6867 matches found
Microsoft Silverlight CVE-2013-3896 Information Disclosure Vulnerability
Description Microsoft Silverlight is prone to an information-disclosure vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a malicious webpage. Successful exploits will allow attackers to gain access to potentially sensitive information that may aid in furthe...
Microsoft SharePoint CVE-2013-3180 Cross Site Scripting Vulnerability
Description Microsoft SharePoint is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may...
Symantec Security Information Manager Console Security Issues
SUMMARY Symantec's Security Information Manager SSIM management console is susceptible to multiple security issues. Successful exploitation could result in potential cookie stealing, session hijacking, unauthorized disclosure of sensitive application information and potential for unauthorized...
Microsoft Internet Explorer Shift JIS Character CVE-2013-0015 Information Disclosure Vulnerability
Description Microsoft Internet Explorer is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Internet Explorer 6, 7, 8, and 9 are vulnerable. Technologies Affected Avaya Aura Conferencing 6.0 Avaya...
Microsoft .NET Framework CVE-2013-0001 Information Disclosure Vulnerability
Description The Microsoft .NET Framework is prone to a remote information-disclosure vulnerability. Attackers can exploit this issue to bypass certain Code Access Security CAS restrictions and obtain sensitive information from the target system that may aid in further attacks. Technologies Affect...
Microsoft .NET Framework CVE-2012-4776 Remote Code Execution Vulnerability
Description Microsoft .NET Framework is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts will likely result in a denial-of-service condition. Technologies...
Microsoft Windows Briefcase CVE-2012-1528 Integer Overflow Remote Code Execution Vulnerability
Description Microsoft Windows Briefcase is prone to a a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed attempts may trigger a denial-of-service condition. Technologies...
Microsoft SharePoint CVE-2012-1863 Cross Site Scripting Vulnerability
Description Microsoft SharePoint is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may...
Microsoft Internet Explorer And Microsoft Lync HTML Sanitizing Information Disclosure Vulnerability
Description Microsoft Internet Explorer and Microsoft Lync are prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft Groove Server 2010 Microsoft Groove Server 2010 SP1...
Microsoft PowerPoint CVE-2011-3396 DLL Loading Arbitrary Code Execution Vulnerability
Description Microsoft PowerPoint is prone to vulnerability that lets attackers execute arbitrary code. An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location which contains a specially crafted Dynamic Link...
Microsoft Windows Kernel '.fon' Font File Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a malformed file on a remote network share. Successful exploits can allow attackers to execute arbitrary code with kernel-level...
Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1883) Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel due to a use-after-free error. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete...
Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1875) Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel due to a use-after-free error. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete...
Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-0677) Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel due to a NULL-pointer dereference. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete...
Microsoft Windows CVE-2010-3941 'Win32k.sys' Double Free Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the 'Win32k.sys' Windows kernel-mode driver. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromi...
Microsoft PowerPoint 'PP7X32.DLL' (CVE-2010-2572) Remote Heap-Based Buffer Overflow Vulnerability
Description Microsoft PowerPoint is prone to a remote heap-based buffer-overflow vulnerability. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application. Failed exploit attempts will cause a denial-of-service condition. Technologies...
Adobe Flash Player CVE-2010-3648 Remote Memory Corruption Vulnerability
Description Adobe Flash Player is prone to a remote memory corruption vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. NOTE: This iss...
Adobe Flash Player CVE-2010-2884 Unspecified Remote Code Execution Vulnerability
Description Adobe Flash Player is prone to an unspecified remote code-execution vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks may cause denial-of-service conditions. Adobe Flash Player 10.1.82.76...
Adobe Flash Player, Reader, and Acrobat 'authplay.dll' Remote Code Execution Vulnerability
Description Adobe Flash Player, Reader, and Acrobat are prone to a remote code execution vulnerability. Adobe reports that this vulnerability is being exploited in the wild. This vulnerability is present in the following versions: Flash Player 10.0.45.2, 9.0.262, and earlier Flash Player 10.0.x a...
Oracle Java Runtime Environment 'HsbParser.getSoundBank()' Remote Heap Buffer Overflow Vulnerability
Description Oracle Java SE and Java for Business are prone to a remote heap-based buffer-overflow vulnerability affecting the Java Runtime Environment JRE. Attackers can exploit this issue to execute arbitrary code within the context of the user invoking the JRE. Versions prior to Java 5.0 Update...
Microsoft Windows Help File Unspecified Heap Overflow Vulnerability
Description The Microsoft Windows Help File viewer is reported prone to a heap-overflow vulnerability because it fails to perform boundary checks before copying user-supplied data into insufficiently sized memory buffers. This vulnerability presents itself when the application handles a specially...
Oracle Hospitality Suites Management CVE-2020-2697 Local Security Vulnerability
Description Oracle Hospitality Suites Management is prone to a local security vulnerability. The vulnerability can be exploited over the 'HTTP' protocol. The 'Request Tracker' package is affected. This vulnerability affects the following supported versions: 3.7, 3.8 Technologies Affected Oracle...
Oracle E-Business Suite CVE-2020-2666 Remote Security Vulnerability
Description Oracle E-Business Suite is prone to a remote security vulnerability in 'Oracle Applications Framework' product. These vulnerabilities can be exploited over the 'HTTP' protocol. The 'Attachments / File Upload' component is affected. This vulnerability affects the following supported...
Microsoft Windows Hyper-V CVE-2020-0617 Denial of Service Vulnerability
Description Microsoft Windows is prone to a denial of service vulnerability. An attacker can exploit this issue to crash the host machine, resulting in a denial of service condition. Technologies Affected Microsoft Hyper-V Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows ...
Mozilla Firefox and Firefox ESR CVE-2019-17015 Memory Corruption Vulnerability
Description Mozilla Firefox and Firefox ESR are prone to a memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. This issue is fixed in:...
SQLite CVE-2019-19926 Incomplete Fix Denial of Service Vulnerability
Description SQLite is prone to a denial of service vulnerability. Attackers can exploit this issue to cause denial-of-service conditions. SQLite 3.30.1 is vulnerable; other versions may also be affected. Technologies Affected SQLite SQLite 3.30.1 Recommendations Block external access at the netwo...
SQLite CVE-2019-19880 Denial of Service Vulnerability
Description SQLite is prone to a denial of service vulnerability. Attackers can exploit this issue to cause denial-of-service conditions. SQLite 3.30.1 is vulnerable; other versions may also be affected. Technologies Affected SQLite SQLite 3.30.1 Recommendations Block external access at the netwo...
Intel Rapid Storage Technology CVE-2019-14568 Local Privilege Escalation Vulnerability
Description Intel Rapid Storage Technology is prone to a local privilege-escalation vulnerability. An attackers may exploit this issue to gain elevated privileges. Versions prior to Intel Rapid Storage Technology 17.7.0.1006 are vulnerable. Technologies Affected Intel Rapid Storage Technology...
Apple iOS/iPadOS/watchOS/macOS CVE-2019-8856 Security Vulnerability
Description Apple iOS/iPadOS/watchOS/macOS are prone to a security vulnerability. Attackers can exploit this issue to bypass security restrictions and perform unauthorized actions. Technologies Affected Apple Ipad Mini- Apple Watch Apple iOS 10 Apple iOS 10.0.1 Apple iOS 10.1 Apple iOS 10.2 Apple...
Broadcom CA Nolio CVE-2019-19230 Deserialization Remote Code Execution Vulnerability
Description Broadcom CA Nolio is prone to a remote-code execution vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions. Broadcom CA Nolio version 6.6 is...
Kubernetes API Server CVE-2018-1002102 Open Redirection Vulnerability
Description Kubernetes API Server is prone to an open-redirection vulnerability. An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in...
BMC Remedy Smart Reporting CVE-2019-11216 XML External Entity Injection Vulnerability
Description BMC Remedy Smart Reporting is prone to an XML External Entity injection vulnerability. Attackers can exploit this issue to obtain potentially sensitive information or cause a denial-of-service condition. This may lead to further attacks. BMC Remedy Smart Reporting versions 9.1.03.001,...
Ansible CVE-2019-14905 OS Command Injection Vulnerability
Description Ansible is prone to an OS command-injection vulnerability. An attacker may exploit this issue to inject and execute arbitrary commands within the context of the affected application; this may aid in further attacks. Versions prior to Ansible 2.9.2, 2.8.8 and 2.7.16 are vulnerable...
IBM Sterling B2B Integrator CVE-2019-4387 SQL Injection Vulnerability
Description IBM Sterling B2B Integrator is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying...
Kaspersky Protection extension for Google Chrome CVE-2019-15684 Unauthorized Access Vulnerability
Description Kaspersky Protection extension for Google Chrome is prone to an unauthorized-access vulnerability. Attackers can exploit this issue to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. Kaspersky Protection extension for Google Chrome versions...
Microsoft Windows Graphics Component CVE-2019-1433 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to gain elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft...
Microsoft Office CVE-2019-1402 Local Information Disclosure Vulnerability
Description Microsoft Office is prone to a local information-disclosure vulnerability. A local attacker can leverage this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft Office 2010 32-bit edition SP2 Microsoft Office 2010 64-bit edition SP2...
Microsoft Windows AppX Deployment Extensions CVE-2019-1385 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges. Technologies Affected Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft...
Microsoft Windows TCP/IP CVE-2019-1324 Information Disclosure Vulnerability
Description Microsoft Windows is prone to a information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Versio...
Fortinet FortiExtender CVE-2019-15710 OS Command Injection Vulnerability
Description Fortinet FortiExtender is prone to an OS command-injection vulnerability because it fails to properly sanitize user-supplied input. An attacker may exploit this issue to inject and execute arbitrary commands within the context of the affected application; this may aid in further...
Adobe Acrobat and Reader CVE-2019-8238 Information Disclosure Vulnerability
Description Adobe Acrobat and Reader are prone to information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. Technologies Affected Adobe Acrobat 2017.008.30051 Adobe Acrobat 2017.011.30059 Adobe Acrobat...
Oracle Hyperion Data Relationship Management CVE-2019-2927 Remote Security Vulnerability
Description Oracle Hyperion Data Relationship Management is prone to a remote security vulnerability. The vulnerability can be exploited over HTTP protocol. This issue affects the 'Access and Security' component. This vulnerability affects the following supported versions: 11.1.2.4 Technologies...
Oracle Retail Customer Management and Segmentation Foundation Remote Security Vulnerability
Description Oracle Retail Customer Management and Segmentation Foundation is prone to a remote security vulnerability. The vulnerability can be exploited over the 'HTTP' protocol. The 'Segment' component is affected. This vulnerability affects the following supported versions: 17.0 Technologies...
Apple Swift CVE-2019-8790 Information Disclosure Vulnerability
Description Apple Swift is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Apple Swift 3.0 Apple Swift 3.0.1 Apple Swift 3.0.2 Apple Swift 3.1 Apple Swift 3.1.1 Apple Swift 4....
Juniper Junos CVE-2019-0055 Denial of Service Vulnerability
Description Juniper Junos is prone to a denial-of-service vulnerability. An attacker may exploit this issue to cause denial-of-service conditions. Technologies Affected Juniper Junos 12.3X48 Juniper Junos 12.3X48-D10 Juniper Junos 12.3X48-D15 Juniper Junos 12.3X48-D20 Juniper Junos 12.3X48-D25...
Microsoft Windows Update Client CVE-2019-1337 Information Disclosure Vulnerability
Description Microsoft Windows Update Client is prone to an information-disclosure vulnerability. An attacker can leverage this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10...
McAfee Endpoint Security CVE-2019-3653 Unauthorized Access Vulnerability
Description McAfee Endpoint Security is prone to an unauthorized-access vulnerability. Attackers can exploit this issue to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. McAfee Endpoint Security ENS versions prior to 10.6.1 October 2019 Update are...
Palo Alto Networks Zingbox Inspector CVE-2019-1584 Remote Code Execution Vulnerability
Description Palo Alto Networks Zingbox Inspector is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the affected system. Palo Alto Networks Zingbox Inspector version 1.293 and prior are vulnerable. Technologies...
Npmjs 'csv-parse' Module CVE-2019-17592 Denial of Service Vulnerability
Description Npmjs 'csv-parse' module is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause a denial-of-service condition. Versions prior to csv-parse module 4.4.6 are vulnerable; other versions may also be affected. Technologies Affected Npmjs csv-parse 0.1.0...
Microsoft Windows JET Database Engine CVE-2019-1243 Remote Code Execution Vulnerability
Description Microsoft Windows JET Database Engine is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of an affected system. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10...