6867 matches found
Microsoft Internet Explorer Malformed Row Property Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the browser. Successful exploits will compromise the browser and possibly the computer. Failed attacks may cause...
Symantec Brightmail Gateway and Mail Security Appliance Cross-site Scripting and Elevation of Privil
SUMMARY Symantec Brightmail Gateways Control Center is susceptible to cross-site scripting and elevation of privilege vulnerabilities. AFFECTED PRODUCTS Product | Version | Solutions ---|---|--- Symantec Brightmail Gateway Appliance 8300 | All prior to 8.0.1 | Upgrade to 8.0.1 or later Symantec...
Microsoft Windows Recursive DNS Spoofing Vulnerability
Description Microsoft Windows DNS Server is prone to a vulnerability that permits an attacker to spoof responses to DNS requests. A successful attack will corrupt the DNS cache with attacker-specified content. This may aid in further attacks such as phishing. Technologies Affected Avaya Messaging...
Symantec Client Security Internet E-mail Auto-Protect Stack Overflow
SUMMARY A stack overflow in Symantec Anti-Virus Corporate Editions Internet Email Auto-Protect feature could potentially crash the Internet Email scanning feature. Severity Low Remote Access | No ---|--- Local Access | Yes Authentication Required | Yes Exploit publicly available | No AFFECTED...
AWStats Rawlog Plugin Logfile Parameter Input Validation Vulnerability
Description AWStats Rawlog Plugin is reported prone to an input validation vulnerability. The issue is reported to exist because user supplied 'logfile' URI data passed to the 'awstats.pl' script is not sanitized. An attacker may exploit this condition to execute commands remotely or disclose...
SEDR Information Disclosure
Summary Symantec - A Division of Broadcom has released an update to address an issue that was discovered in the Symantec Endpoint Detection & Response SEDR product. Affected Product Symantec Endpoint Detection and Response SEDR --- CVE | Affected Versions | Remediation CVE-2020-5839 | Prior to 4....
Data Center Security Privilege Escalation
Summary Symantec has released an update to address an issue that was discovered in the Data Center Security Manager component. Affected Products Data Center Security Manager Component --- CVE | Affected Versions | Remediation CVE-2020-5832 | Prior to 6.8.2 aka 6.8 MP2 | Upgrade 6.8.2 aka 6.8 MP2...
Microsoft Windows Search Indexer CVE-2020-0628 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code with elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for...
Trend Micro Apex Central CVE-2019-19692 Cross Site Scripting Vulnerability
Description Trend Micro Apex Central is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. Thi...
Multiple Trend Micro Products CVE-2019-19693 Local Security Bypass Vulnerability
Description Multiple Trend Micro Products are prone to a local security-bypass vulnerability. Attackers can exploit this issue to obtain sensitive information, bypass security restrictions and perform unauthorized actions or cause denial-of-service conditions. Technologies Affected Trend Micro...
Philips Veradius Unity, Pulsera, and Endura CVE-2019-18263 Denial of Service Vulnerability
Description Philips Veradius Unity, Pulsera, and Endura are prone to a denial-of-service vulnerability. An attacker can leverage this issue to cause denial-of-service condition. Technologies Affected Philips Endura Philips Pulsera Philips Veradius Unity Recommendations Block external access at th...
Sysstat CVE-2019-19725 Memory Corruption Vulnerability
Description Sysstat is prone to a memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition. sysstat versions through 12.2.0 are vulnerable. Technologies...
IBM API Connect CVE-2019-4609 Information Disclosure Vulnerability
Description IBM API Connect is prone to an information-disclosure vulnerability. Remote attackers can exploit this issue to obtain sensitive information that may lead to further attacks. IBM API Connect 2018.4.1.7 is vulnerable; other versions may also affected. Technologies Affected IBM API...
Multiple TIBCO Spotfire Products CVE-2019-17337 Cross Site Scripting Vulnerability
Description Multiple TIBCO Spotfire Products are prone to a cross-site scripting vulnerability because they fail to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected sit...
Apache Superset CVE-2019-12413 Information Disclosure Vulnerability
Description Apache Superset is prone to an information-disclosure vulnerability. An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. Apache Superset version prior to 0.31 are vulnerable. Technologies Affected Apache Superset 0.20 Apache Superset 0.2...
Ansible Tower Multiple Security Vulnerabilities
Description Ansible Tower is prone to multiple security vulnerabilities. An attacker can exploit these issues to gain unauthorized access or obtain sensitive information. That may aid in further attacks. Ansible Tower versions 3.6.1 and 3.5.3 are vulnerable; other versions may also be affected...
Omron PLC CJ/CS/NJ Series CVE-2019-18261 Authentication Bypass Vulnerability
Description Omron PLC CJ, CS and NJ Series are prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and aid in brute-force attacks; other attacks may also be possible. The following products of Omron Programmable Logic...
hostapd CVE-2019-5062 Denial of Service Vulnerability
Description hostapd is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause denial-of-service conditions. Technologies Affected W1.F1 Hostapd 2.6 Recommendations Run all software as a nonprivileged user with minimal access rights. To reduce the impact of latent...
Adobe Acrobat and Reader CVE-2019-16444 Local Privilege Escalation Vulnerability
Description Adobe Acrobat and Reader are prone to a local privilege-escalation vulnerability. Attackers can exploit this issue to gain elevated privileges and perform unauthorized actions. Technologies Affected Adobe Acrobat DC 2015.006.30060 Adobe Acrobat DC 2015.006.30094 Adobe Acrobat DC...
Symantec Industrial Control System Protection CVE-2019-18380 Unauthorized Access Vulnerability
Description Symantec Industrial Control System Protection is prone to an unauthorized access vulnerability. An attacker can exploit this issue to gain unauthorized access and perform unintended actions. This may lead to further attacks. Symantec Industrial Control System Protection 6.x.x versions...
Symantec ICSP Unauthorized Access
SUMMARY Symantec has released an update to address an issue that was discovered in the Industrial Control System Protection ICSP product. AFFECTED PRODUCTS Industrial Control System Protection ICSP --- CVE | Affected Versions | Remediation CVE-2019-18380 | ICSP 6.x.x | Upgrade to ICSP 6.1.1.123...
F5 SSL Orchestrator CVE-2019-6674 Denial of Service Vulnerability
Description F5 SSL Orchestrator is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause denial of service conditions. Technologies Affected F5 SSL Orchestrator 14.1.0 F5 SSL Orchestrator 14.1.2 F5 SSL Orchestrator 15.0.0 F5 SSL Orchestrator 15.0.1 Recommendation...
IBM Case Manager CVE-2019-4426 Cross Site Scripting Vulnerability
Description IBM Case Manager is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the...
Multiple Pivotal RabbitMQ Products CVE-2019-11291 Cross Site Scripting Vulnerability
Description Multiple Pivotal RabbitMQ products are prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected...
Moodle CVE-2019-14880 Security Bypass Vulnerability
Description Moodle is prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks. Versions prior to Moodle 3.5.9, 3.6.7 and 3.7.3 are vulnerable. Technologies Affected Moodle...
Apache Shiro CVE-2019-12422 Information Disclosure Vulnerability
Description Apache Shiro is prone to an information-disclosure vulnerability. Successfully exploiting this issue may allow an attacker to obtain sensitive information that may aid in further attacks. Versions prior to Apache Shiro 1.4.2 are vulnerable. Technologies Affected Apache Apache Shiro...
F5 BIG-IP APM CVE-2019-6661 Denial of Service Vulnerability
Description F5 BIG-IP APM is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause excessive resource consumption, resulting in a denial-of-service condition. BIG-IP APM 14.1.0 through 14.1.2, 14.0.0 through 14.0.1, 13.0.0 through 13.1.3, 12.1.0 through 12.1.4, and...
Microsoft Windows Win32k CVE-2019-1434 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code in kernel mode with elevated privileges. Technologies Affected Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems...
Microsoft Open Enclave SDK CVE-2019-1370 Information Disclosure Vulnerability
Description Microsoft Open Enclave SDK is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft Open Enclave SDK Recommendations Permit local access for trusted individual...
TIBCO EBX CVE-2019-17330 Multiple Unspecified Cross-Site Scripting Vulnerabilities
Description TIBCO EBX is prone to multiple unspecified cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site...
Microsoft Windows CVE-2019-1422 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges and execute arbitrary code. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-bas...
Microsoft Windows Hyper-V CVE-2019-0712 Denial of Service Vulnerability
Description Microsoft Windows is prone to a denial of service vulnerability. An attacker can exploit this issue to crash the host machine, resulting in a denial of service condition. Technologies Affected Microsoft Hyper-V Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows ...
Microsoft Windows Graphics Component CVE-2019-1435 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to gain elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft...
Microsoft Office CVE-2019-1442 Security Bypass Vulnerability
Description Microsoft Office is prone to a security bypass vulnerability. An attacker can leverage this issue to bypass certain security restrictions; this may aid in launching further attacks. Technologies Affected Microsoft SharePoint Server 2019 Recommendations Run all software as a...
Microsoft Windows Win32k CVE-2019-1393 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code in kernel mode with elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version...
Microsoft Windows Hyper-V CVE-2019-1398 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of an affected system. Technologies Affected Microsoft Hyper-V Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10...
Cisco Web Security Appliance CVE-2019-15969 Cross Site Scripting Vulnerability
Description Cisco Web Security Appliance is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. Thi...
Multiple Cisco Products CVE-2019-15288 Remote Privilege Escalation Vulnerability
Description Multiple Cisco Products are prone to a remote privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges. The issue is being tracked by Cisco Bug ID CSCvq29901. Technologies Affected Cisco RoomOS Software Cisco TelePresence CE Software 8.0.0 Cis...
IBM QRadar SIEM CVE-2019-4470 Unspecified Cross Site Scripting Vulnerability
Description IBM QRadar SIEM is prone to an unspecified cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based...
Dell EMC iDRAC CVE-2019-3764 Unauthorized Access Vulnerability
Description Dell EMC iDRAC is prone to an unauthorized-access vulnerability. Attackers can exploit this issue to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. The following Dell products are affected: Dell EMC iDRAC8 versions prior to 2.70.70.70 are...
Google Android System Component CVE-2019-2036 Privilege Escalation Vulnerability
Description Google Android is prone to a privilege-escalation vulnerability. An attackers may exploit this issue to gain elevated privileges. This issue are being tracked by Android Bug ID A-79703832. Technologies Affected Google Android 10.0 Google Android 8.0 Google Android 8.1 Google Android 9...
Red Hat '389-ds-base' CVE-2019-14824 Security Bypass Vulnerability
Description Red Hat '389-ds-base' is prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions, obtain sensitive information and perform unauthorized actions. This may aid in further attacks. Technologies Affected Redhat 389-ds-base Redhat...
PHP 'FFI::cast()' Memory Leak Denial of Service Vulnerability
Description PHP is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause a denial of service condition. Versions prior to PHP 7.4.0 are vulnerable. Technologies Affected PHP PHP 7.3.0 PHP PHP 7.3.1 PHP PHP 7.3.10 PHP PHP 7.3.11 PHP PHP 7.3.12 PHP PHP 7.3.2 PHP PHP...
Cloud Foundry UAA CVE-2019-11282 Information Disclosure Vulnerability
Description Cloud Foundry UAA is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. Cloud Foundry UAA versions prior to 74.3.0 are vulnerable. Technologies Affected Cloud Foundry UAA 63.0...
Cisco Identity Services Engine CVE-2019-12638 HTML Injection Vulnerability
Description Cisco Identity Services Engine is prone to an HTML-injection vulnerability because it fails to properly validate user-supplied input. Successful exploits will result in the execution of arbitrary attacker-supplied HTML and script code in the context of the affected application,...
ISC BIND CVE-2019-6475 Authentication Bypass Vulnerability
Description ISC BIND is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to perform unauthorized actions. This may aid in further attacks. ISC BIND versions 9.14.0 through 9.14.6, and 9.15.0 through 9.15.4 are vulnerable. Technologies Affected ISC Bind 9.14.0 IS...
Nessus CVE-2019-3982 Denial of Service Vulnerability
Description Nessus is prone to a denial-of-service vulnerability. Attackers may leverage this issue to cause a denial-of-service condition. Nessus versions 8.6.0 and prior are vulnerable. Technologies Affected Tenable Nessus 1.0.1 Tenable Nessus 3.0.3 Tenable Nessus 4.0 Tenable Nessus 4.4.1 Tenab...
Joomla! Core CVE-2019-18650 Cross Site Request Forgery Vulnerability
Description Joomla! is prone to a cross-site request-forgery vulnerability. An attacker can exploit this issue to perform unauthorized actions in the context of a logged-in user of the affected application. This may aid in other attacks. Joomla! 3.2.0 through 3.9.12 are vulnerable. Technologies...
Juniper Junos J-Web CVE-2019-0047 HTML Injection Vulnerability
Description Juniper Junos is prone to an HTML-injection vulnerability. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is...
Juniper Junos CVE-2019-0054 Certificate Validation Security Weakness
Description Juniper Junos is prone to a security weakness. An attacker can exploit this issue to perform man-in-the-middle attacks and perform certain unauthorized actions, which will aid in further attacks. Juniper Networks Junos OS 15.1X49 versions prior to 15.1X49-D120 are vulnerable...