6867 matches found
Sun Java SE November 2009 Multiple Security Vulnerabilities
Description Sun has released updates to address multiple security vulnerabilities in Java SE. Successful exploits may allow attackers to bypass certain security restrictions, run untrusted applets with elevated privileges, execute arbitrary code, and cause denial-of-service conditions. Other...
Microsoft Windows Kernel Integer Underflow Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. The vulnerability is caused by an integer-underflow issue. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will...
Microsoft PowerPoint Sound Data (CVE-2009-0225) Remote Code Execution Vulnerability
Description Microsoft PowerPoint is prone to a remote code-execution vulnerability. An attacker can exploit this issue by enticing a victim to open a malicious PowerPoint 95 file. Successfully exploiting this issue can allow the attacker to execute arbitrary code in the context of the currently...
Symantec Device Driver Local Elevation of Privilege
SUMMARY A Gear Software device driver distributed with several Symantec products contains a flaw which, if successfully exploited, could allow a local elevation of privilege. Risk Impact Medium Remote Access adjacent network | No ---|--- Local Access | Yes Authentication Required | Yes Exploit...
JustSystem Ichitaro Unspecified Code Execution Vulnerability
Description Ichitaro is prone to an unspecified remotely exploitable code-execution vulnerability. Remote attackers may exploit this issue to execute arbitrary code within the context of the currently logged in user. This issue is being exploited in the wild by Trojan.Tarodrop.D. Few details are...
Microsoft Windows 2000 Remote Installation Service Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. A remote attacker may exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will result in a complete compromise of vulnerable computers. Note that this issue affects only...
Symantec UPX Parsing Engine Heap Overflow
SUMMARY Symantec resolved a potential remote access compromise vulnerability reported by ISS X-Force. The vulnerability was identified in an early version of a Symantec antivirus scanning module responsible for parsing UPX compressed files that is still in limited use in some Symantec security...
Microsoft Internet Explorer Malformed IFRAME Remote Buffer Overflow Vulnerability
Description Microsoft Internet Explorer is reported prone to a remote buffer overflow vulnerability. This issue presents itself due to insufficient boundary checks performed by the application and results in arbitrary code execution or a denial of service. This issue does not affect the following...
Atrium Software Mercur Mailserver POP3 AUTH Remote Buffer Overflow Vulnerability
Description A problem has been reported in MERCUR Mailserver when handling the POP3 AUTH command. This problem may make it possible for an attacker crash the service on a vulnerable system, or gain unauthorized access. Technologies Affected Atrium Software MERCUR Mailserver 3.3.0 Atrium Software...
Lotus Notes Client R5 File Existence Verification Vulnerability
Description Lotus Notes Client R5 is a messaging and collaboration tool that contains a built in web browser. The web browser implements a Java Virtual Machine VM designed specifically for Lotus Notes. A security vulnerability exists in the Execution Control List ECL feature within the Java VM th...
Microsoft Windows 9x / Me IPX NMPI Packet DoS Vulnerability
Description If NWLink which enables Microsoft Windows to interoperate with Novell stations is enabled on a Windows 9x or ME system, it is possible to create broadcast storms which could severely impede upon network operations or cause certain targeted machines to fail. IPX/SPX Internetworked Pack...
Oracle VM Server for SPARC CVE-2020-2571 Local Security Vulnerability
Description Oracle VM Server for SPARC is prone to a local security vulnerability. The 'Templates' component is affected. This vulnerability affects the following supported versions: Oracle VM Server for SPARC 3.6 Technologies Affected Oracle VM Server for SPARC 3.6 Recommendations Permit local...
Symantec Endpoint Detection and Response CVE-2019-19547 Cross Site Scripting Vulnerability
Description Symantec Endpoint Detection and Response is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affect...
Cisco Vision Dynamic Signage Director CVE-2019-16004 Authentication Bypass Vulnerability
Description Cisco Vision Dynamic Signage Director is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass authentication mechanism and perform unauthorized actions with administrative privileges. This may lead to further attacks. This issue is being tracke...
GitLab CVE-2019-15584 Denial of Service Vulnerability
Description GitLab is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause denial-of-service conditions. GitLab versions prior to 12.3.2, 12.2.6, and 12.1.10 are vulnerable. Technologies Affected Gitlab GitLab Community Edition 10.2 Gitlab GitLab Community Edition...
Atlassian Application Links CVE-2019-15011 Information Disclosure Vulnerability
Description Atlassian Application Links is prone to an information-disclosure vulnerability. An attacker can exploit this issue to obtain sensitive information. That may aid in further attacks. The following versions of Atlassian Application Links are affected: Versions prior to 5.0.12 Versions...
Xen CVE-2019-19583 Denial of Service Vulnerability
Description Xen is prone to a denial-of-service vulnerability. Attackers can exploit this issue to crash the affected application, denying service to legitimate users. Xen Xen version through 4.12.0 are vulnerable. Technologies Affected Citrix Hypervisor 8.0 Citrix XenServer 7.0 Citrix XenServer...
Lenovo Power Management Driver CVE-2019-6192 Local Buffer Overflow Vulnerability
Description Lenovo Power Management Driver is prone to a local buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Attackers can exploit this issue to cause denial of service conditions. Due to the natur...
Microsoft Defender CVE-2019-1488 Security Bypass Vulnerability
Description Microsoft Defender is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in launching further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit...
VMware Harbor Container Registry for PCF Multiple Security Vulnerabilities
Description VMware Harbor Container Registry for PCF is prone to the following security vulnerabilities. 1. Multiple SQL-injection vulnerabilities 2. A cross-site request forgery vulnerability 3. A privilege-escalation vulnerability 4. A user-enumeration vulnerability Exploiting this issue...
Linux Kernel CVE-2019-19079 Memory Leak Denial of Service Vulnerability
Description Linux Kernel is prone to a denial-of-service vulnerability. Successful exploitation of this issue will cause excessive memory consumption, resulting in a denial-of-service condition. Linux kernel versions prior to 5.3 are vulnerable. Technologies Affected Linux kernel 2.6.0 Linux kern...
TIBCO EBX Add-on CVE-2019-17332 Cross Site Scripting Vulnerability
Description TIBCO EBX Add-on is prone to a cross-site scripting vulnerability because they fail to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let t...
McAfee Data Loss Prevention CVE-2019-3640 Information Disclosure Vulnerability
Description McAfee Data Loss Prevention is prone to an information-disclosure vulnerability. Attackers can exploit this issue to gain access to sensitive information by sniffing the traffic through a man-in-the-middle attack. Successful exploits will lead to other attacks. McAfee Data Loss...
Microsoft Windows Data Sharing Service CVE-2019-1383 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attackers may exploit this issue to gain elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windo...
Microsoft Windows CVE-2019-1384 Security Bypass Vulnerability
Description Microsoft Windows is prone to a security bypass vulnerability. Successfully exploiting this issue may allow attackers to bypass certain security restrictions and perform unauthorized actions. This may lead to other attacks. Technologies Affected Microsoft Windows 10 Version 1607 for...
Microsoft Windows Remote Procedure Call CVE-2019-1409 Local Information Disclosure Vulnerability
Description Microsoft Windows is prone to a local information-disclosure vulnerability. A local attacker can leverage this issue to disclose sensitive information that may aid in further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Versi...
Microsoft Windows Installer CVE-2019-1415 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code in kernel mode with elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version...
Multiple Cisco Products CVE-2019-15289 Denial of Service Vulnerability
Description Multiple Cisco Products are prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. This issue is being tracked by Cisco Bug IDs CSCvq12177, CSCvq29889 and CSCvq65302. Technologies Affected Cisco RoomOS Software Cisco...
Linux Kernel Multiple Security Vulnerabilities
Description Linux Kernel is prone to the following security vulnerabilities: 1. A security-bypass vulnerability 2. A local privilege-escalation vulnerability An attacker can exploit these issues to bypass certain security restrictions and perform unauthorized actions or gain elevated privileges...
Multiple F5 BIG-IP Products CVE-2019-6657 Cross Site Scripting Vulnerability
Description Multiple F5 BIG-IP Products are prone to a cross-site scripting vulnerability because they fail to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site...
Apple macOS/watchOS/iCloud for Windows CVE-2019-8750 Memory Corruption Vulnerability
Description Apple macOS, watchOS and iCloud for Windows are prone to a memory corruption vulnerability. Attackers can exploit this issue to execute arbitrary code and perform unauthorized actions. Failed exploit attempts may result in a denial-of-service condition. Technologies Affected Apple Wat...
Apple tvOS/iOS/iPadOS CVE-2019-8795 Memory Corruption Vulnerability
Description Apple iOS, iPad and tvOS are prone to a memory-corruption vulnerability. A remote attacker can leverage this issue to execute arbitrary code with system privileges. Failed exploit attempts may result in a denial-of-service condition. Technologies Affected Apple Ipad Mini- Apple TV App...
Multiple IBM Products CVE-2019-4459 Cross Site Scripting Vulnerability
Description Multiple IBM Products are prone to a cross-site scripting vulnerability because they fail to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may...
Oracle Solaris Cpuoct2019 Multiple Local Security Vulnerabilities
Description Oracle Solaris is prone to multiple local security vulnerabilities. These vulnerabilities affect the following supported versions: 11 Technologies Affected Oracle Solaris 11 Recommendations Permit local access for trusted individuals only. Where possible, use restricted environments a...
Microsoft Windows Kernel CVE-2019-1334 Local Information Disclosure Vulnerability
Description Microsoft Windows is prone to a local information-disclosure vulnerability. A local attacker can leverage this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version...
Microsoft Windows CVE-2019-1343 Denial of Service Vulnerability
Description Microsoft Windows is prone to a denial of service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft...
Siemens SIMATIC WinAC RTX (F) 2010 CVE-2019-13921 Denial of Service Vulnerability
Description Siemens SIMATIC WinAC RTX F 2010 is prone to denial of service vulnerability Remote attackers may exploit this issue to cause denial-of-service conditions. Technologies Affected Siemens SIMATIC WinAC RTX F 2010 Recommendations Run all software as a nonprivileged user with minimal acce...
Microsoft Edge Chakra Scripting Engine CVE-2019-1366 Remote Memory Corruption Vulnerability
Description Microsoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft ChakraCore Microsoft...
Microsoft Windows Update Assistant CVE-2019-1378 Local Privilege Escalation Vulnerability
Description Microsoft Windows Update Assistant is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges on the system. Technologies Affected Microsoft Windows Update Assistant Recommendations Permit local access for trusted individuals...
Microsoft SQL Server Management Studio CVE-2019-1376 Information Disclosure Vulnerability
Description Microsoft SQL Server Management Studio is prone to an information-disclosure vulnerability. An attacker can leverage this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft SQL Server Management Studio 18.3.1 Recommendations Block...
Multiple Cisco Products CVE-2019-12695 Cross Site Scripting Vulnerability
Description Multiple Cisco Products are prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected device. This...
Cisco Unified CM CVE-2019-12711 XML Entity Expansion Multiple Security Vulnerabilities
Description Cisco Unified Communications Manager is prone to multiple security vulnerabilities. An attacker can exploit these issues to gain access to sensitive information or cause denial-of-service conditions. These issues are being tracked by Cisco Bug ID CSCvp46079. Technologies Affected Cisc...
WhatsApp CVE-2019-11927 Integer Overflow Vulnerability
Description WhatsApp is prone to an integer overflow vulnerability. Attackers can exploit this issue to cause denial-of-service conditions. Due to the nature of this issue, arbitrary code-execution may be possible; however this has not been confirmed. Technologies Affected WhatsApp Inc. WhatsApp...
Apple iOS and iPadOS CVE-2019-8775 Local Security Bypass Vulnerability
Description Apple iOS and iPadOS are prone to a local security bypass vulnerability. Attackers can exploit this issue to bypass security restrictions and perform unauthorized actions. This issue is fixed in Apple iPadOS 13.1 and iOS 13.1. Technologies Affected Apple Watch Apple Watch OS 1.0 Apple...
Multiple SAP Products CVE-2019-0365 Unspecified Denial of Service Vulnerability
Description Multiple SAP Products are prone to an unspecified denial-of-service vulnerability. Successful exploits may allow an attacker to cause denial-of-service conditions. SAP Kernel KRNL32NUC, KRNL32UC and KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49,...
Microsoft Exchange CVE-2019-1233 Remote Denial of Service Vulnerability
Description Microsoft Exchange is prone to a remote denial of service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. Technologies Affected Microsoft Exchange Server 2016 Cumulative Update 12 Microsoft Exchange Server 2016 Cumulative Update 13 Microsoft...
Microsoft Windows Hyper-V CVE-2019-1254 Local Information Disclosure Vulnerability
Description Microsoft Windows is prone to a local information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10...
Microsoft Windows JET Database Engine CVE-2019-1249 Remote Code Execution Vulnerability
Description Microsoft Windows JET Database Engine is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of an affected system. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10...
Microsoft Windows GDI CVE-2019-1252 Information Disclosure Vulnerability
Description Microsoft Windows is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 16...
Google Chrome CVE-2019-13692 Security Bypass Vulnerability
Description Google Chrome is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions; this may aid in launching further attacks. Versions prior to Chrome 77.0.3865.75 are vulnerable. Technologies Affected Google...