6867 matches found
Microsoft Internet Explorer (CVE-2009-3671) Uninitialized Memory Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the computer. Failed attacks m...
Microsoft PowerPoint Sound Data (CVE-2009-1137) Remote Code Execution Vulnerability
Description Microsoft PowerPoint is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious PowerPoint file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently...
Microsoft Windows AFD Driver Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability in the Ancillary Function Driver 'afd.sys'. A successful exploit of this vulnerability will let a local attacker completely compromise an affected computer. Technologies Affected Microsoft Windows Server 2003...
Microsoft Outlook Mailto URI Remote Code Execution Vulnerability
Description Microsoft Outlook is prone to a remote code-execution vulnerability because the application fails to adequately validate user-supplied data. Successfully exploiting this issue will allow attackers to execute arbitrary code with the privileges of the currently logged-in user. This will...
Microsoft Windows Vista DHCP Remote Denial Of Service Vulnerability
Description Microsoft Windows Vista is prone to a remote denial-of-service vulnerability because it fails to adequately handle specially crafted TCP/IP traffic. Attackers can exploit this issue to cause affected computers to stop responding and to automatically restart. Successful attacks will de...
Symantec SYMTDI.SYS Device Driver Local Denial of Service
SUMMARY Some versions of Symantecs device driver SYMTDI.SYS contain a vulnerability which, if successfully exploited, could allow a local attacker to cause the system to crash. Risk Impact Low Remote Access | No ---|--- Local Access | Yes Authentication Required | Yes, to the local system Exploit...
Symantec Mail Security for SMTP Executable Attachment Parsing Denial of Service
SUMMARY A denial of service has been discovered in Symantec Mail Security for SMTP when parsing Executable Attachments. Risk Impact Low Remote Access | Yes ---|--- Local Access | No Authentication Required | No Exploit publicly available | No AFFECTED PRODUCTS Products | Versions | Solution...
Microsoft Office Brazilian Portuguese Grammar Checker Remote Code Execution Vulnerability
Description Microsoft Office is prone to a remote code-execution vulnerability. This issue occurs when the application processes certain Office files. Note that this issue may not be exploited automatically through email. For an attack to succeed, a victim must manually open an attachment sent by...
Symantec Sygate Management Server: SMS Authentication Servlet SQL Injection
SUMMARY A SQL injection vulnerability in Symantec's Sygate Management Server SMS version 4.1, build 1417 and earlier could potentially allow a remote or local attacker to gain administrative privileges to the SMS server. Risk Impact High Remote Access | Yes ---|--- Local Access | Yes Authenticati...
Microsoft Windows NT PPTP DoS Vulnerability
Description A remote attacker could cause a denial of service condition in Windows NT. Submitting multiple maliciously crafted packets to the PPTP services will cause the consumption of all available system resources. Technologies Affected Microsoft Windows NT 4.0 Microsoft Windows NT Enterprise...
OReilly WebSite 1.x/2.0 win-c-sample.exe Buffer Overflow Vulnerability
Description O'Reilly WebSite Pro is a Windows 95/NT Web Server package. Versions 2.0 and below contained a vulnerable sample script, win-c-sample.exe, placed by default in /cgi-shl/ off the web root directory. This program is vulnerable to a buffer overflow, allowing for execution of arbitrary...
Oracle Banking Payments cpujan2020 Multiple Security Vulnerabilities
Description Oracle Banking Payments is prone to multiple security vulnerabilities. The vulnerability can be exploited over the 'HTTP' protocol. The 'Payments Core' component is affected. These vulnerabilities affect the following supported versions: 14.1.0 through 14.3.0 Technologies Affected...
D-Link DIR-601 CVE-2019-16327 Authentication Bypass Vulnerability
Description D-Link DIR-601 is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass authentication mechanism and perform unauthorized actions. This may lead to further attacks. D-Link DIR-601 Router 2.00NA is vulnerable; other versions may also be affected...
Wecon PLC Editor CVE-2019-18236 Multiple Stack Based Buffer Overflow Vulnerabilities
...
Apple iOS/tvOS/iPadOS/watchOS/macOS CVE-2019-8848 Privilege Escalation Vulnerability
Description Apple iOS/tvOS/iPadOS/watchOS/macOS are prone to a privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges on an affected system. Technologies Affected Apple Ipad Mini- Apple TV Apple Watch Apple iOS 10 Apple iOS 10.0.1 Apple iOS 10.1 Apple i...
SAP Adaptive Server Enterprise CVE-2019-0402 Information Disclosure Vulnerability
Description SAP Adaptive Server Enterprise is prone to an unspecified information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks. SAP Adaptive Server Enterprise versions 15.7 and 16.0 are vulnerable. Technologies Affecte...
Microsoft Windows Media Player CVE-2019-1480 Information Disclosure Vulnerability
Description Microsoft Windows Media Player is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for...
Microsoft Windows Printer Service CVE-2019-1477 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code in kernel mode with elevated privileges. Technologies Affected Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version...
Multiple QNAP Products NAS-201911-25 Multiple Security Vulnerabilities
Description Multiple QNAP products are prone to multiple security vulnerabilities. An attacker can exploit these issues to gain unauthorized access to the affected device, inject and execute arbitrary code and read or write arbitrary files on the device. Technologies Affected Qnap Photo Station...
Cisco DNA Spaces: Connector CVE-2019-15995 SQL Injection Vulnerability
Description Cisco DNA Spaces: Connector is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent...
Apache Shiro CVE-2019-12422 Information Disclosure Vulnerability
Description Apache Shiro is prone to an information-disclosure vulnerability. Successfully exploiting this issue may allow an attacker to obtain sensitive information that may aid in further attacks. Versions prior to Apache Shiro 1.4.2 are vulnerable. Technologies Affected Apache Apache Shiro...
Lexmark Services Monitor CVE-2019-16758 Directory Traversal Vulnerability
Description Lexmark Services Monitor is prone to a directory-traversal vulnerability. Remote attackers may use a specially crafted request with directory-traversal sequences '../' to retrieve sensitive information. This may aid in further attacks. Lexmark Services Monitor 2.27.4.0.39 is vulnerabl...
Multiple F5 BIG-IP Products CVE-2019-6662 Multiple Information Disclosure Vulnerabilities
Description Multiple F5 BIG-IP Products are prone to multiple information-disclosure vulnerabilities. Successfully exploiting these issues may allow attackers to obtain sensitive information. This may lead to other attacks. Technologies Affected F5 BIG-IP AAM 13.1.0 F5 BIG-IP AAM 13.1.1 F5 BIG-IP...
Adobe Media Encoder CVE-2019-8246 Out of Bounds Arbitrary Code Execution Vulnerability
Description Adobe Media Encoder is prone to an unspecified remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition. Adobe...
Microsoft Windows CVE-2019-1423 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges and execute arbitrary code. Technologies Affected Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for...
Envoy CVE-2019-18836 Remote Denial of Service Vulnerability
Description Envoy is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause denial of service conditions. Technologies Affected Envoy Envoy 1.12.0 Istio Istio 1.3.0 Istio Istio 1.3.1 Istio Istio 1.3.2 Istio Istio 1.3.3 Recommendations Block external access ...
Cisco Aironet Access Points CVE-2019-15265 Denial of Service Vulnerability
Description Cisco Aironet Access Points are prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCvn80147. Technologies Affected Cisco Aironet 1540 Series Access Points Cisco Aironet 15...
Cisco SPA100 Series Analog Telephone Adapters CVE-2019-12704 Information Disclosure Vulnerability
Description Cisco SPA100 Series Analog Telephone Adapters are prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCvq50503. Technologies Affected...
ISC BIND CVE-2019-6476 Remote Denial of Service Vulnerability
Description ISC BIND is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. ISC BIND 9.14.0 through 9.14.6, and 9.15.0 through 9.15.4 are vulnerable. Technologies Affected ISC Bind 9.14.0 ISC Bind 9.14.1 ISC Bind 9.14.2 ISC...
Sonatype Nexus Repository Manager CVE-2019-15588 OS Command Injection Vulnerability
Description Sonatype Nexus Repository Manager is prone to an OS command-injection vulnerability. An attacker may exploit this issue to inject and execute arbitrary commands within the context of the affected application; this may aid in further attacks. Versions prior to Nexus Repository Manager...
Oracle MySQL Server Cpuoct2019 Multiple Security Vulnerabilities
Description Oracle MySQL Server is prone to multiple security vulnerabilities. These vulnerabilities can be exploited over 'MySQL Protocol' protocol. The 'Server: C API', 'Server: Optimizer', 'Server: Parser', 'InnoDB', 'Server: Security: Encryption', and 'Server: Connection' components are...
Adobe Acrobat and Reader CVE-2019-8226 Information Disclosure Vulnerability
Description Adobe Acrobat and Reader are prone to information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. Technologies Affected Adobe Acrobat DC 2015.006.30060 Adobe Acrobat DC 2015.006.30094 Adobe Acrobat D...
Oracle E-Business Suite CVE-2019-2994 Remote Security Vulnerability
Description Oracle E-Business Suite is prone to a remote security vulnerability in the Oracle Marketing. This vulnerability can be exploited over the 'HTTP' protocol. The 'Marketing Administration' component is affected. This vulnerability affect the following supported versions: 12.1.1 through...
Oracle E-Business Suite CVE-2019-3024 Remote Security Vulnerability
Description Oracle E-Business Suite is prone to a remote security vulnerability in Oracle Installed Base. The vulnerability can be exploited over the 'HTTP' protocol. The 'Engineering Change Order' component is affected. This vulnerability affects the following supported versions: 12.2.3 through...
Juniper Junos CVE-2019-0061 Local Privilege Escalation Vulnerability
Description Juniper Junos is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to gain elevated privileges. The following versions of Juniper Junos are affected: Junper Junos 15.1X49 versions prior to 15.1X49-D171 and 15.1X49-D180 Junper Junos 15.1X53...
Juniper Junos CVE-2019-0066 Denial of Service Vulnerability
Description Juniper Junos is prone to a denial-of-service vulnerability. An attacker may exploit this issue to cause denial-of-service conditions. Technologies Affected Juniper Junos 15.1 Juniper Junos 15.1A2 Juniper Junos 15.1F1 Juniper Junos 15.1F2 Juniper Junos 15.1F2-S14 Juniper Junos...
Juniper Junos CVE-2019-0054 Certificate Validation Security Weakness
Description Juniper Junos is prone to a security weakness. An attacker can exploit this issue to perform man-in-the-middle attacks and perform certain unauthorized actions, which will aid in further attacks. Juniper Networks Junos OS 15.1X49 versions prior to 15.1X49-D120 are vulnerable...
SAP Financial Consolidation Multiple Unspecified Security Vulnerabilities
Description SAP Financial Consolidation is prone to multiple unspecified security vulnerabilities. Limited information is currently available regarding these issues. We will update this BID as more information emerges. SAP Financial Consolidation versions 10.0 and 10.1 are vulnerable. Technologie...
Microsoft Dynamics 365 CVE-2019-1375 Cross Site Scripting Vulnerability
Description Microsoft Dynamics 365 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may...
Siemens SIMATIC IT UADM CVE-2019-13929 Hardcoded Cryptographic Key Vulnerability
Description Siemens SIMATIC IT UADM is prone to a hard-coded cryptographic key vulnerability. An attacker can exploit this issue to gain unauthorized access to the vulnerable device and perform unauthorized actions. Versions prior to SIMATIC IT UADM 1.3 are vulnerable. Technologies Affected Sieme...
Redhat OpenShift Container Platform CVE-2019-14854 Information Disclosure Vulnerability
Description Redhat OpenShift Container Platform is prone to an information-disclosure vulnerability. Successful exploits may allow the attacker to obtain sensitive information. This may lead to other attacks. OpenShift Container Platform 4.1 and 4.2 are vulnerable. Technologies Affected Redhat...
Cisco Unified Communications Manager CVE-2019-12715 Cross Site Scripting Vulnerability
Description Cisco Unified Communications Manager is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This...
Cisco Prime Infrastructure CVE-2019-12712 Cross Site Scripting Vulnerability
Description Cisco Prime Infrastructure is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This...
Multiple Cisco Products CVE-2019-15256 Denial of Service Vulnerability
Description Multiple Cisco Products are prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a reload to the affected device; denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCvo11077. Technologies Affected Cisco Adaptive Securi...
Microsoft SharePoint CVE-2019-1257 Remote Code Execution Vulnerability
Description Microsoft SharePoint is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code. Failed exploit attempts will likely result in denial of service conditions. Technologies Affected Microsoft SharePoint Enterprise Server 2016 Microsof...
Microsoft Windows Remote Desktop Client CVE-2019-0788 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed attacks will cause denial-of-service conditions. Technologies Affected Microsoft Windows 10 Version 1607 f...
Microsoft Windows GDI Component CVE-2019-1286 Information Disclosure Vulnerability
Description Microsoft Windows is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 16...
ISC Kea CVE-2019-6473 Denial of Service Vulnerability
Description ISC Kea is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. Kea 1.4.0 through 1.5.0, 1.6.0-beta1, and 1.6.0-beta2 are vulnerable. Technologies Affected ISC Kea 1.4.0 ISC Kea 1.5.0 ISC Kea 1.6.0-beta1 ISC Kea...
Information Disclosure Vulnerability in MC
SUMMARY The Symantec Management Center REST API is susceptible to an information disclosure vulnerability. A malicious authenticated user can obtain passwords for external backup and CPL policy import servers that they might not otherwise be authorized to access. AFFECTED PRODUCTS Management Cent...
Microsoft Outlook CVE-2019-1199 Remote Code Execution Vulnerability
Description Microsoft Outlook is prone to a remote code-execution vulnerability. Successful exploits may allow an attacker to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft Office 2019...