8.0.16 and prior Technologies Affected Oracle...
Oracle Java SE/Java SE Embedded CVE-2019-2981 Remote Security Vulnerability
Description Oracle Java SE and Java SE Embedded are prone to a remote security vulnerability. The vulnerability can be exploited over Multiple protocols. This issue affects the 'JAXP' component. This vulnerability affects the following supported versions: Java SE: 7u231, 8u221, 11.0.4, 13; Java S...
Microsoft Edge Chakra Scripting Engine CVE-2019-1308 Remote Memory Corruption Vulnerability
Description Microsoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft ChakraCore Microsoft...
Linux Kernel Multiple Memory Leak Denial of Service Vulnerabilities
Description Linux Kernel is prone to multiple denial-of-service vulnerabilities. Successful exploitation of these issues may cause excessive memory consumption, resulting in denial-of-service conditions. Linux kernel versions through 5.3.11 are vulnerable. Technologies Affected Linux kernel 2.6.0...
Microsoft Windows Win32k CVE-2019-1256 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code in kernel mode with elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version...
Microsoft Windows DHCP Client CVE-2019-0736 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. Successfully exploiting this issue may result in the execution of arbitrary code in the context of the affected system. Failed exploit attempts will likely result in denial-of-service conditions. Technologies Affecte...
Microsoft Windows Remote Desktop Protocol CVE-2019-1223 Denial of Service Vulnerability
Description Microsoft Windows Remote Desktop Protocol is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause the target service to stop responding, denying service to legitimate users. Technologies Affected Microsoft Windows 10 Version 1803 for 32-bit Systems...
Microsoft Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability
Description Microsoft Azure DevOps Server and Team Foundation Server are prone to an remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the DevOps or TFS service account. Failed exploit attempts will likely result in denial of...
Microsoft Windows 'DirectWrite' API CVE-2019-1097 Information Disclosure Vulnerability
Description Microsoft Windows is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 16...
Microsoft Internet Explorer and Edge Scripting Engine Remote Memory Corruption Vulnerability
Description Microsoft Internet Explorer and Edge are prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsof...
Linux Kernel CVE-2019-18805 Integer Overflow Vulnerability
Description Linux Kernel is prone to an integer overflow vulnerability. An attacker can exploit this issue to cause denial-of-service conditions. Given the nature of this issue, attackers may also be able to execute arbitrary code, but this has not been confirmed. Versions prior to Linux kernel...
Microsoft Windows Common Control Library CVE-2019-0765 Remote Code Execution Vulnerability
Description Microsoft Windows Common Control Library 'Comctl32.dll' is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service...
Microsoft Edge Chakra Scripting Engine CVE-2019-0644 Remote Memory Corruption Vulnerability
Description Microsoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft ChakraCore Microsoft...
Microsoft Windows DirectX Graphics Kernel CVE-2018-8401 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to run processes with elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Syste...
Microsoft PowerPoint CVE-2018-8376 Remote Code Execution Vulnerability
Description Microsoft PowerPoint is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions. Technologies Affected...
Apache Axis CVE-2018-8032 Cross-Site Scripting Vulnerability
Description Apache Axis is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the...
Microsoft Wireless Display Adapter CVE-2018-8306 Command Injection Vulnerability
Description Microsoft Wireless Display Adapter is prone to a command-injection vulnerability. An attacker may exploit this issue to inject and execute arbitrary commands within the context of the affected application; this may aid in further attacks. Technologies Affected Microsoft Wireless Displ...
SA160: Return of the Bleichenbacher Oracle Threat (ROBOT)
SUMMARY Symantec Network Protection products using affected SSL/TLS server implementations and RSA key exchange are susceptible to a variation of the Bleichenbacher adaptive chosen ciphertext attack. A remote attacker, who has captured a pre-recorded encrypted SSL session to the target, can...
Microsoft InfoPath CVE-2018-8173 Remote Code Execution Vulnerability
Description Microsoft InfoPath is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions. Technologies Affected Microso...
Microsoft Excel CVE-2018-1029 Remote Code Execution Vulnerability
Description Microsoft Excel is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions. Technologies Affected Microsoft...
Microsoft Windows Kernel CVE-2018-0757 Local Information Disclosure Vulnerability
Description Microsoft Windows is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version...
SA155: Multiple ASG and ProxySG Vulnerabilities
SUMMARY The Symantec ASG and ProxySG management consoles are susceptible to multiple vulnerabilities. A remote attacker can, under certain circumstances, obtain sensitive authentication credential information, redirect target users to malicious sites, and inject arbitrary JavaScript code into the...
Microsoft SharePoint Server CVE-2018-0790 Remote Privilege Escalation Vulnerability
Description Microsoft SharePoint Server is prone to a remote privilege-escalation vulnerability because it fails to properly sanitize user-supplied input. An attackers may exploit this issue to gain elevated privileges. Successful exploits may aid in further attacks. Technologies Affected Microso...
Microsoft Windows Kernel CVE-2018-0746 Local Information Disclosure Vulnerability
Description Microsoft Windows is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version...
Microsoft Office CVE-2017-11876 Cross Site Request Forgery Vulnerability
Description Microsoft Office is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions in the context of the affected application. Other attacks are also possible. Technologies Affected Microsoft Project Serve...
Microsoft Windows Search CVE-2017-11788 Remote Denial of Service Vulnerability
Description Microsoft Windows is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microso...