6867 matches found
Microsoft Windows Defender Firewall CVE-2019-0637 Local Security Bypass Vulnerability
Description Microsoft Windows is prone to a local security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks. Technologies Affected Microsoft Windows 10 Version 1709 for ARM64-based...
Microsoft SQL Server CVE-2015-1763 Remote Code Execution Vulnerability
Description Microsoft SQL Server is prone to a remote code-execution vulnerability. Successful exploits can allow attackers to execute arbitrary code within the affected system. Failed exploit attempts may result in a denial-of-service condition. Technologies Affected Avaya Meeting Exchange -...
Microsoft Windows LNK CVE-2017-8464 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to execute arbitrary code on the target system. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit...
Microsoft SharePoint CVE-2012-1862 URI Redirection Vulnerability
Description Microsoft SharePoint is prone to an open-redirection vulnerability because the application fails to properly sanitize user-supplied input. An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link,...
Microsoft Windows Search CVE-2017-8543 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to execute arbitrary code on the target system. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit...
Mozilla Firefox and Firefox ESR CVE-2019-11708 Security Bypass Vulnerability
Description Mozilla Firefox and Firefox ESR are prone to a security-bypass vulnerability. An attacker may leverage this issue to bypass certain security restrictions and perform unauthorized actions. This issue is fixed in: Firefox 67.0. Firefox ESR 60.7.2 Technologies Affected Mozilla Firefox 0....
Microsoft Windows SMB Server CVE-2017-0148 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to execute arbitrary code on the target system. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit...
Apple watchOS/iOS/iPadOS/tvOS/Safari CVE-2019-8844 Multiple Memory Corruption Vulnerabilities
Description Apple watchOS, iOS, iPadOS, tvOS and Safari are prone to multiple memory corruption vulnerabilities. A remote attacker can leverage these issues to execute arbitrary code in the context of the user running the application. Technologies Affected Apple Ipad Mini- Apple Safari 1.1.0 Appl...
Microsoft Office CVE-2017-0261 Remote Code Execution Vulnerability
Description Microsoft Office is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. Technologies Affected Microsoft...
Microsoft Word CVE-2018-8504 Remote Code Execution Vulnerability
Description Microsoft Word is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions. Technologies Affected Microsoft...
Microsoft Windows PowerShell CVE-2017-8565 Remote Code Execution Vulnerability
Description Microsoft Windows PowerShell is prone to a remote code-execution vulnerability. Successfully exploiting this issue may result in the execution of arbitrary code in the context of the affected system. Failed exploit attempts will likely result in denial-of-service conditions...
Microsoft ASP.NET Core CVE-2020-0603 Remote Code Execution Vulnerability
Description Microsoft ASP.NET Core is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions. Technologies Affected...
Microsoft Windows RPC Downgrade CVE-2016-0128 Man in the Middle Security Bypass Vulnerability
Description Microsoft Windows is prone to a security-bypass vulnerability. Successfully exploiting this issue may allow attackers to gain elevated privileges and perform unauthorized actions by conducting a man-in-the-middle attack. This may lead to other attacks. Technologies Affected Microsoft...
Microsoft SharePoint Server CVE-2019-0670 Spoofing Vulnerability
Description Microsoft SharePoint Server is prone to a security vulnerability that may allow attackers to conduct spoofing attacks. An attacker can exploit this issue to conduct spoofing attacks and perform unauthorized actions; other attacks are also possible. Technologies Affected Microsoft...
Microsoft SQL Server CVE-2016-7250 Privilege Escalation Vulnerability
Description Microsoft SQL Server is prone to a privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges. Technologies Affected Microsoft SQL Server 2014 for 32-bit Systems Service Pack 1 Microsoft SQL Server 2014 for 32-bit Systems Service Pack 2 Microsof...
Microsoft Windows Codecs Library CVE-2018-8506 Information Disclosure Vulnerability
Description Microsoft Windows Codecs Library is prone to a information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows...
Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
Description Apache MyFaces Trinidad is prone to a security vulnerability. Successfully exploiting this issue allows attackers to obtain sensitive information or execute arbitrary code in the context of the affected application. Apache MyFaces Trinidad 1.2.14-core , 1.0.13-core , 2.0.1-core and...
JQuery CVE-2019-11358 Cross Site Scripting Vulnerability
Description JQuery is prone to a cross-site-scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the...
Microsoft Windows Print Spooler CVE-2016-3238 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the affected system. Failed exploit attempts will likely result in denial of service conditions. Technologies Affected Microsoft Windows...
Oracle October 2019 Critical Patch Update Multiple Vulnerabilities
Description Oracle has released an advance notification regarding the October 2019 Critical Patch Update CPU to be released on October 15, 2019. The update addresses 240 vulnerabilities affecting the following software: Oracle Database Server, versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 19c Oracl...
Microsoft Windows CVE-2014-6352 OLE Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code and gain elevated privileges in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions...
Google Android Binder CVE-2019-2215 Local Privilege Escalation Vulnerability
Description Google Android is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to gain elevated privileges. Technologies Affected Google Android 10.0 Google Android 9.0 Google Pixel 2 Recommendations Permit local access for trusted individuals only. Wher...
Microsoft Windows Hyper-V CVE-2019-0722 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. Successful exploits allow attackers to execute arbitrary code in the context of the host operating system. Failed exploit attempts will result in a denial of service condition. Technologies Affected Microsoft Hyper-V...
Microsoft Windows 'HTTP.sys' CVE-2019-9513 Denial of Service Vulnerability
Description Microsoft Windows is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause the affected system to become unresponsive, resulting in a denial-of-service condition. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems...
FasterXML Jackson CVE-2019-10172 Multiple XML External Entity Injection Vulnerabilities
Description FasterXML Jackson is prone to multiple XML External Entity injection vulnerabilities. Attackers can exploit these issues to obtain potentially sensitive information or cause a denial-of-service condition. This may lead to further attacks. Technologies Affected FasterXML Jackson...
Microsoft Windows OLE CVE-2017-8487 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial of service conditions. Technologies Affected Microsoft...
Django CVE-2019-19844 Security Bypass Vulnerability
Description Django is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks. Technologies Affected Djangoproject Django 1.11 Djangoproject Django 1.11.1 Djangoproject...
Microsoft Office PNG File CVE-2013-1331 Buffer Overflow Vulnerability
Description Microsoft Office is prone to a remote stack-based buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue by enticing a victim to open a malicious PNG file. Successfully exploiting this issu...
Microsoft Office CVE-2017-0262 Remote Code Execution Vulnerability
Description Microsoft Office is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. Technologies Affected Microsoft...
Oracle WebLogic Server Deserialization CVE-2019-2729 Remote Code Execution Vulnerability
Description Oracle WebLogic Server is prone to a remote code-execution vulnerability. A remote attacker can leverage this issue to execute arbitrary code within the context of the affected system. Failed exploit attempts may result in a denial-of-service condition. Oracle WebLogic Server...
Microsoft Windows SMB Server CVE-2017-0277 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to execute arbitrary code on the target system. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit...
Microsoft Windows SMB Server CVE-2017-0267 Information Disclosure Vulnerability
Description Microsoft Windows is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 16...
Eclipse Jetty CVE-2017-7656 Security Vulnerability
Description Eclipse Jetty is prone to a security vulnerability. An attacker can exploit this issue to conduct an HTTP request smuggling attack and perform unauthorized actions. This may lead to further attacks. Technologies Affected Eclipse Jetty 9.2.0 Eclipse Jetty 9.3.0 Eclipse Jetty 9.4.0 HP...
Multiple CPU Hardware CVE-2018-3639 Information Disclosure Vulnerability
Description Multiple CPU Hardware are prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Technologies Affected ARM Cortex A15 ARM Cortex A57 ARM Cortex A72 IBM AIX 5.3 IBM AIX 6.1 IBM AIX 7.1 IBM Aix...
Symantec Endpoint Protection Manager Cross-Site Request Forgery and Cross-Site Scripting
SUMMARY The web console in the Symantec Endpoint Protection Manager 11.0 RU6 and maintenance packs based on RU6 are vulnerable to instances of cross-site scripting and cross-site request forgery that could lead to arbitrary code execution. AFFECTED PRODUCTS Product | Version | Build | Solutions...
Microsoft Windows Kernel 'Win32k.sys' CVE-2017-0263 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code in kernel mode with elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version...
Android-gif-drawable CVE-2019-11932 Double Free Remote Code Execution Vulnerability
Description Android-gif-drawable is prone to a remote code execution vulnerability. Attackers may leverage this issue to execute arbitrary code in the context of the device. Failed attacks will cause denial-of-service conditions. Technologies Affected Google Android 8.1 Google Android 9.0 Karol...
Microsoft Windows NetBIOS CVE-2017-0161 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of an affected system. Failed exploit attempts may result in a denial of service condition. Technologies Affected Microsoft Windows 10 Versi...
Mozilla Firefox and Firefox ESR CVE-2019-17026 Type Confusion Remote Code Execution Vulnerability
Description Mozilla Firefox and Firefox ESR are prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the application. Technologies Affected Mozilla Firefox 0.1 Mozilla Firefox 0.10.0 Mozilla Firefox 0.10.1 Mozilla Firefox 0...
Microsoft Windows MS XML CVE-2018-8494 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the current user. Failed exploit attempts will likely cause a denial-of-service condition. Technologies Affected Microsoft Windows 10 Versi...
Apache Tomcat CVE-2018-11784 Open Redirection Vulnerability
Description Apache Tomcat is prone to an open-redirection vulnerability because it fails to properly sanitize user-supplied input. An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirect...
Microsoft Office SharePoint CVE-2019-1031 Cross Site Scripting Vulnerability
Description Microsoft Office SharePoint is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This...
Microsoft NuGet Package Manager CVE-2019-0757 Tampering Security Bypass Vulnerability
Description Microsoft NuGet is prone to a security bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. Technologies Affected Microsoft .NET Core 1.0 Microsoft .NET Core 1.1 Microsoft .NET Core 2.1 Microsoft .NET Core S...
Microsoft PowerPoint CVE-2018-8501 Security Bypass Vulnerability
Description Microsoft PowerPoint is prone to a security-bypass vulnerability. An attacker can leverage this issue to bypass certain security restrictions and execute arbitrary code in the context of the affected application; this may aid in launching further attacks. Technologies Affected Microso...
SA133 : Sweet32 Birthday Attack against DES, 3DES, and Blowfish
SUMMARY Symantec Network ProtectionSy products that use the DES, 3DES, and Blowfish symmetric encryption ciphers in long-lived encrypted SSL/TLS, SSH, or VPN connections are susceptible to the Sweet32 birthday attack. A remote attacker with the ability to observe a long-lived encrypted connection...
Microsoft Windows Remote Desktop Client CVE-2020-0611 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed attacks will cause denial-of-service conditions. Technologies Affected Microsoft Windows 10 Version 1607 f...
Multiple Citrix Products CVE-2019-19781 Remote Code Execution Vulnerability
Description Multiple Citrix Products are prone to a remote code-execution vulnerability. Successfully exploiting this issue will allow attackers to execute arbitrary code within the context of the application. Technologies Affected Citrix NetScaler Gateway 10.5 Citrix NetScaler Gateway 11.1 Citri...
Microsoft Windows UPnP Service CVE-2019-1405 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Window...
Microsoft Exchange Server CVE-2019-0686 Remote Privilege Escalation Vulnerability
Description Microsoft Exchange Server is prone to a remote privilege-escalation vulnerability. Attackers can exploit this issue to gain elevated privileges. Technologies Affected Microsoft Exchange Server 2010 SP3 Update Rollup 26 Microsoft Exchange Server 2013 Cumulative Update 22 Microsoft...
Microsoft Windows DNSAPI CVE-2017-11779 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of an affected system. Failed exploit attempts may result in a denial of service condition. Technologies Affected Microsoft Windows 10 Versi...