6867 matches found
Yahoo! Messenger Webcam Viewer ActiveX Control Buffer Overflow Vulnerability
Description Yahoo! Messenger Webcam Viewer ActiveX control is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of applications th...
Microsoft Office Publisher Invalid Memory Reference Remote Code Execution Vulnerability
Description Microsoft Office Publisher is prone to a remote code-execution vulnerability. An attacker can exploit this issue by enticing an unsuspecting victim to open a maliciously crafted Publisher file. Successful exploits may allow attackers to execute arbitrary code with privileges of the us...
Microsoft PowerPoint Object Pointer Remote Code Execution Vulnerability
Description Microsoft PowerPoint is prone to a remote code-execution vulnerability. Exploiting this issue can allow remote attackers to execute arbitrary code on a vulnerable computer by supplying a malicious PowerPoint .ppt document to a user. Technologies Affected Microsoft Office 2000 Microsof...
Apple Mac OS X Archive Metadata Command Execution Vulnerability
Description Apple Mac OS X is prone to an arbitrary command-execution vulnerability when processing metadata in archive files. Commands would be executed in the context of the user opening the archive file. Attackers can reportedly use Safari and Apple Mail as exploitation vectors for this...
Microsoft Internet Explorer DHTML Object Race Condition Memory Corruption Vulnerability
Description A vulnerability in Microsoft Internet Explorer may allow remote attackers to execute arbitrary code in the context of users visiting malicious Web sites. This issue presents itself the affected application attempts to process certain script objects, a race condition may lead to the...
Microsoft Windows Private Communications Transport Protocol Buffer Overrun Vulnerability
Description Various Microsoft Windows operating systems are prone to a remotely exploitable stack-based buffer overrun via the PCT Private Communications Transport protocol. Successful exploitation of this issue could allow a remote attacker to execute malicious code on a vulnerable system,...
Microsoft FrontPage Server Extensions SmartHTML Interpreter Denial Of Service Vulnerability
Description A denial of service vulnerability has been reported in the SmartHTML interpreter component of FrontPage Server Extensions that may be exploited by remote attackers. This issue could be exploited to deny availability of CPU resources on the system, potentially causing a denial of servi...
Microsoft Windows RPCSS Multi-thread Race Condition Vulnerability
Description It has been reported that a variant attack in the RPCSS service of Microsoft Windows exists. Because of this, it may be possible for an attacker to mount denial of service attacks and execute arbitrary code on the affected system. The source of the issue is reportedly a multi-thread...
InterSystems Cache Insecure Default Permissions Vulnerability
Description It has been reported that the permissions set by default on the files and directories comprising InterSystems Cache are insecure. The permissions on directories allegedly allow for any user to overwrite any file. This creates many opportunities for local attackers to obtain root...
Multiple Sun Database Functions Buffer Overflow Vulnerabilities
Description Sun dbmopen, ndbm, dbm and dbminit library functions have been reported prone to buffer overflow vulnerabilities. Each of these issues likely present themselves due to a lack of sufficient bounds checking performed when copying externally supplied data into an internal memory buffer...
GoodTech FTP Server Denial of Service
Description GoodTech FTP Server is subject to a denial of service. If an attacker successfully makes an unusually large number of connections, the server will crash. Technologies Affected GoodTech FTP Server 95/98 3.0.1 GoodTech FTP Server NT/2000 3.0.1 GoodTech has addressed this issue in a new...
Oracle GraalVM Enterprise Edition CVE-2020-2581 Local Security Vulnerability
Description Oracle GraalVM Enterprise Edition is prone to a local security vulnerability. The 'LLVM Interpreter' component is affected. This vulnerability affects the following supported versions: 19.3.0.2 Technologies Affected Oracle GraalVM Enterprise Edition 19.3.0.2 Recommendations Block...
Microsoft Windows Subsystem for Linux CVE-2020-0636 Local Privilege Escalation Vulnerability
Description Microsoft Windows Subsystem for Linux is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges. Technologies Affected Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based...
Cisco UCS Director CVE-2019-16003 Information Disclosure Vulnerability
Description Cisco UCS Director is prone to an information-disclosure vulnerability. An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. This issue is being tracked by Cisco bug ID CSCvr00602. Technologies Affected Cisco UCS Director 4.0.0.0 Cisco UC...
RedHat Ceph CVE-2019-19337 Remote Denial of Service Vulnerability
Description RedHat Ceph is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause denial-of-service conditions. Technologies Affected Redhat Ceph Storage 3 Redhat Ceph Storage 3.3 Redhat Ceph Storage MON 3 Redhat Ceph Storage MON for Power 3 Redhat Ceph Stora...
Telos AMHS Multiple Cross Site Scripting and Information Disclosure Vulnerabilities
Description Telos AMHS is prone to multiple cross-site scripting vulnerabilities and an information-disclosure vulnerability. An attacker may leverage these issues to obtain sensitive information or execute arbitrary script code in the browser of an unsuspecting user in the context of the affecte...
Equinox Control Expert CVE-2019-18234 SQL Injection Vulnerability
Description Equinox Control Expert is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying...
Drupal Modal Page Module SA-CONTRIB-2019-094 Unauthorized Access Vulnerability
Description The modal page module for Drupal is prone to an unauthorized-access vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. Drupal Modal Page versions 8.x-2.4, 8.x-2.3,...
Libsixel CVE-2019-20022 Denial of Service Vulnerability
Description Libsixel is prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash the application; denying service to legitimate users. Libsixel versions prior to 1.8.3 are vulnerable. Technologies Affected Libsixel Libsixel 1.0.0 Libsixel Libsixel 1.1.0 Libsixel...
Adobe Acrobat and Reader APSB19-55 Multiple Security Vulnerabilities
Description Adobe Acrobat and Reader are prone to multiple security vulnerabilities. Successfully exploiting these issues allow attackers to execute arbitrary code in the context of current user running the affected application and bypass security restrictions and perform unauthorized actions...
Microsoft Windows OLE CVE-2019-1484 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial of service conditions. Technologies Affected Microsoft...
Siemens XHQ Operations Intelligence SSA-525454 Multiple Input Validation Vulnerabilities
Description Siemens XHQ Operations Intelligence is prone to multiple input-validation vulnerabilities. An attacker can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, o...
Node.js 'lodahs' Package CVE-2019-19771 Unspecified Security Vulnerability
Description The 'lodahs' Package for Node.js is prone to an unspecified security vulnerability. Successfully exploiting this issue will allow attackers to perform unauthorized actions; this may aid in launching further attacks. Node.js lodahs version 1.0.0 is vulnerable Technologies Affected Node...
Cisco SD-WAN Solution CVE-2019-16002 Cross Site Request Forgery Vulnerability
Description Cisco SD-WAN Solution is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. This issue is being tracked by Cisco Bu...
Microsoft Outlook for Android CVE-2019-1460 Spoofing Vulnerability
Description Microsoft Outlook for Android is prone to a security vulnerability that may allow attackers to conduct spoofing attacks. An attacker can exploit this issue to conduct spoofing attacks and perform unauthorized actions; other attacks are also possible. Technologies Affected Microsoft...
Moodle CVE-2019-14881 Cross Site Scripting Vulnerability
Description Moodle is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attack...
SAP Quality Management CVE-2019-0393 Unspecified SQL Injection Vulnerability
Description SAP Quality Management is prone to an unspecified SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue to compromise the application, access or modify data, or exploit latent...
Microsoft Windows Win32k CVE-2019-1395 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code in kernel mode with elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version...
Adobe Illustrator CVE-2019-7962 DLL Loading Privilege Escalation Vulnerability
Description Adobe Illustrator is prone to a privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges. Adobe Illustrator CC version 23.1 and prior are vulnerable. Technologies Affected Adobe Illustrator CC 19 Adobe Illustrator CC 21 Adobe Illustrator CC 22...
FriBidi CVE-2019-18397 Stack Buffer Overflow Vulnerability
...
Google Android Library CVE-2019-2201 Remote Code Execution Vulnerability
Description Google Android is prone to a remote code execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the affected application. This issue is being tracked by Android bug ID A-120551338. Technologies Affected Google Android 10.0 Google Androi...
Trend Micro Apex One CVE-2019-18188 Command Injection Vulnerability
Description Trend Micro Apex One is prone to a command-injection vulnerability because it fails to properly sanitize user-supplied input. Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the affected application. Failed exploit attempts will...
IBM Cloud Orchestrator CVE-2019-4397 Information Disclosure Vulnerability
Description IBM Cloud Orchestrator is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. The following versions are affected: IBM Cloud Orchestrator 2.5, 2.5.0.1, 2.5.0.2, 2.5.0.3, 2.5.0.4...
IBM Security Guardium Big Data Intelligence CVE-2019-4339 Information Disclosure Vulnerability
Description IBM Security Guardium Big Data Intelligence is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Technologies Affected IBM Security Guardium Big Data Intelligence 4.0 Recommendations Bloc...
Multiple IBM Products CVE-2019-4546 Unauthorized Access Vulnerability
Description Multiple IBM Products are prone to an unauthorized-access vulnerability Attackers can exploit this issue to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. Technologies Affected IBM Maximo Asset Management IBM Maximo Health Safety and...
GNU Guix CVE-2019-18192 Local Privilege Escalation Vulnerability
Description GNU Guix is prone to a local privilege-escalation vulnerability. An attacker may exploit this issue to gain elevated privileges. Successful exploits may aid in further attacks. GNU Guix version 1.0.1 is vulnerable; other versions may also be affected. Technologies Affected GNU Guix...
Cisco TelePresence CE Software CVE-2019-15274 Local Command Injection Vulnerability
Description Cisco TelePresence CE Software is prone to a local command-injection vulnerability. An attacker may exploit this issue to inject and execute arbitrary commands. This issue being tracked by Cisco Bug IDs CSCvq29893. Technologies Affected Cisco TelePresence CE Software 8.0.0 Cisco...
Oracle Database Server Multiple Remote Security Vulnerabilities
Description Oracle Database Server is prone to multiple remote security vulnerabilities. These vulnerabilities can be exploited over the 'OracleNet' protocol. These vulnerabilities affects the following supported versions: 12.2.0.1, 18c and 19c Technologies Affected Oracle Database Server 12.2.0....
Oracle PeopleSoft Enterprise SCM eProcurement CVE-2019-3001 Remote Security Vulnerability
Description Oracle PeopleSoft Enterprise SCM eProcurement is prone to a remote security vulnerability. These vulnerabilities can be exploited over the 'HTTP' protocol. These vulnerabilities affect the following supported versions: 9.2 Technologies Affected Oracle PeopleSoft Enterprise SCM...
Oracle Hospitality Cruise Dining Room Management CVE-2019-2953 Remote Security Vulnerability
Description Oracle Hospitality Cruise Dining Room Management is prone to a remote security vulnerability. The vulnerability can be exploited over the 'HTTP' protocol. This vulnerability affects the following supported versions: 8.0.80 Technologies Affected Oracle Hospitality Cruise Dining Room...
Adobe Acrobat and Reader CVE-2019-8166 Arbitrary Code Execution Vulnerability
Description Adobe Acrobat and Reader are prone to an arbitrary code-execution vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of current user running the affected application. Failed exploits will result in denial-of-service conditions...
PHP 'Closure::bindTo' Memory Corruption Vulnerability
Description PHP is prone to a a memory-corruption vulnerability. Successful exploits may allow the attacker to cause denial-of-service condition. Versions prior to PHP 7.4.0 are vulnerable. Technologies Affected PHP PHP 7.3.0 PHP PHP 7.3.1 PHP PHP 7.3.10 PHP PHP 7.3.11 PHP PHP 7.3.2 PHP PHP 7.3.3...
Juniper Junos CVE-2019-0071 Local Security Bypass Vulnerability
Description Juniper Junos is prone to a local security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. Junos OS versions 18.1R3-S4 and 18.3R1-S3 for EX2300, EX2300-C and EX3400 platforms are vulnerable. Technologies...
HP Access Control CVE-2019-6330 Unspecified Privilege Escalation Vulnerability
Description HP Access Control is prone to an unspecified privilege-escalation vulnerability. Attackers can leverage this issue to gain elevated privileges. Successful exploits may compromise affected computers. Note: Technical details are currently unavailable. We will update this BID as soon as...
Cisco Unified Contact Center Express CVE-2019-15259 HTTP Response Splitting Vulnerability
Description Cisco Unified Contact Center Express is prone to an HTTP response-splitting vulnerability. Attackers can leverage this issue to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into having a...
Palo Alto Networks Zingbox Inspector CVE-2019-15017 Security Vulnerability
Description Palo Alto Networks Zingbox Inspector is prone to a security vulnerability. An attacker can exploit this issue to gain unauthorized access to the vulnerable system and perform unauthorized actions. Versions prior to Zingbox Inspector 1.295 are vulnerable. Technologies Affected...
F5 BIG-IQ Centralized Management CVE-2019-6653 HTML Injection Vulnerability
Description F5 BIG-IQ Centralized Management is prone to an HTML-injection vulnerability because it fails to sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected site, potentially allowing the attacker to steal...
Adobe Flash Player CVE-2019-8075 Security Bypass Vulnerability
Description Adobe Flash Player is prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass security restrictions to obtain sensitive information; this may aid in launching further attacks. Technologies Affected Adobe Adobe Flash Player 11 11.7 Adobe Adobe Flash Player...
Microsoft Windows Hyper-V CVE-2019-0928 Denial of Service Vulnerability
Description Microsoft Windows is prone to a denial of service vulnerability. An attacker can exploit this issue to crash the host machine, resulting in a denial of service condition. Technologies Affected Microsoft Hyper-V Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows ...
Microsoft Windows ALPC CVE-2019-1269 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can leverage this issue to execute arbitrary code in the security context of the local system. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10...