6867 matches found
Microsoft Internet Explorer CVE-2014-0298 Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a memory-corruption vulnerability due to a use-after-free condition. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Technologies...
Microsoft Windows Kernel 'dxgkrnl.sys' CVE-2013-3888 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that is related to DirectX Graphics Kernel Subsystem. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromise of...
Microsoft Windows Kernel 'Win32k.sys' CVE-2013-1343 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromise of the affected...
Microsoft SharePoint CVE-2013-0081 Denial of Service Vulnerability
Description Microsoft SharePoint is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause the application to become unresponsive, denying service to legitimate users. Technologies Affected Microsoft SharePoint Foundation 2010 SP1 Microsoft SharePoint Foundation...
Microsoft Internet Explorer CVE-2013-3184 Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Microsoft Internet Explorer 7, 8, 9, and 10 are...
Symantec Encryption Management Server Web Email Protection XSS
SUMMARY Symantec's Encryption Management Server, previously PGP Universal Server, is susceptible to a cross-site scripting XSS issue, in the web management interface of the server. The XSS issue is in the Web Email Protection component. This issue could allow an authenticated Web Email Protection...
Microsoft Windows Kernel CVE-2013-1284 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to gain elevated privileges and read arbitrary amounts of kernel memory. Technologies Affected Avaya CallPilot Avaya Communication Server 1000 Telephony Manager Avaya...
Microsoft DirectShow CVE-2013-0077 Remote Code Execution Vulnerability
Description Microsoft DirectShow is prone to a remote code-execution vulnerability. Successful exploits allow remote attackers to execute arbitrary code in the context of the user running an application that uses DirectShow. Failed exploit attempts will result in a denial-of-service condition...
Microsoft Windows Kernel CVE-2013-1279 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromise of affected computers. Failed exploit attempts may cause...
Microsoft Windows 'Win32k.sys' CVE-2013-1266 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to gain elevated privileges and to read arbitrary amounts of kernel memory. Technologies Affected Avaya CallPilot 4.0 Avaya CallPilot 4.0.1 Avaya CallPilot 5.0 Avaya...
Microsoft Exchange Server RSS Feed Remote Denial of Service Vulnerability
Description Microsoft Exchange Server is prone to a remote denial-of-service vulnerability. Successful exploits will allow attackers to cause the affected computer to become unresponsive, denying service to legitimate users. Technologies Affected Microsoft Exchange Server 2007 SP 1 Microsoft...
Symantec Endpoint Protection Management Consoles Multiple Issues
SUMMARY The management console in Symantec Endpoint Protection Manager SEPM and Symantec Protection Center SPC for SEP 12.0 Small Business Edition, contains PHP scripts that do not properly validate external input. This could potentially result in remote code execution. Symantec Network Access...
Microsoft .NET Framework CVE-2012-1895 Security Bypass Vulnerability
Description Microsoft .NET Framework is prone to a security-bypass vulnerability. An attacker can exploit this vulnerability to bypass certain Code Access Security CAS restrictions and gain elevated privileges. Technologies Affected Avaya CallPilot 4.0 Avaya CallPilot 4.0.1 Avaya CallPilot 5.0...
Symantec Messaging Gateway Security Issues
SUMMARY Symantec's Messaging Gateway management console is susceptible to several security issues including cross-site scripting/cross-site request forgery, an SSH account with a default password, file downloads and potential web application modifications. Successful exploitation could result in...
Microsoft GDI+ CVE-2012-0167 EMF Image Processing Buffer Overflow Vulnerability
Description Microsoft GDI+ is prone to a remote heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized buffer. An attacker can exploit this issue to execute arbitrary code with the privileges of the...
Microsoft Windows Media Player 'winmm.dll' MIDI File Parsing Remote Buffer Overflow Vulnerability
Description Microsoft Windows Media Player is prone to a remote heap-based buffer-overflow vulnerability when handling specially crafted media content. An attacker can exploit this issue by enticing an unsuspecting user to view a malicious webpage. Successful exploits will allow the attacker to...
Microsoft Windows Kernel Invalid Trap-Frame CVE-2011-2018 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromise of affected computers...
Microsoft Windows TCP/IP QOS CVE-2011-1965 Remote Denial Of Service Vulnerability
Description Microsoft Windows is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to restart the affected system, therefore denying service to legitimate users. Technologies Affected Microsoft Windows 7 for 32-bit Systems Microsoft Windows 7 for 32-bit Systems...
Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1876) Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel due to a use-after-free error. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete...
Multi-Vendor Autonomy Verity Keyview PRZ Reader Filter Overflow
SUMMARY Symantec products that ship with the Verity KeyView Filter have updated the module to address a security issue being reported in the content filter processing of specifically crafted document formats. AFFECTED PRODUCTS Product | Version | Build | Solutions ---|---|---|--- Symantec Mail...
Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1225) Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel due to a NULL-pointer dereference. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete...
Microsoft Word Index Value Parsing (CVE-2010-3219) Remote Code Execution Vulnerability
Description Microsoft Word is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Word file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the...
Microsoft Hierarchical FlexGrid ActiveX Control Memory Corruption Vulnerability
Description Microsoft Hierarchical FlexGrid ActiveX control is prone to a remote memory-corruption vulnerability. Remote attackers can exploit this issue to execute arbitrary code in the context of the application using the ActiveX control typically Internet Explorer. Successful exploits will...
Microsoft Office CDO Protocol Cross Site Scripting Vulnerability
Description Microsoft Office is prone to a cross-site scripting vulnerability that arises because the software fails to handle specially crafted CDO protocol URIs in a proper manner. Successfully exploiting this issue may allow an attacker to execute arbitrary script code in the browser of an...
Microsoft .NET Framework PE Loader Remote Buffer Overflow Vulnerability
Description Microsoft .NET Framework is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code in the context of a user running the application. Successful exploits ca...
Symantec Reporting Server Password Disclosure
SUMMARY The administrator password for Symantec Reporting Server could be disclosed after a failed login attempt. Risk Impact Medium Remote Access | Yes ---|--- Local Access | Yes Authentication Required | Yes Exploit publicly available | No AFFECTED PRODUCTS Affected Products Product | Affected...
Microsoft Internet Explorer Secure Sockets Layer Caching Vulnerability
Description Microsoft Internet Explorer is reported prone to a Secure Sockets Layer caching vulnerability. It is reported that arbitrary content may be cached to the computer that is viewing a malicious site when this vulnerability is exploited. This cached content will be rendered in the context...
Microsoft Exchange Outlook Web Access HTTP Response Splitting Vulnerability
Description Microsoft Exchange Outlook Web Access OWA is prone to HTTP response splitting attacks. This issue could permit hostile script to be injected into client sessions, which could gain access to properties of the OWA server and Web pages hosted on the site. It is noted that the attacker mu...
Microsoft Windows 9x / Me Share Level Password Bypass Vulnerability
Description Share level password protection for the File and Print Sharing service in Windows 95/98/ME can be bypassed. Share level access provides peer to peer networking capabilities in the Windows 9x/ME environment. It depends on password protection in order to grant or deny access to resource...
Microsoft Excel CVE-2020-0650 Remote Code Execution Vulnerability
Description Microsoft Excel is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions. Technologies Affected Microsoft...
Microsoft Windows CVE-2020-0641 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to gain elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft...
Microsoft Windows Win32k CVE-2020-0608 Local Information Disclosure Vulnerability
Description Microsoft Windows is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version...
Microsoft Windows Common Log File System CVE-2020-0615 Local Information Disclosure Vulnerability
Description Microsoft Windows is prone to a a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Versio...
Microsoft Windows GDI+ Component CVE-2020-0643 Local Information Disclosure Vulnerability
Description Microsoft Windows is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version...
Cloud Foundry Cloud Controller API CVE-2019-11294 Access Control Security Bypass Vulnerability
Description Cloud Foundry Cloud Controller API is prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass security restrictions and perform unauthorized actions; this may aid in launching further attacks. Cloud Foundry Cloud Controller API 1.88.0 is vulnerable...
IBM Spectrum Scale CVE-2019-4558 Local Privilege Escalation Vulnerability
Description IBM Spectrum Scale is prone to a local privilege-escalation vulnerability. An attacker may exploit this issue to gain root privileges. The following IBM products are affected: IBM Spectrum Scale versions 5.0.0.0 through 5.0.3.2 and 4.2.0.0 through 4.2.3.17 are vulnerable. IBM Elastic...
Multiple Intel Processors CVE-2019-14607 Multiple Security Vulnerabilities
Description Multiple Intel Processors are prone to multiple security vulnerabilities. A local attacker can leverage these issues to obtain sensitive information, gain elevated privileges and cause denial of service conditions. This may aid in further attacks. Technologies Affected Intel 6th...
Microsoft Windows Win32k CVE-2019-1469 Local Information Disclosure Vulnerability
Description Microsoft Windows is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version...
Atlassian Companion CVE-2019-15006 Security Bypass Vulnerability
Description Atlassian Companion is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions or conduct man-in-the-middle attack; this may aid in launching further attacks. Technologies Affected Atlassian...
Multiple Kaspersky Products CVE-2019-15689 DLL Loading Arbitrary Code Execution Vulnerability
Description Multiple Kaspersky Products are prone to an arbitrary code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial of service condition. The following products ar...
Linux Kernel CVE-2019-19049 Memory Leak Denial of Service Vulnerability
Description Linux Kernel is prone to a denial-of-service vulnerability. Successful exploitation of this issue will cause excessive memory consumption, resulting in a denial-of-service condition. Linux kernel versions prior to 5.3.10 are vulnerable. Technologies Affected Linux kernel 2.6.0 Linux...
TIBCO EBX Add-on CVE-2019-17331 Cross Site Scripting Vulnerability
Description TIBCO EBX Add-on is prone to a cross-site scripting vulnerability because they fail to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let t...
Microsoft Windows OpenType Fonts CVE-2019-1419 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. Successful exploits allow attackers to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will result in a denial-of-service condition. Technologies Affected Microsoft Window...
Microsoft Windows Win32k CVE-2019-1396 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code in kernel mode with elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version...
Microsoft Windows GDI CVE-2019-1439 Information Disclosure Vulnerability
Description Microsoft Windows is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 16...
phpMyAdmin CVE-2019-18622 SQL Injection Vulnerability
Description phpMyAdmin is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the...
Cisco Aironet Access Points CVE-2019-15260 Unauthorized Access Vulnerability
Description Cisco Aironet Access Points is prone to an unauthorized access vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions, gain elevated privileges. This may aid in launching further attacks. This issue is tracked by Cisc...
Cisco Aironet Access Points CVE-2019-15261 Denial of Service Vulnerability
Description Cisco Aironet Access Points is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCvk79807. Technologies Affected Cisco Aironet 1810 Series Access Points Cisco Aironet 183...
Cisco Wireless LAN Controller Software CVE-2019-15266 Local Directory Traversal Vulnerability
Description Cisco Wireless LAN Controller Software is prone to a local directory-traversal vulnerability. An attacker can exploit this issue using directory-traversal characters '../' to access or read arbitrary files that contain sensitive information or to access files outside of the restricted...
Oracle E-Business Suite CVE-2019-2990 Remote Security Vulnerability
Description Oracle E-Business Suite is prone to a remote security vulnerability in Oracle iStore. The vulnerability can be exploited over the 'HTTP' protocol. The 'Order Tracker' component is affected. This vulnerability affects the following supported versions: 12.1.1 through 12.1.3 and 12.2.3...