6867 matches found
GoodTech FTP Server Denial of Service
Description GoodTech FTP Server is subject to a denial of service. If an attacker successfully makes an unusually large number of connections, the server will crash. Technologies Affected GoodTech FTP Server 95/98 3.0.1 GoodTech FTP Server NT/2000 3.0.1 GoodTech has addressed this issue in a new...
Oracle GraalVM Enterprise Edition CVE-2020-2581 Local Security Vulnerability
Description Oracle GraalVM Enterprise Edition is prone to a local security vulnerability. The 'LLVM Interpreter' component is affected. This vulnerability affects the following supported versions: 19.3.0.2 Technologies Affected Oracle GraalVM Enterprise Edition 19.3.0.2 Recommendations Block...
RedHat Ceph CVE-2019-19337 Remote Denial of Service Vulnerability
Description RedHat Ceph is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause denial-of-service conditions. Technologies Affected Redhat Ceph Storage 3 Redhat Ceph Storage 3.3 Redhat Ceph Storage MON 3 Redhat Ceph Storage MON for Power 3 Redhat Ceph Stora...
Telos AMHS Multiple Cross Site Scripting and Information Disclosure Vulnerabilities
Description Telos AMHS is prone to multiple cross-site scripting vulnerabilities and an information-disclosure vulnerability. An attacker may leverage these issues to obtain sensitive information or execute arbitrary script code in the browser of an unsuspecting user in the context of the affecte...
Equinox Control Expert CVE-2019-18234 SQL Injection Vulnerability
Description Equinox Control Expert is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying...
Adobe Acrobat and Reader APSB19-55 Multiple Security Vulnerabilities
Description Adobe Acrobat and Reader are prone to multiple security vulnerabilities. Successfully exploiting these issues allow attackers to execute arbitrary code in the context of current user running the affected application and bypass security restrictions and perform unauthorized actions...
Siemens XHQ Operations Intelligence SSA-525454 Multiple Input Validation Vulnerabilities
Description Siemens XHQ Operations Intelligence is prone to multiple input-validation vulnerabilities. An attacker can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, o...
Node.js 'lodahs' Package CVE-2019-19771 Unspecified Security Vulnerability
Description The 'lodahs' Package for Node.js is prone to an unspecified security vulnerability. Successfully exploiting this issue will allow attackers to perform unauthorized actions; this may aid in launching further attacks. Node.js lodahs version 1.0.0 is vulnerable Technologies Affected Node...
Microsoft Outlook for Android CVE-2019-1460 Spoofing Vulnerability
Description Microsoft Outlook for Android is prone to a security vulnerability that may allow attackers to conduct spoofing attacks. An attacker can exploit this issue to conduct spoofing attacks and perform unauthorized actions; other attacks are also possible. Technologies Affected Microsoft...
Critical System Protection Authentication Bypass
SUMMARY Symantec has released an update to address an issue that was discovered in the Critical System Protection CSP product. AFFECTED PRODUCTS Critical System Protection CSP --- CVE | Affected Versions | Remediation CVE-2019-18374 | 8.0, 8.0 HF1 & 8.0 MP1 | Upgrade to 8.0 MP1 HF1 ISSUES...
Moodle CVE-2019-14881 Cross Site Scripting Vulnerability
Description Moodle is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attack...
SAP Quality Management CVE-2019-0393 Unspecified SQL Injection Vulnerability
Description SAP Quality Management is prone to an unspecified SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue to compromise the application, access or modify data, or exploit latent...
Broadcom Brocade SANnav CVE-2019-16207 Hardcoded Credentials Vulnerability
Description Broadcom Brocade SANnav is prone to a hard-coded credentials vulnerability. An attacker can exploit this issue to gain unauthorized access to the vulnerable system and perform unauthorized actions. Versions prior to Brocade SANnav 2.0 are vulnerable. Technologies Affected Broadcom...
IBM Cloud Orchestrator CVE-2019-4396 CRLF Injection Vulnerability
Description IBM Cloud Orchestrator is prone to a CRLF-injection vulnerability. An attacker can exploit this issue to add arbitrary headers to a webpage. This may aid in further attacks. The following versions are vulnerable: IBM Cloud Orchestrator 2.5, 2.5.0.1, 2.5.0.2, 2.5.0.3, 2.5.0.4, 2.5.0.5,...
IBM Security Guardium Big Data Intelligence CVE-2019-4339 Information Disclosure Vulnerability
Description IBM Security Guardium Big Data Intelligence is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Technologies Affected IBM Security Guardium Big Data Intelligence 4.0 Recommendations Bloc...
IBM Security Guardium Big Data Intelligence CVE-2019-4309 Hardcoded Credentials Vulnerability
Description IBM Security Guardium Big Data Intelligence is prone to a hard-coded credentials vulnerability. An attacker can exploit this issue to gain unauthorized access to the vulnerable system and perform unauthorized actions. Security Guardium Big Data Intelligence 4.0 is vulnerable...
GNU Guix CVE-2019-18192 Local Privilege Escalation Vulnerability
Description GNU Guix is prone to a local privilege-escalation vulnerability. An attacker may exploit this issue to gain elevated privileges. Successful exploits may aid in further attacks. GNU Guix version 1.0.1 is vulnerable; other versions may also be affected. Technologies Affected GNU Guix...
Cisco Firepower Management Center CVE-2019-15280 HTML Injection Vulnerability
Description Cisco Firepower Management Center is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attack...
Cisco TelePresence CE Software CVE-2019-15274 Local Command Injection Vulnerability
Description Cisco TelePresence CE Software is prone to a local command-injection vulnerability. An attacker may exploit this issue to inject and execute arbitrary commands. This issue being tracked by Cisco Bug IDs CSCvq29893. Technologies Affected Cisco TelePresence CE Software 8.0.0 Cisco...
Oracle Database Server Multiple Remote Security Vulnerabilities
Description Oracle Database Server is prone to multiple remote security vulnerabilities. These vulnerabilities can be exploited over the 'OracleNet' protocol. These vulnerabilities affects the following supported versions: 12.2.0.1, 18c and 19c Technologies Affected Oracle Database Server 12.2.0....
Oracle PeopleSoft Enterprise SCM eProcurement CVE-2019-3001 Remote Security Vulnerability
Description Oracle PeopleSoft Enterprise SCM eProcurement is prone to a remote security vulnerability. These vulnerabilities can be exploited over the 'HTTP' protocol. These vulnerabilities affect the following supported versions: 9.2 Technologies Affected Oracle PeopleSoft Enterprise SCM...
Oracle Hospitality Cruise Dining Room Management CVE-2019-2953 Remote Security Vulnerability
Description Oracle Hospitality Cruise Dining Room Management is prone to a remote security vulnerability. The vulnerability can be exploited over the 'HTTP' protocol. This vulnerability affects the following supported versions: 8.0.80 Technologies Affected Oracle Hospitality Cruise Dining Room...
Adobe Acrobat and Reader CVE-2019-8160 Cross Site Scripting Vulnerability
Description Adobe Acrobat and Reader are prone to a cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication...
Juniper Junos CVE-2019-0071 Local Security Bypass Vulnerability
Description Juniper Junos is prone to a local security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. Junos OS versions 18.1R3-S4 and 18.3R1-S3 for EX2300, EX2300-C and EX3400 platforms are vulnerable. Technologies...
HP Access Control CVE-2019-6330 Unspecified Privilege Escalation Vulnerability
Description HP Access Control is prone to an unspecified privilege-escalation vulnerability. Attackers can leverage this issue to gain elevated privileges. Successful exploits may compromise affected computers. Note: Technical details are currently unavailable. We will update this BID as soon as...
Cisco Firepower System Software Multiple Security Bypass Vulnerabilities
Description Cisco Firepower System Software is prone to multiple security-bypass vulnerabilities. Remote attackers can exploit these issues to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Cisco Bug IDs CSCvo70545...
Cisco Unified Contact Center Express CVE-2019-15259 HTTP Response Splitting Vulnerability
Description Cisco Unified Contact Center Express is prone to an HTTP response-splitting vulnerability. Attackers can leverage this issue to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into having a...
CA Network Flow Analysis CVE-2019-13658 Default Credentials Security Bypass Vulnerability
Description CA Network Flow Analysis is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and execute arbitrary command. The following versions are vulnerable: CA Network Flow Analysis 10.0.xCA Network Flow Analysis 9.x Technologie...
F5 BIG-IQ Centralized Management CVE-2019-6653 HTML Injection Vulnerability
Description F5 BIG-IQ Centralized Management is prone to an HTML-injection vulnerability because it fails to sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected site, potentially allowing the attacker to steal...
Adobe Flash Player CVE-2019-8075 Security Bypass Vulnerability
Description Adobe Flash Player is prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass security restrictions to obtain sensitive information; this may aid in launching further attacks. Technologies Affected Adobe Adobe Flash Player 11 11.7 Adobe Adobe Flash Player...
Microsoft Windows JET Database Engine CVE-2019-1247 Remote Code Execution Vulnerability
Description Microsoft Windows JET Database Engine is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of an affected system. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10...
Microsoft Edge Scripting Engine CVE-2019-1299 Information Disclosure Vulnerability
Description Microsoft Edge is prone to an information disclosure vulnerability. Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft Edge Recommendations Run all software as a nonprivileged user with minimal acce...
Microsoft Edge Chakra Scripting Engine CVE-2019-1195 Remote Memory Corruption Vulnerability
Description Microsoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft ChakraCore Microsoft...
Microsoft Edge Chakra Scripting Engine CVE-2019-1196 Remote Memory Corruption Vulnerability
Description Microsoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft ChakraCore Microsoft...
Microsoft Windows Hyper-V CVE-2019-0717 Denial of Service Vulnerability
Description Microsoft Windows is prone to a denial of service vulnerability. An attacker can exploit this issue to crash the host machine, resulting in a denial of service condition. Technologies Affected Microsoft Hyper-V Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows ...
Microsoft Windows File Signature CVE-2019-1163 Security Bypass Vulnerability
Description Microsoft Windows is prone to a security-bypass vulnerability. An attacker can leverage this issue to bypass certain security restrictions and perform unauthorized actions. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for...
Microsoft Windows DHCP Server CVE-2019-1213 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code on the DHCP server. Technologies Affected Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2...
Microsoft Windows Kernel CVE-2019-1190 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with elevated privileges. Technologies Affected Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based...
Microsoft Windows MS XML CVE-2019-1057 Remote Memory Corruption Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. Successful exploits can allow attackers to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely cause a denial-of-service condition. Technologies Affected Microsoft...
SAP ERP HCM CVE-2019-0325 Remote Authorization Bypass Vulnerability
Description SAP ERP HCM Basis is prone to an authorization-bypass vulnerability. Attackers can exploit this issue to gain unauthorized access and obtain sensitive information. This may aid in further attacks. Technologies Affected SAP ERP HCM 3.0 Recommendations Block external access at the netwo...
Symantec Messaging Gateway Information Disclosure
SUMMARY Symantec has released an update to address an issue that was discovered in the Symantec Messaging Gateway SMG product. AFFECTED PRODUCTS Symantec Messaging Gateway SMG --- CVE | Affected Versions | Remediation CVE-2019-9699 | Prior to 10.7.0 | Upgrade to 10.7.0 ISSUES CVE-2019-9699 ---...
Microsoft Windows CVE-2019-0840 Local Information Disclosure Vulnerability
Description Microsoft Windows is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks. Technologies Affected Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10...
Microsoft Office Access Connectivity Engine CVE-2019-0824 Remote Code Execution Vulnerability
Description Microsoft Office Access Connectivity Engine is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of an affected system. Technologies Affected Microsoft Office 2010 Service Pack 2 32-bit editions Microsoft Office...
Microsoft Edge CVE-2019-0649 Remote Privilege Escalation Vulnerability
Description Microsoft Edge is prone to a remote privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges. Technologies Affected Microsoft ChakraCore Microsoft Edge Recommendations Block external access at the network boundary, unless external parties...
Microsoft Edge CVE-2019-0645 Remote Memory Corruption Vulnerability
Description Microsoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft Edge Recommendations...
Oracle Enterprise Manager Ops Center CVE-2016-4000 Remote Security Vulnerability
Description Oracle Enterprise Manager Ops Center is prone to a remote security vulnerability. The vulnerability can be exploited over the 'HTTP' protocol. The 'Networking Jython' component is affected. This vulnerability affects the following supported versions: 12.2.2, 12.3.3 Technologies Affect...
Microsoft ChakraCore Scripting Engine CVE-2018-8391 Remote Memory Corruption Vulnerability
Description Microsoft ChakraCore Scripting Engine is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsof...
Microsoft Windows Kernel CVE-2018-8446 Local Information Disclosure Vulnerability
Description Microsoft Windows is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version...
Microsoft Windows Kernel CVE-2018-8442 Local Information Disclosure Vulnerability
Description Microsoft Windows is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version...
Microsoft Windows Hyper-V CVE-2018-8434 Information Disclosure Vulnerability
Description Microsoft Windows is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Hyper-V Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft...