6867 matches found
Microsoft Internet Explorer CVE-2011-0035 Uninitialized Memory Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks will cause denial-of-service conditions. Technologies Affected Avaya Aura...
Microsoft Office TIFF Image Converter (CVE-2010-3949) Buffer Overflow Vulnerability
Description Microsoft Office is prone to a remote buffer-overflow vulnerability because the software fails to perform adequate boundary-checks on user-supplied data. An attacker can exploit this issue by enticing an unsuspecting user into opening an Office document containing a specially crafted...
Microsoft Windows CVE-2010-1896 User Input Validation Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. A local attacker may exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromise of affected computers...
Microsoft Windows Media Decompression (CVE-2010-1879) Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability when handling compressed media files. An attacker can exploit this issue by enticing an unsuspecting user to open a malicious file. A successful exploit may allow arbitrary code to run in the context of the currently...
Microsoft Excel Document Parsing Remote Code Execution Vulnerability
Description Microsoft Excel is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing victims into opening a specially crafted Excel '.xls' file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the...
Symantec Altiris Deployment Solution Multiple Vulnerabilities
SUMMARY Symantecs Altiris Deployment Solution contains vulnerabilities that could potentially be leveraged for unauthorized file access or a denial of service on a client system, authentication bypass on the Server to local system-level access on a client system. AFFECTED PRODUCTS Product | Versi...
Microsoft Internet Explorer (CVE-2009-1141) Uninitialized Memory Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the computer. Failed attacks m...
Microsoft Internet Explorer Cached Content Cross Domain Information Disclosure Vulnerability
Description Microsoft Internet Explorer is prone to a cross-domain information-disclosure vulnerability because the application fails to properly enforce the same-origin policy. An attacker can exploit this issue to access local files or content from a browser window in another domain or security...
Symantec Log Viewer JavaScript Injection Vulnerabilities
SUMMARY The Log Viewer feature in some Symantec products contains two parsing errors which could be exploited through Java script injection. AFFECTED PRODUCTS Product | Version | Solution ---|---|--- Norton 360 | 1.0 | Run LiveUpdate in Interactive Mode Norton Internet Security | 2005 through 200...
Microsoft Windows DNS Server Incorrect Caching DNS Spoofing Vulnerability
Description The Microsoft Windows DNS Server is prone to a DNS-spoofing vulnerability because the software fails to cache responses to specially crafted DNS queries. Successfully exploiting this issue allows remote attackers to spoof DNS replies, allowing them to redirect network traffic and to...
Microsoft Windows Invalid Pointer Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successfully exploiting this issue will result in the complete compromise of affected...
Microsoft Windows Media Format Runtime ASF File Remote Code Execution Vulnerability
Description Windows Media Player is prone to a remote code-execution vulnerability because it fails to properly handle malformed media files. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit...
Microsoft Antivirus Engine Integer Overflow Vulnerability
Description Microsoft Antivirus Engine is prone to an integer-overflow vulnerability when the application processes maliciously crafted files. This issue is currently being exploited via Portable Document Files PDF, but other Microsoft applications are also reported vulnerable. An attacker could...
Symantec AntiVirus Corporate Edition 9.0 and Symantec Client Security 2.0 Help File Elevation of Pri
SUMMARY The Symantec AntiVirus Corporate Edition HTML client help function uses HTML help, the Windows help interface, to provide support to the client user. A non-privileged client user can manipulate the help function to access files on the system with local SYSTEM privileges. Risk Impact Mediu...
Microsoft Outlook Express Multiple Vulnerabilities
Description Microsoft has released an update to address various issues affecting Outlook Express 6.0 running on Windows XP. These issues may allow remote attackers to cause the client to crash or disclose sensitive information. Reportedly remote attackers may cause the client to crash by sending...
Microsoft GDI+ Library JPEG Segment Length Integer Underflow Vulnerability
Description Microsoft Graphics Device Interface GDI+ JPEG handler is reported prone to an integer underflow vulnerability when handling JPEG format images. This issue presents itself due to a lack of sufficient sanity checks performed on certain JPEG data before this data employed as a bounds val...
Microsoft IIS 4 Redirect Remote Buffer Overflow Vulnerability
Description Microsoft IIS 4.0 is reported prone to a buffer overflow vulnerability when handling redirects. It is reported that an attacker may exploit this vulnerability by issuing a large request to an affected IIS Web server. An attacker may exploit this issue to execute arbitrary code in the...
Microsoft Windows Local Descriptor Table Local Privilege Escalation Vulnerability
Description Microsoft Windows Local Descriptor Table programming interface is prone to a privilege-escalation vulnerability. A local attacker may be able to create a malicious entry in the Local Descriptor Table. This entry may point into protected memory. Since this memory space is reserved for...
Microsoft Windows ASN.1 Library Bit String Processing Integer Handling Vulnerability
Description Microsoft ASN.1 handling library has been reported prone to an integer overflow vulnerability that may result in arbitrary heap-based memory corruption. The issue presents itself in the ASN.1 BER decoding/encoding routines. Exploitation of this issue will result in the corruption of...
Adobe Experience Manager APSB20-01 Multiple Cross Site Scripting Vulnerabilities
Description Adobe Experience Manager is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affecte...
Microsoft Windows Search Indexer CVE-2020-0630 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code with elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for...
Oracle AutoVue CVE-2020-2592 Remote Security Vulnerability
Description Oracle AutoVue is prone to a remote security vulnerability. The vulnerability can be exploited over 'HTTP' protocol. The 'Security' sub component is affected. This vulnerability affects the following supported versions: 12.0.2 Technologies Affected Oracle AutoVue 12.0.2 Recommendation...
Microsoft Windows Search Indexer CVE-2020-0629 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code with elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for...
Juniper Junos CVE-2020-1604 Security Bypass Vulnerability
Description Juniper Junos is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks. The following products are affected: Juniper Junos 14.1X53 versions prior to...
Trend Micro Apex One and OfficeScan CVE-2019-19691 Information Disclosure Vulnerability
Description Trend Micro Apex One and OfficeScan are prone to an information-disclosure vulnerability. Remote attackers can exploit this issue to obtain sensitive information that may lead to further attacks. The following products are affected: Trend Micro Apex One 2019 Trend Micro OfficeScan XG...
Drupal Core SA-CORE-2019-011 Access Bypass Vulnerability
Description Drupal is prone to an access-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. Drupal versions 8.7.x and 8.8.x are vulnerable. Technologies Affected Drupal Drupa...
Xen CVE-2019-19577 Denial of Service Vulnerability
Description Xen is prone to a denial-of-service vulnerability. Attackers can exploit this issue to crash the affected application, denying service to legitimate users. Xen Xen version through 4.12.0 are vulnerable. Technologies Affected Citrix Hypervisor 8.0 Citrix XenServer 7.0 Citrix XenServer...
Microsoft Visual Studio CVE-2019-1486 Spoofing Vulnerability
Description Microsoft Visual Studio is prone to an security vulnerability that may allow attackers to conduct spoofing attacks. An attacker can exploit this issue to conduct spoofing attacks and perform unauthorized actions; other attacks are also possible. Technologies Affected Microsoft Visual...
Microsoft Excel CVE-2019-1464 Information Disclosure Vulnerability
Description Microsoft Excel is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft Excel 2010 SP2 32-bit editions Microsoft Excel 2010 SP2 64-bit editions Microsoft Exce...
Siemens SiNVR 3 SSA-761617 Multiple Security Vulnerabilities
Description Siemens SiNVR 3 is prone to the following security vulnerabilities: 1. Multiple information-disclosure vulnerabilities 2. Multiple authentication-bypass vulnerabilities 3. A directory-traversal vulnerability 4. A privilege-escalation vulnerability An attacker can exploit this issue...
Apple iOS/iPadOS/tvOS/watchOS CVE-2019-8836 Memory Corruption Vulnerability
Description Apple iOS, iPadOS, tvOS and watchOS are prone to a memory corruption vulnerability. An attacker can leverage this issue to execute arbitrary code with kernel privileges. Failed exploit attempts will likely result in denial-of-service conditions. This issue is fixed in: Apple iOS 13.3...
Siemens Polarion Multiple Cross Site Scripting and HTML Injection Vulnerabilities
Description Siemens Polarion is prone to multiple cross-site scripting vulnerabilities and an HTML-injection vulnerability. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based...
IBM Spectrum Protect CVE-2019-4406 Local Denial of Service Vulnerability
Description IBM Spectrum Protect is prone to local denial-of-service vulnerability. Successful exploits will allow local attackers to cause a denial-of-service conditions. Technologies Affected IBM Spectrum Protect 7.1.0.0 IBM Spectrum Protect 7.1.6.6 IBM Spectrum Protect 7.1.6.7 IBM Spectrum...
Cisco Webex Centers CVE-2019-15987 Information Disclosure Vulnerability
Description Cisco Webex Centers are prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. This issue is being tracked by Cisco Bug IDs CSCvq81213 and CSCvq81230. Cisco Webex Event Center, Cisco Webex...
McAfee Client Proxy CVE-2019-3654 Local Authentication Bypass Vulnerability
Description McAfee Client Proxy is prone to a local authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism. This may aid in further attacks. McAfee Client Proxy MCP versions prior to 3.0.0 are vulnerable. Technologies Affected McAfee Client...
Microsoft Visual Studio CVE-2019-1425 Remote Privilege Escalation Vulnerability
Description Microsoft Visual Studio is prone to a remote privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges. Technologies Affected Microsoft Visual Studio 2017 15.9 Microsoft Visual Studio 2019 16.0 Microsoft Visual Studio 2019 16.3 Recommendations...
Adobe Animate CVE-2019-7960 DLL Loading Local Privilege Escalation Vulnerability
Description Adobe Animate is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to gain elevated privileges. Animate 19.2.1 and prior are vulnerable. Technologies Affected Adobe Animate 14.2.0.20 Adobe Animate 15.0.0.173 Adobe Animate 15.0.1.179 Adobe...
Microsoft Windows Data Sharing Service CVE-2019-1379 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker may exploit this issue to gain elevated privileges. Technologies Affected Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft...
SAP Treasury and Risk Management CVE-2019-0384 Remote Authorization Bypass Vulnerability
Description SAP Treasury and Risk Management is prone to an authorization-bypass vulnerability. Attackers can exploit this issue to gain unauthorized access and obtain sensitive information. This may aid in further attacks. Technologies Affected SAP EA-FINSERV 6.0 SAP EA-FINSERV 6.03 SAP EA-FINSE...
Fortinet FortiClient for macOS CVE-2019-15704 Local Information Disclosure Vulnerability
Description Fortinet FortiClient for macOS is prone to a local information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. Versions prior to FortiClient for macOS 6.0.8 and 6.2.1 are vulnerable. Technologies...
Xen CVE-2019-18423 Denial of Service Vulnerability
Description Xen is prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash hypervisor, denying service to legitimate users. Xen version 4.8 and later are vulnerable. Technologies Affected Xen Xen 4.10 Xen Xen 4.10.0 Xen Xen 4.10.1 Xen Xen 4.10.2 Xen Xen 4.11.0 Xen...
Xen CVE-2019-18420 Denial of Service Vulnerability
Description Xen is prone to a denial-of-service vulnerability. Attackers can exploit this issue to crash the affected application, denying service to legitimate users. Xen Xen version 4.6 and later are vulnerable. Technologies Affected Xen Xen 4.10 Xen Xen 4.10.0 Xen Xen 4.10.1 Xen Xen 4.10.2 Xen...
Multiple IBM Products CVE-2019-4394 Local Security Vulnerability
Description Multiple IBM Products are prone to a local security vulnerability. Successfully exploiting this issue will allow attackers to perform unauthorized actions; this may aid in launching further attacks. Technologies Affected IBM Cloud Orchestrator 2.4 IBM Cloud Orchestrator 2.4.0.1 IBM...
Cisco SPA100 Series Analog Telephone Adapters CVE-2019-12708 Information Disclosure Vulnerability
Description Cisco SPA100 Series Analog Telephone Adapters are prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCvq50520. Technologies Affected...
Golang Go CVE-2019-17596 Remote Denial of Service Vulnerability
Description Golang Go is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. Versions prior to Go 1.13.2 and Go 1.12.11 are vulnerable. Technologies Affected golang Go 1.12.1 golang Go 1.12.10 golang Go 1.12.5 golang Go...
Palo Alto Networks GlobalProtect Agent CVE-2019-17435 Local Privilege Escalation Vulnerability
Description Palo Alto Networks GlobalProtect Agent is prone to a local privilege-escalation vulnerability. Local attackers may exploit this issue to gain elevated privileges on the affected system. Versions prior to Palo Alto Networks GlobalProtect agent 4.1.13 and 5.0.4 for Windows platform are...
Juniper Junos CVE-2019-0060 Denial of Service Vulnerability
Description Juniper Junos is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause a process crash, denying service to legitimate users. The following versions of Juniper Junos are affected: Juniper Junos 15.1X49 versions prior to 15.1X49-D171, 15.1X49-D180 are...
Juniper Junos CVE-2019-0068 Denial of Service Vulnerability
Description Juniper Junos is prone to a denial-of-service vulnerability. An attacker may exploit this issue to cause denial-of-service conditions. Technologies Affected Juniper Junos 12.3X48 Juniper Junos 12.3X48-D10 Juniper Junos 12.3X48-D15 Juniper Junos 12.3X48-D20 Juniper Junos 12.3X48-D25...
QEMU CVE-2019-12067 Null Pointer Dereference Denial of Service Vulnerability
Description QEMU is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. Technologies Affected QEMU QEMU Recommendations Block external access at the network boundary, unless external parties require service. If global access isn't...
Juniper Junos CVE-2019-0057 Local Authorization Bypass Vulnerability
Description Juniper Junos is prone to a local authorization-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. Versions prior to Junos OS 18.2R1, and 18.2X75-D5 are vulnerable. Technologies Affected Juniper Junos 18.2...