6867 matches found
Microsoft Word (CVE-2010-3220) Remote Code Execution Vulnerability
Description Microsoft Word is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Word file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the...
Microsoft Internet Explorer Uninitialized Memory CVE-2010-3328 Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks will cause denial-of-service conditions. Technologies Affected Avaya Aura...
Symantec Altiris Deployment Solution and Notification Server Management Console FileDownload Vulnera
SUMMARY Symantecs Altiris Deployment Solution and Notification Server install a vulnerable ActiveX control. Exploitation of this issue could possibly lead to unauthorized information disclosure, system information corruption or potentially allow arbitrary code execution in the context of the user...
Symantec Products Autonomy KeyView Module Vulnerability
SUMMARY Symantec products that ship a third-party Autonomy KeyView module have updated the module to address a vulnerability in the processing of Excel spreadsheets reported against the KeyView module. AFFECTED PRODUCTS Product | Version | Build | Solutions ---|---|---|--- Symantec Mail Security...
Microsoft Exchange Server EMSMDB2 MAPI Command Remote Denial of Service Vulnerability
Description Microsoft Exchange Server is prone to a remote denial-of-service vulnerability. A successful exploit allows a remote attacker to cause the application to stop responding, denying service to legitimate users. Technologies Affected Avaya Messaging Application Server Avaya Messaging...
Microsoft Internet Explorer Script Error Handling Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. An attacker may exploit this issue by enticing victims into viewing maliciously crafted HTML content. Successfully exploiting this issue allows arbitrary machine code to execute in the context of the affect...
Microsoft Outlook Express Content Disposition Parsing Information Disclosure Vulnerability
Description Outlook Express is prone to a cross-domain information-disclosure vulnerability. This vulnerability may let a malicious website access properties of a site in an arbitrary external domain in the context of the victim's browser. Attackers could exploit this issue to access sensitive...
CSRF Token Information Disclosure in MC
Summary The Management Center MC web UI is susceptible to a CSRF token disclosure vulnerability. A remote attacker, who has access to an authenticated MC user's web browser history or a network device that intercepts/logs traffic to MC, can obtain CSRF tokens and use them to perform CSRF attacks...
Cisco Unified Customer Voice Portal CVE-2019-16017 Denial of Service Vulnerability
Description Cisco Unified Customer Voice Portal is prone to a remote denial-of-service vulnerability. Successfully exploiting this issue allows remote attackers to cause denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCvp72741. Technologies Affected Cisco Unified...
Fortinet FortiAuthenticator CVE-2019-16154 Cross Site Scripting Vulnerability
Description Fortinet FortiAuthenticator is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This...
Rack CVE-2019-16782 Information Disclosure Vulnerability
Description Rack is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Rack Project Rack 0.1 Rack Project Rack 0.2 Rack Project Rack 0.3 Rack Project Rack 0.4 Rack Project Rack...
Redhat KeyCloak CVE-2019-14909 Authentication Bypass Vulnerability
Description Redhat KeyCloak is prone to an authentication-bypass vulnerability. Remote attackers can exploit this issue to bypass the authentication mechanism and gain unauthorized access. Technologies Affected Redhat keycloak 7.0.0 Redhat keycloak 7.0.1.Final Recommendations Block external acces...
ClamAV CVE-2019-15961 Denial of Service Vulnerability
Description ClamAV is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. Versions prior to ClamAV 0.102.1 and 0.101.5 are vulnerable. Technologies Affected Cisco ClamAV 0.100 Cisco ClamAV 0.101 Cisco ClamAV 0.101.4 Cisco ClamAV...
Moodle CVE-2019-14883 Remote Security Vulnerability
Description Moodle is prone to a remote security vulnerability. An attacker can leverage this issue to perform unauthorized actions. This may aid in further attacks. Moodle 3.7 through 3.7.2 and 3.6 through 3.6.6 versions are vulnerable. Technologies Affected Moodle Moodle 3.6 Moodle Moodle 3.6.1...
Moodle CVE-2019-14882 Open Redirection Vulnerability
Description Moodle is prone to an open-redirection vulnerability because it fails to properly sanitize user-supplied input. An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to a...
Apache Atlas CVE-2019-10070 HTML Injection Vulnerability
Description Apache Atlas is prone to an HTML injection vulnerability because it fails to sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based...
Multiple F5 BIG-IP Products CVE-2019-6664 Remote Security Vulnerability
Description Multiple F5 BIG-IP Products are prone to a remote security vulnerability. An attacker can leverage this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. Technologies Affected F5 BIG-IP AAM 14.1.0 F5 BIG-IP AAM 15.0.0 F5 BIG-IP AF...
SAP BusinessObjects BI Platform CVE-2019-0396 XML External Entity Injection Vulnerability
Description SAP BusinessObjects Business Intelligence Platform is prone to an XML External Entity injection vulnerability. Attackers can exploit this issue to gain access to sensitive information or cause denial-of-service condition. SAP BusinessObjects Business Intelligence Platform versions 4.1...
Microsoft Windows Hyper-V CVE-2019-1310 Denial of Service Vulnerability
Description Microsoft Windows is prone to a denial of service vulnerability. An attacker can exploit this issue to crash the host machine, resulting in a denial of service condition. Technologies Affected Microsoft Hyper-V Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows ...
Microsoft Windows 'DirectWrite' API CVE-2019-1411 Information Disclosure Vulnerability
Description Microsoft Windows is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 16...
SAP Enable Now CVE-2019-0385 Unspecified Cross Site Scripting Vulnerability
Description SAP Enable Now is prone to an unspecified cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. Remote attackers can exploit this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site...
Linux Kernel CVE-2019-18786 Information Disclosure Vulnerability
Description Linux kernel is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Linux kernel versions through 5.3.8 are vulnerable. Technologies Affected Linux kernel 2.0.0 Linux kernel 2.0.1...
Xen CVE-2019-18421 Privilege Escalation Vulnerability
Description Xen is prone to a privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges, obtain sensitive information or cause denial-of-service conditions. Technologies Affected Citrix Hypervisor 8.0 Citrix XenServer 7.0 Citrix XenServer 7.1 LTSR CU2 Citr...
IBM Security Guardium Big Data Intelligence CVE-2019-4311 Information Disclosure Vulnerability
Description IBM Security Guardium Big Data Intelligence is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Security Guardium Big Data Intelligence 4.0 is vulnerable; other versions may also be...
CODESYS ENI Server CVE-2019-16265 Stack Buffer Overflow Vulnerability
Description CODESYS ENI Server is prone to a stack-based buffer-overflow vulnerability. Exploiting this issue may allow remote attackers to execute arbitrary code within the context of the affected application. Failed attacks will cause denial-of-service conditions. CODESYS ENI Server versions...
Cisco TelePresence Advanced Media Gateway CVE-2019-15966 Denial of Service Vulnerability
Description Cisco TelePresence Advanced Media Gateway is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCvr69362. Technologies Affected Cisco TelePresence Advanced Media...
Cisco SPA100 Series Analog Telephone Adapters CVE-2019-15257 Information Disclosure Vulnerability
Description Cisco SPA100 Series Analog Telephone Adapters are prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCvq50523. Technologies Affected...
Oracle Forms CVE-2019-2886 Remote Security Vulnerability
Description Oracle Forms is prone to a remote security vulnerability. The vulnerability can be exploited over the 'HTTP' protocol. The 'Services' component is affected. This vulnerability affects the following supported versions: 12.2.1.3.0 Technologies Affected Oracle Forms 12.2.1.3.0...
Oracle MySQL Connectors CVE-2019-2920 Remote Security Vulnerability
Description Oracle MySQL Connectors is prone to a remote security vulnerability. The vulnerability can be exploited over the 'MySQL Protocol' Protocol. The 'Connector/ODBC' component is affected. This vulnerability affects the following supported versions: 5.3.13 and prior, 8.0.17 and prior...
Oracle Retail Xstore Office CVE-2018-3300 Remote Security Vulnerability
Description Oracle Retail Xstore Office is prone to a remote security vulnerability. This vulnerability can be exploited over the 'HTTP' protocol. The 'Internal Operations' component is affected. This vulnerability affects the following supported versions: 7.1 Technologies Affected Oracle Retail...
Oracle E-Business Suite CVE-2019-3027 Remote Security Vulnerability
Description Oracle E-Business Suite is prone to a remote security vulnerability in 'Oracle Application Object Library' product. This vulnerability can be exploited over the 'HTTP' protocol. The 'Login Help' component is affected. This vulnerability affects the following supported versions: 12.2.5...
Dell ImageAssist CVE-2019-3767 Local Information Disclosure Vulnerability
Description Dell ImageAssist is prone to a local information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks. Versions prior to Dell ImageAssist 8.7.1.5 are vulnerable. Technologies Affected Dell ImageAssist 4.0.0.9 Dell...
Juniper Junos CVE-2019-0051 Denial of Service Vulnerability
Description Juniper Junos is prone to a denial-of-service vulnerability. An attacker may exploit this issue to cause denial-of-service conditions. The following versions of Junos on Juniper SRX5000 Series devices are vulnerable: Juniper Junos 12.3X48 versions prior to 12.3X48-D85 Juniper Junos...
Microsoft Windows Win32k CVE-2019-1364 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code in kernel mode with elevated privileges. Technologies Affected Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Syste...
Microsoft Windows Remote Desktop Protocol CVE-2019-1326 Denial of Service Vulnerability
Description Microsoft Windows Remote Desktop Protocol is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause the target service to stop responding, denying service to legitimate users. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems...
HP Touchpoint Analytics CVE-2019-6333 Unspecfied Local Code Execution Vulnerability
Description HP Touchpoint Analytics is prone to an unspecfied local code-execution vulnerability. A local attacker can leverage this issue to execute arbitrary code in the context of affected application. Failed attempts may lead to denial-of-service conditions. Versions prior to Touchpoint...
Multiple Cisco Products CVE-2019-12698 Denial of Service Vulnerability
Description Multiple Cisco Products are prone to a denial-of-service vulnerability. Successful exploitation of the issue will cause excessive CPU resource consumption, resulting in a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCvp76944. Technologies Affected Cisco...
Cisco Firepower Management Center CVE-2019-12690 Command Injection Vulnerability
Description Cisco Firepower Management Center is prone to a command-injection vulnerability. An attacker may exploit this issue to execute arbitrary commands on the underlying OS with root privileges. This issue is being tracked by Cisco Bug ID CSCvh03962. Technologies Affected Cisco FirePOWER...
Linux kernel CVE-2019-18198 Local Memory Corruption Vulnerability
Description Linux kernel is prone to a local memory-corruption vulnerability. An attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. Given the nature of this issue, attackers may also be able to execute arbitrary code, but this has not been...
Pivotal Application Service CVE-2019-11275 Access Bypass Vulnerability
Description Pivotal Application Service is prone to a access-bypass vulnerability. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. The following versions are vulnerable: Pivotal Application Service PAS 2.6 versions...
Apple tvOS and macOS CVE-2019-8706 Memory Corruption Vulnerability
Description Apple tvOS and macOS are prone to a memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts may result in a denial-of-service condition. Technologies Affected Apple TV Apple mac...
Microsoft Windows JET Database Engine CVE-2019-1242 Remote Code Execution Vulnerability
Description Microsoft Windows JET Database Engine is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of an affected system. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10...
Microsoft Exchange Server CVE-2019-1266 Spoofing Vulnerability
Description Microsoft Exchange Server is prone to a security vulnerability that may allow attackers to conduct spoofing attacks. An attacker can exploit this issue to conduct spoofing attacks and perform unauthorized actions; other attacks are also possible. Technologies Affected Microsoft Exchan...
Microsoft ASP.NET Core CVE-2019-1302 Remote Privilege Escalation Vulnerability
Description Microsoft ASP.NET Core is prone to a remote privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges. Technologies Affected Microsoft ASP.NET Core 2.1 Microsoft ASP.NET Core 2.2 Microsoft ASP.NET Core 3.0 Recommendations Block external access ...
Microsoft Edge Chakra Scripting Engine CVE-2019-1217 Remote Memory Corruption Vulnerability
Description Microsoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft ChakraCore Microsoft...
Microsoft Windows Diagnostics Hub CVE-2019-1232 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to elevate the privileges and take control of an affected system. Technologies Affected Microsoft Visual Studio 2015 Update 3 Microsoft Visual Studio 2017 15.0 Microsoft...
Microsoft Internet Explorer CVE-2019-1220 Security Bypass Vulnerability
Description Microsoft Windows is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. Technologies Affected Microsoft Edge Microsoft Internet Explorer 10...
Microsoft Windows Hyper-V CVE-2019-0714 Denial of Service Vulnerability
Description Microsoft Windows is prone to a denial of service vulnerability. An attacker can exploit this issue to crash the host machine, resulting in a denial of service condition. Technologies Affected Microsoft Hyper-V Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows ...
Microsoft Windows CVE-2019-1198 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges on the system or gain unauthorized access. Failed exploit attempts may result in a denial of service condition. Technologies Affected Microsoft...
Microsoft Windows Graphics Component CVE-2019-1151 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. Successful exploits may allow an attacker to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft Office 2019...