6867 matches found
Microsoft Windows GDI Component CVE-2019-1047 Information Disclosure Vulnerability
Description Microsoft Windows is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems...
Microsoft Edge CVE-2019-1054 Security Bypass Vulnerability
Description Microsoft Edge is prone to a security-bypass vulnerability. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. This may lead to other attacks. Technologies Affected Microsoft Edge Recommendations Run all...
OpenSSH CVE-2019-6109 Man in the Middle Security Bypass Vulnerability
Description OpenSSH is prone to a security-bypass vulnerability. Successfully exploiting this issue may allow attackers to bypass certain security restrictions and perform unauthorized actions by conducting a man-in-the-middle attack. This may lead to other attacks. OpenSSH 7.9 version is...
Multiple Microsoft Products CVE-2013-3906 Remote Code Execution Vulnerability
Description Multiple Microsoft products including Microsoft Windows, Microsoft Office, and Microsoft Lync are prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the currently logged-in user, which may lead to a complete...
Adobe Acrobat And Reader CVE-2013-0640 Remote Code Execution Vulnerability
Description Adobe Acrobat and Reader are prone to an unspecified remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the affected application or to crash the application. Limited information is known about this issue. We will...
Microsoft Windows GDI Component CVE-2019-1016 Information Disclosure Vulnerability
Description Microsoft Windows is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems...
Microsoft Edge Chakra Scripting Engine CVE-2019-0992 Remote Memory Corruption Vulnerability
Description Microsoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft ChakraCore Microsoft...
Microsoft Windows File Manager CVE-2016-7212 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. Successful exploits may allow an attacker to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft Windows 10...
Microsoft Office CVE-2015-2424 Memory Corruption Vulnerability
Description Microsoft Office is prone to a remote memory-corruption vulnerability because it fails to properly handle objects in memory. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in...
Microsoft Active Directory CVE-2014-1812 Privilege Escalation Vulnerability
Description Microsoft Active Directory is prone to a privilege-escalation vulnerability. An authenticated attacker can exploit this issue to gain access to services with escalated privileges. Technologies Affected Avaya Aura Conferencing 6.0 Avaya Aura Conferencing 6.0 Standard Avaya Aura...
Symantec IM Manager Local-Access Cross-site Scripting
SUMMARY Symantecs IM Manager management console is susceptible to a cross-site scripting issue. AFFECTED PRODUCTS Product | Version | Solutions ---|---|--- Symantec IM Manager | 8.3 and 8.4 | Upgrade to 8.4.13 Note: Customers running 8.3 versions of Symantec IM Manager should upgrade to the lates...
Microsoft Windows JET Database Engine CVE-2019-0904 Remote Code Execution Vulnerability
Description Microsoft Windows JET Database Engine is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of an affected system. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10...
Microsoft Windows Remote Desktop Web Access CVE-2020-0637 Information Disclosure Vulnerability
Description Microsoft Windows Remote Desktop Web Access is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Windows Server 2008 R2 for x64-based Systems SP1...
Microsoft Windows JET Database Engine CVE-2019-1246 Remote Code Execution Vulnerability
Description Microsoft Windows JET Database Engine is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of an affected system. Technologies Affected Microsoft Office 2010 32-bit edition SP2 Microsoft Office 2010 64-bit editi...
Microsoft Exchange Server CVE-2019-1136 Remote Privilege Escalation Vulnerability
Description Microsoft Exchange Server is prone to a remote privilege-escalation vulnerability. Attackers can exploit this issue to gain elevated privileges. Technologies Affected Microsoft Exchange Server 2010 SP3 Microsoft Exchange Server 2013 Cumulative Update 23 Microsoft Exchange Server 2016...
Microsoft Windows Kernel CVE-2018-8897 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based...
Adobe Acrobat and Reader APSB16-26 Multiple Unspecified Memory Corruption Vulnerabilities
Description Adobe Acrobat and Reader are prone to multiple unspecified memory-corruption vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition. Technologies Affected Adobe Acrobat...
Microsoft Windows Bluetooth CVE-2019-9506 Remote Security Vulnerability
Description Microsoft Windows Bluetooth is prone to a remote security vulnerability. An attacker can leverage this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. Technologies Affected Cisco 8821 Wireless IP Phones Cisco 8845 IP Phones Cisc...
Microsoft Windows Hyper-V CVE-2019-0713 Remote Denial of Service Vulnerability
Description Microsoft Windows is prone to a remote denial of service vulnerability. An attacker can exploit this issue to crash the host machine, resulting in a denial of service condition. Technologies Affected Microsoft Hyper-V Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft...
Microsoft Windows Uniscribe CVE-2017-0283 Remote Code Execution Vulnerability
Description Microsoft Windows Uniscribe is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of an affected system. Failed exploit attempts may result in a denial of service condition. Technologies Affected Microsoft Live...
Microsoft Internet Explorer CVE-2016-0189 Scripting Engine Remote Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-i...
Samba CVE-2019-14833 Remote Security Bypass Vulnerability
Description Samba is prone to a security-bypass vulnerability. Successful exploit may allow attackers to bypass certain security restrictions and gain unauthorized access to resources. Samba versions 4.5.0 and later are vulnerable. Technologies Affected Samba Samba 4.10.1 Samba Samba 4.10.2 Samba...
Libexpat Expat CVE-2019-15903 Heap Buffer Overflow Vulnerability
Description Libexpat Expat is prone to a heap-based buffer-overflow vulnerability. An attacker can exploit this issue to cause denial-of-service conditions. Libexpat Expat versions prior to 2.2.8 are vulnerable. Technologies Affected Libexpat Expat 1.95.1 Libexpat Expat 1.95.2 Libexpat Expat 1.95...
Microsoft Windows SMB Server CVE-2017-0278 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to execute arbitrary code on the target system. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit...
Microsoft Office CVE-2015-1641 Memory Corruption Vulnerability
Description Microsoft Office is prone to a remote memory-corruption vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions. Technologies Affected...
Linux Kernel CVE-2019-18660 Side Channel Attack Information Disclosure Vulnerability
Description Linux kernel is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Linux kernel versions through 5.3.13 are vulnerable. Technologies Affected Linux kernel 2.0.0 Linux kernel 2.0....
Symantec Endpoint Protection CVE-2019-12758 Local Code Execution Vulnerability
Description Symantec Endpoint Protection is prone to a local code-execution vulnerability. A local attacker can leverage this issue to execute arbitrary code in the context of affected application. Failed attempts may lead to denial-of-service conditions. Symantec Endpoint Protection versions pri...
Oracle Database Server CVE-2019-2909 Remote Security Vulnerability
Description Oracle Database Server is prone to a remote security vulnerability. The vulnerability can be exploited over multiple protocols. The 'Java VM' component is affected. This vulnerability affects the following supported versions: 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Technologies...
Microsoft .NET Framework CVE-2019-1142 Local Privilege Escalation Vulnerability
Description Microsoft .NET Framework is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to perform unauthorized actions with elevated privileges. Technologies Affected Microsoft .NET Framework 3.5 Microsoft .NET Framework 4.5.2 Microsoft .NET Framework...
Python CVE-2019-16056 Security Bypass Vulnerability
Description Python is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. Python versions through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4 are...
Apple iTunes and macOS CVE-2019-8801 DLL Loading Arbitrary Code Execution Vulnerability
Description Apple iTunes and macOS are prone to an arbitrary code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial of service condition. Technologies Affected Apple...
Microsoft Internet Explorer CVE-2017-11810 Remote Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Internet Explorer 9, 10 and 11 are...
Symantec Messaging Gateway 10.6.x ACE Library Static Link to Vulnerable SSL Version
SUMMARY Symantec Messaging Gateway SMG Appliance 10.6.x management console was susceptible to potential unauthorized loss of privileged information due to an inadvertent static link of an updated component library to a version of SSL susceptible to the Heartbleed vulnerability CVE-2014-0160...
libjpeg/libjpeg-turbo Library CVE-2013-6629 Memory Corruption Vulnerability
Description libjpeg and libjpeg-turbo libraries are prone to a memory-corruption vulnerability. Attackers can exploit this issue to bypass Address Space Layout Randomization ASLR protection mechanisms of applications. This may aid in further attacks that may lead to arbitrary code execution...
Microsoft Malware Protection Engine Disk Space Exhaustion Remote Denial Of Service Vulnerability
Description Microsoft Malware Protection Engine is prone to a remote denial-of-service vulnerability because it fails to properly validate certain data structures when parsing specially crafted files. Attackers can exploit this issue to cause an affected computer to stop responding or to restart...
Microsoft Windows Win32k CVE-2019-0859 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with elevated privileges. Failed exploit attempts may result in a denial of service condition. Technologies Affected Microsoft Windows 10 Version 1607...
Microsoft Word CVE-2019-0585 Remote Code Execution Vulnerability
Description Microsoft Word is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions. Technologies Affected Microsoft...
Dnsmasq CVE-2019-14834 Remote Denial of Service Vulnerability
Description Dnsmasq is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. Dnsmasq versions 2.90 and prior are vulnerable. Technologies Affected Dnsmasq Dnsmasq 2.0.0 Dnsmasq Dnsmasq 2.1...
Microsoft Windows Common Controls ActiveX Control CVE-2012-1856 Remote Code Execution Vulnerability
Description Microsoft Windows Common Controls is prone to a remote code-execution vulnerability. An attacker can exploit this issue by enticing an unsuspecting user to view a malicious webpage. Successful exploits will allow the attacker to execute arbitrary code within the context of the...
Linux Kernel CVE-2019-19338 Incomplete Fix Information Disclosure Vulnerability
Description Linux Kernel is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Linux kernel 2.0.0 Linux kernel 2.0.1 Linux kernel 2.0.10 Linux kernel 2.0.11 Linux kerne...
Microsoft Windows CloudStore CVE-2019-1321 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges. Technologies Affected Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft...
Norton Power Eraser CVE-2019-19548 Local Privilege Escalation Vulnerability
Description Norton Power Eraser is prone to a local privilege escalation vulnerability. A local attacker can leverage this issue to gain elevated privileges. Versions prior to Norton Power Eraser Prior to 5.3.0.67 are vulnerable. Technologies Affected Symantec Norton Power Eraser NPE 2.0.0.52...
Apple macOS/iCloud for Windows/iTunes CVE-2019-8745 Buffer Overflow Vulnerability
Description Apple macOS/iCloud for Windows/iTunes are prone to a buffer overflow vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in denial-of-service conditions. This issue has been fixed in:...
Apache HTTP Server Vulnerabilities Jul 2017 - Sep 2018
SUMMARY Symantec Network Protection products using affected versions of Apache httpd are susceptible to multiple security vulnerabilities. A remote attacker can obtain sensitive information, bypass intended security restrictions, modify session information in CGI applications, replay authenticate...
Ruby OpenSSL CVE-2018-16395 Certificate Validation Security Bypass Vulnerability
Description Ruby OpenSSL is prone to a security-bypass vulnerability. An attacker may exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. Technologies Affected Oracle Communications Interactive Session Recorder 6.0 Oracle...
Redis CVE-2018-11218 Remote Stack Based Buffer Overflow Vulnerability
Description Redis is prone to a remote stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code in the context of a user running the affected application. Failed exploit...
Cisco Wireless LAN Controller CVE-2019-15262 Denial of Service Vulnerability
Description Cisco Wireless LAN Controller is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to exhaust resources, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCvp34148. Technologies Affected Cisco Wireless Lan Controller...
Microsoft Windows Remote Desktop Client CVE-2019-1333 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed attacks will cause denial-of-service conditions. Technologies Affected Microsoft Windows 10 Version 1607 f...
Microsoft Office SharePoint CVE-2019-1070 Cross Site Scripting Vulnerability
Description Microsoft Office SharePoint is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This...
Microsoft Edge Scripting Engine CVE-2019-1023 Information Disclosure Vulnerability
Description Microsoft Edge is prone to an information disclosure vulnerability. Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft Edge Recommendations Run all software as a nonprivileged user with minimal acce...