6867 matches found
Microsoft Windows Kernel TrueType Font Parsing CVE-2014-6317 Denial of Service Vulnerability
Description Microsoft Windows is prone to a remote denial-of-service vulnerability that occurs in the Windows kernel. A remote attacker can exploit this issue to crash the Windows kernel, denying service to legitimate users. Technologies Affected Microsoft Windows 7 for 32-bit Systems SP1 Microso...
Microsoft .NET Framework CVE-2014-4072 Remote Denial of Service Vulnerability
Description Microsoft .NET Framework is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to degrade the performance of a .NET-enabled website, causing a denial of service condition. Technologies Affected Microsoft .NET Framework 1.1 SP1 Microsoft .NET Framewor...
Castor Library CVE-2014-3004 XML External Entity Information Disclosure Vulnerability
...
Microsoft Office Token Reuse CVE-2014-1808 Information Disclosure Vulnerability
Description Microsoft Office is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft Office 2013 32-bit editions Microsoft Office 2013 64-bit editions Microsoft Office 20...
Symantec Critical System Protection for Windows Default Policy Bypass
SUMMARY Symantec Critical System Protection SCSP, Windows version, default policy settings can be susceptible to policy bypass when installed on an out-of-the-box unpatched windows server. While this is not in any way a normal installation, it could permit unauthorized access to information store...
Symantec Encryption Desktop Memory Access Violations
SUMMARY Symantecs Encryption Desktop is susceptible to memory access violations when attempting to parse specific malformed certificate files. This could result in a possible application crash if a malicious individual could entice an authorized user to successfully click on a malformed file...
Microsoft Word File Processing CVE-2014-1758 Remote Stack Buffer Overflow Vulnerability
Description Microsoft Word is prone to a remote stack-based buffer-overflow vulnerability. Successful exploits will allow attackers to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions. Technologies...
Microsoft Internet Explorer CVE-2014-0302 Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Technologies Affected Avaya Aura Conferencing 6...
Microsoft Forefront Protection for Exchange Server CVE-2014-0294 Remote Code Execution Vulnerability
Description Microsoft Forefront Protection for Exchange Server is prone to a remote code-execution vulnerability. Successful exploits will allow attackers to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service...
Microsoft Exchange Server CVE-2013-5072 Cross Site Scripting Vulnerability
Description Microsoft Exchange Server is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site...
Microsoft Word CVE-2013-3160 XML Files Handling Information Disclosure Vulnerability
Description Microsoft Word is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft Office 2003 SP1 Microsoft Office 2003 SP2 Microsoft Office 2003 SP3 Microsoft Office 20...
Microsoft Access CVE-2013-3156 Memory Corruption Vulnerability
Description Microsoft Access is prone to a memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Technologies Affected Microsoft Access 2007 SP3 Microsoft...
Microsoft Outlook CVE-2013-3870 Remote Code Execution Vulnerability
Description Microsoft Outlook is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the currently logged-in user, which can lead to a complete compromise of the affected computer. Technologies Affected Microsoft Office 20...
Microsoft Windows Active Directory CVE-2013-3868 Denial of Service Vulnerability
Description Microsoft Windows is prone to a denial-of-service vulnerability. Successful exploits may allow the attacker to cause the LDAP service to become non-responsive, resulting in denial-of-service conditions. Technologies Affected Avaya Aura Conferencing 6.0 SP1 Standard Avaya Aura...
Microsoft .NET Framework CVE-2013-3132 Remote Privilege Escalation Vulnerability
Description Microsoft .NET Framework is prone to a remote privilege-escalation vulnerability. An attacker can exploit this vulnerability to bypass certain Code Access Security CAS restrictions and gain elevated privileges. Technologies Affected Avaya CallPilot 4.0 Avaya CallPilot 4.0.1 Avaya...
Microsoft Windows 'Win32k.sys' CVE-2013-1265 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to gain elevated privileges and to read arbitrary amounts of kernel memory. Technologies Affected Avaya CallPilot 4.0 Avaya CallPilot 4.0.1 Avaya CallPilot 5.0 Avaya...
Microsoft Windows 'Win32k.sys' CVE-2013-1261 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to gain elevated privileges and to read arbitrary amounts of kernel memory. Technologies Affected Avaya CallPilot 4.0 Avaya CallPilot 4.0.1 Avaya CallPilot 5.0 Avaya...
Microsoft Windows Kernel CVE-2013-1278 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromise of affected computers. Failed exploit attempts may cause...
Microsoft Windows 'Win32k.sys' CVE-2013-1269 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to gain elevated privileges and to read arbitrary amounts of kernel memory. Technologies Affected Avaya CallPilot 4.0 Avaya CallPilot 4.0.1 Avaya CallPilot 5.0 Avaya...
Microsoft .NET Framework CVE-2012-4777 Remote Privilege Escalation Vulnerability
Description Microsoft .NET Framework is prone to a remote privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges within the application and obtain unauthorized access to the sensitive information. Technologies Affected Avaya CallPilot 4.0 Avaya CallPilo...
Microsoft Internet Explorer CVE-2012-1522 Cached Object Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Technologies Affected Avaya Conferencing...
Microsoft Windows CVE-2012-1864 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Technologies Affected...
Microsoft Internet Explorer CVE-2012-1880 'insertRow()' Method Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Technologies Affected Microsoft Internet...
Symantec Web Gateway Multiple Security Issues
SUMMARY Symantecs Web Gateway management GUI is susceptible to file include command injection/execution, file upload/execution and file download/deletion security issues. The management GUI is also susceptible to cross-site scripting XSS. Successful exploitation could result in execution of...
Microsoft Excel CVE-2012-1847 Remote Code Execution Vulnerability
Description Microsoft Excel is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Excel file. Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the...
Oracle JRockit CVE-2012-1695 Remote Security Vulnerability
Description Oracle JRockit is prone to a remote security vulnerability. The vulnerability can be exploited over the 'Multiple' protocol. This vulnerability affects the following supported versions: 28.2.2 and before: JDK/JRE 5 and 6 27.7.1 and before: JKD/JRE 5 and 6 Technologies Affected Oracle...
Microsoft Internet Explorer CVE-2012-0169 JScript9 Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks may cause denial-of-service conditions. Technologies Affected Avaya Aura Conferencin...
Microsoft SharePoint Calendar CVE-2011-0653 Cross Site Scripting Vulnerability
Description Microsoft SharePoint is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may...
Microsoft Windows NDISTAPI CVE-2011-1974 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Technologies Affected...
Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1878) Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel due to a use-after-free error. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete...
Microsoft Windows CSRSS 'AllocConsole()' Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Technologies Affected...
Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1228) Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel due to a NULL-pointer dereference. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete...
Microsoft VBScript and JScript Scripting Engines Information Disclosure Vulnerability
Description Microsoft VBScript and JScript scripting engines are prone to a remote information-disclosure vulnerability. Attackers can exploit this issue to gain access to sensitive information that may aid in further attacks. Attackers can exploit this issue by enticing an unsuspecting user to...
Microsoft Windows OpenType Font (OTF) Format Driver CVE-2010-2741 Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. Attackers may exploit this issue to execute arbitrary code with kernel-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts...
Microsoft Windows OpenType Font (OTF) Format Driver CVE-2010-2740 Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. Attackers may exploit this issue to execute arbitrary code with kernel-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts...
Microsoft Word (CVE-2010-3220) Remote Code Execution Vulnerability
Description Microsoft Word is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Word file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the...
Microsoft Internet Explorer Uninitialized Memory CVE-2010-3328 Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks will cause denial-of-service conditions. Technologies Affected Avaya Aura...
Symantec Altiris Deployment Solution and Notification Server Management Console FileDownload Vulnera
SUMMARY Symantecs Altiris Deployment Solution and Notification Server install a vulnerable ActiveX control. Exploitation of this issue could possibly lead to unauthorized information disclosure, system information corruption or potentially allow arbitrary code execution in the context of the user...
Symantec Products Autonomy KeyView Module Vulnerability
SUMMARY Symantec products that ship a third-party Autonomy KeyView module have updated the module to address a vulnerability in the processing of Excel spreadsheets reported against the KeyView module. AFFECTED PRODUCTS Product | Version | Build | Solutions ---|---|---|--- Symantec Mail Security...
Microsoft Exchange Server EMSMDB2 MAPI Command Remote Denial of Service Vulnerability
Description Microsoft Exchange Server is prone to a remote denial-of-service vulnerability. A successful exploit allows a remote attacker to cause the application to stop responding, denying service to legitimate users. Technologies Affected Avaya Messaging Application Server Avaya Messaging...
Microsoft Internet Explorer Script Error Handling Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. An attacker may exploit this issue by enticing victims into viewing maliciously crafted HTML content. Successfully exploiting this issue allows arbitrary machine code to execute in the context of the affect...
Microsoft Outlook Express Content Disposition Parsing Information Disclosure Vulnerability
Description Outlook Express is prone to a cross-domain information-disclosure vulnerability. This vulnerability may let a malicious website access properties of a site in an arbitrary external domain in the context of the victim's browser. Attackers could exploit this issue to access sensitive...
CSRF Token Information Disclosure in MC
Summary The Management Center MC web UI is susceptible to a CSRF token disclosure vulnerability. A remote attacker, who has access to an authenticated MC user's web browser history or a network device that intercepts/logs traffic to MC, can obtain CSRF tokens and use them to perform CSRF attacks...
Microsoft Windows Win32k CVE-2020-0642 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code in kernel mode with elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version...
Microsoft OneDrive for Android CVE-2020-0654 Security Bypass Vulnerability
Description Microsoft OneDrive for Android is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in launching further attacks. Technologies Affected Microsoft OneDrive Recommendations...
Cisco Unified Customer Voice Portal CVE-2019-16017 Denial of Service Vulnerability
Description Cisco Unified Customer Voice Portal is prone to a remote denial-of-service vulnerability. Successfully exploiting this issue allows remote attackers to cause denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCvp72741. Technologies Affected Cisco Unified...
Fortinet FortiAuthenticator CVE-2019-16154 Cross Site Scripting Vulnerability
Description Fortinet FortiAuthenticator is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This...
Rack CVE-2019-16782 Information Disclosure Vulnerability
Description Rack is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Rack Project Rack 0.1 Rack Project Rack 0.2 Rack Project Rack 0.3 Rack Project Rack 0.4 Rack Project Rack...
Ansible Tower CVE-2019-19341 Information Disclosure Vulnerability
Description Ansible Tower is prone to an information-disclosure vulnerability. An attacker can exploit this issue to obtain sensitive information. That may aid in further attacks. Ansible Tower versions 3.6.1 and 3.5.3 are vulnerable; other versions may also be affected. Technologies Affected...
Wireshark CVE-2019-19553 Denial of Service Vulnerability
Description Wireshark is prone to a remote denial-of-service vulnerability because it fails to properly handle certain type of packets. An attacker can leverage this issue to crash the affected application, denying service to legitimate users. Wireshark versions 3.0.0 through 3.0.6 and 2.6.0...