Microsoft Windows JET Database Engine CVE-2019-1246 Remote Code Execution Vulnerability

Description Microsoft Windows JET Database Engine is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of an affected system. Technologies Affected Microsoft Office 2010 32-bit edition SP2 Microsoft Office 2010 64-bit editi...

Microsoft Windows Text Service Framework CVE-2019-1235 Local Privilege Escalation Vulnerability

Description Microsoft Windows Text Service Framework is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to gain the elevated privileges on the system. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 16...

Microsoft Windows LNK CVE-2019-1280 Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to execute arbitrary code on the target system. Failed attacks may cause denial of service conditions. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit...

Microsoft Windows GDI Component CVE-2019-1286 Information Disclosure Vulnerability

Description Microsoft Windows is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 16...

Microsoft Windows Remote Desktop Client CVE-2019-0788 Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed attacks will cause denial-of-service conditions. Technologies Affected Microsoft Windows 10 Version 1607 f...

Microsoft Windows Remote Desktop Client CVE-2019-0787 Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed attacks will cause denial-of-service conditions. Technologies Affected Microsoft Windows 10 Version 1607 f...

Microsoft Windows JET Database Engine CVE-2019-1243 Remote Code Execution Vulnerability

Description Microsoft Windows JET Database Engine is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of an affected system. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10...

Microsoft Windows DirectWrite CVE-2019-1244 Information Disclosure Vulnerability

Description Microsoft Windows is prone to an information-disclosure vulnerability. An attacker can leverage this issue to disclose sensitive information that may aid in further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 fo...

Multiple SAP Products CVE-2019-0365 Unspecified Denial of Service Vulnerability

Description Multiple SAP Products are prone to an unspecified denial-of-service vulnerability. Successful exploits may allow an attacker to cause denial-of-service conditions. SAP Kernel KRNL32NUC, KRNL32UC and KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49,...

IBM Security Access Manager CVE-2019-4036 Remote Denial of Service Vulnerability

Description IBM Security Access Manager is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. Technologies Affected IBM Security Access Manager Recommendations Block external access at the network boundary, unless external...

OpenSSL CVE-2019-1549 Security Vulnerability

Description OpenSSL is prone to a security vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. OpenSSL versions 1.1.1 through 1.1.1c are vulnerable. Technologies Affected IBM Cloud Private 3.2.0 CD IBM Cloud Private 3.2.1 CD...

IBM WebSphere Application Server CVE-2019-4442 Directory Traversal Vulnerability

Description IBM WebSphere Application Server is prone to a directory-traversal vulnerability. An attacker can exploit this issue using directory-traversal characters '../' to access and write arbitrary files or to execute arbitrary files. IBM WebSphere Application Server version 9.0, 8.5, 8.0 and...

Python CVE-2019-16056 Security Bypass Vulnerability

Description Python is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. Python versions through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4 are...

OpenSSL Vulnerabilities Oct 2018 - Jul 2019

SUMMARY Symantec Network Protection products using affected versions of OpenSSL are susceptible to multiple vulnerabilities. An attacker can recover DSA, ECDH, and ECDSA private keys through timing side-channel attacks. A remote attacker can also decrypt encrypted ciphertext and modify OpenSSL...

Linux Kernel Vulnerabilities May-June 2019

SUMMARY Symantec Network Protection products using affected versions of the Linux kernel are susceptible to multiple vulnerabilities. A remote attacker can cause denial of service through resource exhaustion and memory corruption. A local attacker can escalate their privileges on the system...

lodash CVE-2019-1010266 Denial of Service Vulnerability

Description lodash is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause a denial-of-service condition. lodash versions prior to 4.17.11 are vulnerable. Technologies Affected Cisco Application Policy Infrastructure Controller APIC IBM Cloud Private 3.2.0 CD IBM...

Libexpat Expat CVE-2019-15903 Heap Buffer Overflow Vulnerability

Description Libexpat Expat is prone to a heap-based buffer-overflow vulnerability. An attacker can exploit this issue to cause denial-of-service conditions. Libexpat Expat versions prior to 2.2.8 are vulnerable. Technologies Affected Libexpat Expat 1.95.1 Libexpat Expat 1.95.2 Libexpat Expat 1.95...

Xpdf CVE-2019-16115 Buffer Underflow Vulnerability

Description Xpdf is prone to a buffer-underflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to cause denial-of-service conditions. Due to the nature of this issue, arbitrary code execution may be possible but this ha...

Multiple Honeywell Products CVE-2019-18230 Unauthorized Access Vulnerability

Description Multiple Honeywell Products are prone to an unauthorized-access vulnerability. Attackers can exploit this issue to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. Technologies Affected Honeywell H2W2GR1 Honeywell H3W2GR1 Honeywell H3W2GR1V...

Samba CVE-2019-10197 Privilege Escalation Vulnerability

Description Samba is prone to a privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges. This issue has been fixed in Samba 4.9.13, 4.10.8 and 4.11.0rc3. Technologies Affected IBM Watson Studio Local 1.2.3 Redhat Enterprise Linux 7 Redhat Enterprise Linu...

Docker CVE-2019-14271 Arbitrary Code Execution Vulnerability

Description Docker is prone to an arbitrary code-execution vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Technologies Affected Docker Docker 19.03.0 Docker Docker EE 17.06.2-ee-10 Docker Docker EE...

Exim CVE-2019-15846 Arbitrary Code Execution Vulnerability

Description Exim is prone to an arbitrary code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code with root privileges. Exim versions 4.8 through 4.92.1 are vulnerable. Technologies Affected Exim Exim 4.80 Exim Exim 4.80.1 Exim Exim 4.82 Exim Exim 4.82.1 Exim Ex...

curl/libcURL CVE-2019-5482 Heap Buffer Overflow Vulnerability

Description curl/libcURL is prone a heap-based buffer-overflow vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. libcurl versions 7.19.4 through 7.65.3...

MongoDB Server CVE-2019-2390 Remote Code Execution Vulnerability

Description MongoDB Server is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause a denial-of-service condition. Technologies Affected IBM...

GitLab Omnibus CVE-2019-15741 Privilege Escalation Vulnerability

Description GitLab Omnibus is prone to a remote privilege-escalation vulnerability. A remote attacker can exploit this issue to gain elevated privileges. Versions prior to GitLab 12.2.3, 12.1.8, and 12.0.8 are vulnerable. Technologies Affected Gitlab GitLab 7.4 Gitlab GitLab 7.4.2 Gitlab GitLab...

ISC Kea CVE-2019-6472 Denial of Service Vulnerability

Description ISC Kea is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. Kea 1.4.0 through 1.5.0, 1.6.0-beta1, and 1.6.0-beta2 are vulnerable. Technologies Affected ISC Kea 1.4.0 ISC Kea 1.5.0 ISC Kea 1.6.0-beta1 ISC Kea...

ISC Kea CVE-2019-6473 Denial of Service Vulnerability

Description ISC Kea is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. Kea 1.4.0 through 1.5.0, 1.6.0-beta1, and 1.6.0-beta2 are vulnerable. Technologies Affected ISC Kea 1.4.0 ISC Kea 1.5.0 ISC Kea 1.6.0-beta1 ISC Kea...

Dell EMC Enterprise Copy Data Management Certificate Validation Security Bypass Vulnerability

Description Dell EMC Enterprise Copy Data Management is prone to a security-bypass vulnerability because the application fails to properly validate certificates. Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid...

ISC Kea CVE-2019-6474 Denial of Service Vulnerability

Description ISC Kea is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. Kea 1.4.0 through 1.5.0, 1.6.0-beta1, and 1.6.0-beta2 are vulnerable. Technologies Affected ISC Kea 1.4.0 ISC Kea 1.5.0 ISC Kea 1.6.0-beta1 ISC Kea...

Information Disclosure Vulnerability in MC

SUMMARY The Symantec Management Center REST API is susceptible to an information disclosure vulnerability. A malicious authenticated user can obtain passwords for external backup and CPL policy import servers that they might not otherwise be authorized to access. AFFECTED PRODUCTS Management Cent...

XSS and Information Disclosure Vulnerabilities in ASG and ProxySG

SUMMARY The Symantec ASG and ProxySG FTP proxy WebFTP mode is susceptible to XSS and information disclosure vulnerabilities. A remote attacker can inject malicious JavaScript code in the web listing of a remote FTP server and obtain authentication credentials for a remote FTP server. AFFECTED...

Information Disclosure Vulnerability in Reporter

SUMMARY The Symantec Reporter web UI is susceptible to an information disclosure vulnerability. A malicious authenticated Reporter administrator user can obtain passwords for external servers that they might not otherwise be authorized to access. The malicious user can also obtain the passwords o...

file CVE-2019-18218 Heap Based Buffer Overflow Vulnerability

Description file is prone to a heap-based buffer-overflow vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions. file versions 5.37 and prior are...

MicroPyramid Django CRM CVE-2019-11457 Multiple Cross Site Request Forgery Vulnerabilities

Description MicroPyramid Django CRM is prone to multiple cross-site request-forgery vulnerabilities. Exploiting these issues may allow a remote attacker to perform certain unauthorized actions in the context of the affected application. MicroPyramid Django CRM version 0.2.1 is vulnerable...

Redhat 3scale API Management CVE-2019-14849 Information Disclosure Vulnerability

Description Redhat 3scale API Management is prone to an information-disclosure vulnerability Remote attackers can exploit this issue to obtain sensitive information that may lead to further attacks. Redhat 3scale API Management versions 2.6 and prior are vulnerable. Technologies Affected Redhat...

Google Android Media Framework Component Multiple Security Vulnerabilities

Description Google Android is prone to the following security vulnerabilities: 1. Multiple remote-code execution vulnerabilities 2. Multiple privilege-escalation vulnerabilities 3. Multiple information-disclosure vulnerabilities 4. Multiple denial of service vulnerabilities An attacker can...

Google Android Library Components Multiple Local Privilege Escalation Vulnerabilities

Description Google Android is prone to multiple local privilege-escalation vulnerabilities. An attacker can exploit these issues to gain elevated privileges. These issues are being tracked by Android Bug IDs A-110986616 and A-79593569. Technologies Affected Google Android 1.5 Google Android 1.6...

Google Android Runtime Components Multiple Local Privilege Escalation Vulnerabilities

Description Google Android is prone to multiple local privilege-escalation vulnerabilities. An attacker can exploit these issues to gain elevated privileges. These issues are being tracked by Android Bug IDs A-113039724 and A-110035108. Technologies Affected Google Android 1.5 Google Android 1.6...

Google Android System Component Multiple Security Vulnerabilities

Description Google Android is prone to the following security vulnerabilities: 1. Multiple remote code-execution vulnerabilities. 2. Multiple remote privilege-escalation vulnerabilities. 3. Multiple information-disclosure vulnerabilities. 4. Multiple denial-of-service vulnerability An attacker...

Artifex Ghostscript CVE-2019-14812 Remote Privilege Escalation Vulnerability

Description Ghostscript is prone to a remote privilege-escalation vulnerability. A remote attacker can exploit this issue to gain elevated privileges and access arbitrary files or execute arbitrary commands on the affected system. Versions prior to Ghostscript 9.50 are vulnerable. Technologies...

Apache Commons Beanutils CVE-2019-10086 Remote Security Vulnerability

Description Apache Commons Beanutils is prone to a remote security vulnerability. An attacker can leverage this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. Apache Commons Beanutils 1.9.2, and 1.9.3 are vulnerable. Technologies Affected...

Dnsmasq CVE-2019-14834 Remote Denial of Service Vulnerability

Description Dnsmasq is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. Dnsmasq versions 2.90 and prior are vulnerable. Technologies Affected Dnsmasq Dnsmasq 2.0.0 Dnsmasq Dnsmasq 2.1...

Zoho Applications Manager Plugin CVE-2019-15106 Remote Command Execution Vulnerability

Description Zoho Applications Manager Plugin is prone to an unspecified remote command-execution vulnerability because it fails to sufficiently validate user-input supplied. An attacker may exploit this issue to execute arbitrary commands within the context of the affected application,this may ai...

Microsoft Windows CVE-2019-1178 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges on the system. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems...

Microsoft Outlook CVE-2019-1204 Remote Privilege Escalation Vulnerability

Description Microsoft Outlook is prone to a remote privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges. Technologies Affected Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft Office 365 ProPlus for 32-bit...

Microsoft Windows CVE-2019-1180 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges on the system. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems...

Adobe Creative Cloud Desktop Application CVE-2019-8236 Unspecified Security Bypass Vulnerability

Description Adobe Creative Cloud Desktop Application is prone to an unspecified security-bypass vulnerability. Successfully exploiting this issue will allow attackers to bypass security restrictions and perform unauthorized actions; this may aid in launching further attacks. Technologies Affected...

Microsoft Live Accounts ADV190014 Privilege Escalation Vulnerability

Description Microsoft Live Accounts are prone to a privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges. Technologies Affected Microsoft Exchange Online Microsoft Office 365 Microsoft Outlook Web Access Recommendations Block external access at the...

Microsoft Windows Hyper-V CVE-2019-0720 Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of an affected system. Technologies Affected Microsoft Hyper-V Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10...

Microsoft Windows DHCP Server CVE-2019-1206 Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code or cause the DHCP service to become nonresponsive. Technologies Affected Microsoft Windows Server 1803 Microsoft Windows Server 1903 Microsoft Windows...