6867 matches found
Microsoft Windows Media Player CVE-2019-1480 Information Disclosure Vulnerability
Description Microsoft Windows Media Player is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for...
Multiple QNAP Products NAS-201911-25 Multiple Security Vulnerabilities
Description Multiple QNAP products are prone to multiple security vulnerabilities. An attacker can exploit these issues to gain unauthorized access to the affected device, inject and execute arbitrary code and read or write arbitrary files on the device. Technologies Affected Qnap Photo Station...
Cisco DNA Spaces: Connector CVE-2019-15995 SQL Injection Vulnerability
Description Cisco DNA Spaces: Connector is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent...
Apache Shiro CVE-2019-12422 Information Disclosure Vulnerability
Description Apache Shiro is prone to an information-disclosure vulnerability. Successfully exploiting this issue may allow an attacker to obtain sensitive information that may aid in further attacks. Versions prior to Apache Shiro 1.4.2 are vulnerable. Technologies Affected Apache Apache Shiro...
Lexmark Services Monitor CVE-2019-16758 Directory Traversal Vulnerability
Description Lexmark Services Monitor is prone to a directory-traversal vulnerability. Remote attackers may use a specially crafted request with directory-traversal sequences '../' to retrieve sensitive information. This may aid in further attacks. Lexmark Services Monitor 2.27.4.0.39 is vulnerabl...
Multiple F5 BIG-IP Products CVE-2019-6662 Multiple Information Disclosure Vulnerabilities
Description Multiple F5 BIG-IP Products are prone to multiple information-disclosure vulnerabilities. Successfully exploiting these issues may allow attackers to obtain sensitive information. This may lead to other attacks. Technologies Affected F5 BIG-IP AAM 13.1.0 F5 BIG-IP AAM 13.1.1 F5 BIG-IP...
Microsoft Windows Win32k CVE-2019-1393 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code in kernel mode with elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version...
TIBCO EBX CVE-2019-17330 Multiple Unspecified Cross-Site Scripting Vulnerabilities
Description TIBCO EBX is prone to multiple unspecified cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site...
Microsoft Office CVE-2019-1442 Security Bypass Vulnerability
Description Microsoft Office is prone to a security bypass vulnerability. An attacker can leverage this issue to bypass certain security restrictions; this may aid in launching further attacks. Technologies Affected Microsoft SharePoint Server 2019 Recommendations Run all software as a...
Microsoft Windows CVE-2019-1422 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges and execute arbitrary code. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-bas...
Adobe Media Encoder CVE-2019-8246 Out of Bounds Arbitrary Code Execution Vulnerability
Description Adobe Media Encoder is prone to an unspecified remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition. Adobe...
Microsoft Windows Hyper-V CVE-2019-0712 Denial of Service Vulnerability
Description Microsoft Windows is prone to a denial of service vulnerability. An attacker can exploit this issue to crash the host machine, resulting in a denial of service condition. Technologies Affected Microsoft Hyper-V Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows ...
Microsoft Windows Graphics Component CVE-2019-1435 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to gain elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft...
Microsoft Windows CVE-2019-1423 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges and execute arbitrary code. Technologies Affected Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for...
Cisco Web Security Appliance CVE-2019-15969 Cross Site Scripting Vulnerability
Description Cisco Web Security Appliance is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. Thi...
Multiple Cisco Products CVE-2019-15288 Remote Privilege Escalation Vulnerability
Description Multiple Cisco Products are prone to a remote privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges. The issue is being tracked by Cisco Bug ID CSCvq29901. Technologies Affected Cisco RoomOS Software Cisco TelePresence CE Software 8.0.0 Cis...
Dell EMC iDRAC CVE-2019-3764 Unauthorized Access Vulnerability
Description Dell EMC iDRAC is prone to an unauthorized-access vulnerability. Attackers can exploit this issue to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. The following Dell products are affected: Dell EMC iDRAC8 versions prior to 2.70.70.70 are...
IBM QRadar SIEM CVE-2019-4470 Unspecified Cross Site Scripting Vulnerability
Description IBM QRadar SIEM is prone to an unspecified cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based...
PHP 'FFI::cast()' Memory Leak Denial of Service Vulnerability
Description PHP is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause a denial of service condition. Versions prior to PHP 7.4.0 are vulnerable. Technologies Affected PHP PHP 7.3.0 PHP PHP 7.3.1 PHP PHP 7.3.10 PHP PHP 7.3.11 PHP PHP 7.3.12 PHP PHP 7.3.2 PHP PHP...
ISC BIND CVE-2019-6476 Remote Denial of Service Vulnerability
Description ISC BIND is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. ISC BIND 9.14.0 through 9.14.6, and 9.15.0 through 9.15.4 are vulnerable. Technologies Affected ISC Bind 9.14.0 ISC Bind 9.14.1 ISC Bind 9.14.2 ISC...
Cisco Aironet Access Points CVE-2019-15265 Denial of Service Vulnerability
Description Cisco Aironet Access Points are prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCvn80147. Technologies Affected Cisco Aironet 1540 Series Access Points Cisco Aironet 15...
Sonatype Nexus Repository Manager CVE-2019-15588 OS Command Injection Vulnerability
Description Sonatype Nexus Repository Manager is prone to an OS command-injection vulnerability. An attacker may exploit this issue to inject and execute arbitrary commands within the context of the affected application; this may aid in further attacks. Versions prior to Nexus Repository Manager...
Oracle MySQL Server Cpuoct2019 Multiple Security Vulnerabilities
Description Oracle MySQL Server is prone to multiple security vulnerabilities. These vulnerabilities can be exploited over 'MySQL Protocol' protocol. The 'Server: C API', 'Server: Optimizer', 'Server: Parser', 'InnoDB', 'Server: Security: Encryption', and 'Server: Connection' components are...
Juniper Junos CVE-2019-0064 Denial of Service Vulnerability
Description Juniper Junos is prone to a denial-of-service vulnerability. An attacker may exploit this issue to cause denial-of-service conditions. The following versions of Juniper Junos are affected: Juniper Junos 18.2R3 for SRX 5000 Series platform. Juniper Junos 18.4R2 for SRX 5000 Series...
Juniper Junos J-Web CVE-2019-0047 HTML Injection Vulnerability
Description Juniper Junos is prone to an HTML-injection vulnerability. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is...
Juniper Junos CVE-2019-0061 Local Privilege Escalation Vulnerability
Description Juniper Junos is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to gain elevated privileges. The following versions of Juniper Junos are affected: Junper Junos 15.1X49 versions prior to 15.1X49-D171 and 15.1X49-D180 Junper Junos 15.1X53...
Juniper Junos CVE-2019-0066 Denial of Service Vulnerability
Description Juniper Junos is prone to a denial-of-service vulnerability. An attacker may exploit this issue to cause denial-of-service conditions. Technologies Affected Juniper Junos 15.1 Juniper Junos 15.1A2 Juniper Junos 15.1F1 Juniper Junos 15.1F2 Juniper Junos 15.1F2-S14 Juniper Junos...
Juniper Junos CVE-2019-0054 Certificate Validation Security Weakness
Description Juniper Junos is prone to a security weakness. An attacker can exploit this issue to perform man-in-the-middle attacks and perform certain unauthorized actions, which will aid in further attacks. Juniper Networks Junos OS 15.1X49 versions prior to 15.1X49-D120 are vulnerable...
Siemens SIMATIC IT UADM CVE-2019-13929 Hardcoded Cryptographic Key Vulnerability
Description Siemens SIMATIC IT UADM is prone to a hard-coded cryptographic key vulnerability. An attacker can exploit this issue to gain unauthorized access to the vulnerable device and perform unauthorized actions. Versions prior to SIMATIC IT UADM 1.3 are vulnerable. Technologies Affected Sieme...
Redhat OpenShift Container Platform CVE-2019-14854 Information Disclosure Vulnerability
Description Redhat OpenShift Container Platform is prone to an information-disclosure vulnerability. Successful exploits may allow the attacker to obtain sensitive information. This may lead to other attacks. OpenShift Container Platform 4.1 and 4.2 are vulnerable. Technologies Affected Redhat...
Apache Hadoop CVE-2018-11768 Memory Corruption Vulnerability
Description Apache Hadoop is prone to a memory-corruption vulnerability. A remote attacker may exploit this issue to crash the server resulting in a denial-of-service condition. Technologies Affected Apache Hadoop 2.0.0 Alpha Apache Hadoop 2.0.0-alpha Apache Hadoop 2.0.1 Alpha Apache Hadoop 2.0.2...
Cisco Adaptive Security Appliance Software CVE-2019-12693 Denial of Service Vulnerability
Description Cisco Adaptive Security Appliance is prone to a remote denial-of-service vulnerability. Successful exploits may allow an attacker to cause denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCvo51265. Technologies Affected Cisco Adaptive Security Appliance ASA...
Cisco Unified Communications Manager CVE-2019-12715 Cross Site Scripting Vulnerability
Description Cisco Unified Communications Manager is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This...
Palo Alto Networks Zingbox Inspector CVE-2019-15019 Security Bypass Vulnerability
Description Palo Alto Networks Zingbox Inspector is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks. Versions prior to Zingbox Inspector 1.295 are vulnerable...
Microsoft SharePoint CVE-2019-1257 Remote Code Execution Vulnerability
Description Microsoft SharePoint is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code. Failed exploit attempts will likely result in denial of service conditions. Technologies Affected Microsoft SharePoint Enterprise Server 2016 Microsof...
Microsoft Windows Remote Desktop Client CVE-2019-0788 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed attacks will cause denial-of-service conditions. Technologies Affected Microsoft Windows 10 Version 1607 f...
Microsoft Windows GDI Component CVE-2019-1286 Information Disclosure Vulnerability
Description Microsoft Windows is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 16...
ISC Kea CVE-2019-6473 Denial of Service Vulnerability
Description ISC Kea is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. Kea 1.4.0 through 1.5.0, 1.6.0-beta1, and 1.6.0-beta2 are vulnerable. Technologies Affected ISC Kea 1.4.0 ISC Kea 1.5.0 ISC Kea 1.6.0-beta1 ISC Kea...
Information Disclosure Vulnerability in MC
SUMMARY The Symantec Management Center REST API is susceptible to an information disclosure vulnerability. A malicious authenticated user can obtain passwords for external backup and CPL policy import servers that they might not otherwise be authorized to access. AFFECTED PRODUCTS Management Cent...
Microsoft Outlook CVE-2019-1199 Remote Code Execution Vulnerability
Description Microsoft Outlook is prone to a remote code-execution vulnerability. Successful exploits may allow an attacker to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft Office 2019...
Microsoft Windows CVE-2019-1177 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges on the system. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems...
Microsoft Windows CVE-2019-1173 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to gain the elevated privileges on the system. Technologies Affected Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based...
Microsoft Edge Chakra Scripting Engine CVE-2019-1062 Remote Memory Corruption Vulnerability
Description Microsoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft ChakraCore Microsoft...
GraphicsMagick CVE-2019-19951 Heap Buffer Overflow Vulnerability
Description GraphicsMagick is prone to a heap-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it into an insufficiently sized buffer. Successful exploits may allow the attacker to crash the affected application. Due to the nature o...
Kubernetes CVE-2019-11244 Local Unauthorized Access Vulnerability
Description Kubernetes is prone to a local unauthorized-access vulnerability. A local attacker can exploit this issue to gain unauthorized access to the affected application. This may aid in further attacks. Kubernetes version 1.8.x through 1.14.x are vulnerable. Technologies Affected IBM Cloud...
Microsoft Edge Chakra Scripting Engine CVE-2019-0806 Remote Memory Corruption Vulnerability
Description Microsoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft ChakraCore Microsoft...
Microsoft Windows GDI Component CVE-2019-0849 Information Disclosure Vulnerability
Description Microsoft Windows is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 16...
Microsoft Windows MS XML CVE-2019-0792 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the current user. Failed exploit attempts will likely cause a denial-of-service condition. Technologies Affected Microsoft Windows 10 Versi...
Microsoft Edge and Internet Explorer CVE-2019-0762 Security Bypass Vulnerability
Description Microsoft Edge and Internet Explorer are prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions. This may lead to other attacks. Technologies Affected Microsoft Edge Microsoft Internet Explorer 10 Microsoft Internet Explore...
Microsoft Windows MS XML CVE-2019-0756 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the current user. Failed exploit attempts will likely cause a denial-of-service condition. Technologies Affected Microsoft Windows 10 Versi...