Microsoft Windows Remote Desktop Protocol Client CVE-2019-1108 Information Disclosure Vulnerability

Description Microsoft Windows is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 16...

Microsoft Visual Studio CVE-2019-1077 Local Privilege Escalation Vulnerability

Description Microsoft Visual Studio is prone to a local privilege-escalation vulnerability. An attackers may exploit this issue to gain elevated privileges. Technologies Affected Microsoft Visual Studio 2017 15.9 Microsoft Visual Studio 2019 16.0 Microsoft Visual Studio 2019 16.1 Recommendations...

Microsoft Edge Chakra Scripting Engine CVE-2019-1062 Remote Memory Corruption Vulnerability

Description Microsoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft ChakraCore Microsoft...

Microsoft Windows 'DirectWrite' API CVE-2019-1124 Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions. Technologies Affected Microsof...

Microsoft Windows GDI Component CVE-2019-1094 Information Disclosure Vulnerability

Description Microsoft Windows is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 16...

Microsoft Windows Audio Service CVE-2019-1086 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to gain the elevated privileges on the system. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based System...

Microsoft Windows Kernel CVE-2019-1067 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based...

Microsoft Windows GDI Component CVE-2019-1099 Information Disclosure Vulnerability

Description Microsoft Windows is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems...

Microsoft Windows Kernel CVE-2019-1073 Local Information Disclosure Vulnerability

Description Microsoft Windows is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version...

Microsoft Windows CVE-2019-1074 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges on the system or gain unauthorized access. Failed exploit attempts may result in a denial of service condition. Technologies Affected Microsoft...

Microsoft Windows 'DirectWrite' API CVE-2019-1123 Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions. Technologies Affected Microsof...

Microsoft Windows 'DirectWrite' API CVE-2019-1118 Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions. Technologies Affected Microsof...

Microsoft Windows DirectX CVE-2019-0999 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker may exploit this issue to gain elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Window...

Microsoft Internet Explorer Scripting Engine CVE-2019-1056 Remote Memory Corruption Vulnerability

Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft Internet...

Microsoft Exchange Server CVE-2019-1136 Remote Privilege Escalation Vulnerability

Description Microsoft Exchange Server is prone to a remote privilege-escalation vulnerability. Attackers can exploit this issue to gain elevated privileges. Technologies Affected Microsoft Exchange Server 2010 SP3 Microsoft Exchange Server 2013 Cumulative Update 23 Microsoft Exchange Server 2016...

Microsoft Windows Hyper-V CVE-2019-0966 Denial of Service Vulnerability

Description Microsoft Windows is prone to a denial of service vulnerability. An attacker can exploit this issue to crash the host machine, resulting in a denial of service condition. Technologies Affected Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1803 fo...

Microsoft Office SharePoint CVE-2019-1134 Cross Site Scripting Vulnerability

Description Microsoft Office SharePoint is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This...

Microsoft Windows Remote Desktop Services CVE-2019-0887 Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the affected system. Failed attacks will cause denial-of-service conditions. Technologies Affected Microsoft Windows 10 Version 1607 for...

Microsoft Windows Kernel CVE-2019-1071 Local Information Disclosure Vulnerability

Description Microsoft Windows is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version...

Microsoft Internet Explorer Scripting Engine CVE-2019-1059 Remote Memory Corruption Vulnerability

Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft Internet...

Microsoft Edge Chakra Scripting Engine CVE-2019-1107 Remote Memory Corruption Vulnerability

Description Microsoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft ChakraCore Microsoft...

Microsoft Edge Chakra Scripting Engine CVE-2019-1106 Remote Memory Corruption Vulnerability

Description Microsoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft ChakraCore Microsoft...

Microsoft Windows 'DirectWrite' API CVE-2019-1120 Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions. Technologies Affected Microsof...

Microsoft Edge Chakra Scripting Engine CVE-2019-1103 Remote Memory Corruption Vulnerability

Description Microsoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft ChakraCore Microsoft...

Microsoft Windows 'DirectWrite' API CVE-2019-1127 Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions. Technologies Affected Microsof...

Microsoft Edge Chakra Scripting Engine CVE-2019-1092 Remote Memory Corruption Vulnerability

Description Microsoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft ChakraCore Microsoft...

Microsoft Windows AppX Deployment Service CVE-2019-1129 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to gain the elevated privileges on the system. Technologies Affected Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1803 for 32-bit...

Microsoft Windows GDI Component CVE-2019-1095 Information Disclosure Vulnerability

Description Microsoft Windows is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 16...

SAP Diagnostics Agent CVE-2019-0330 OS Command Injection Vulnerability

Description SAP Diagnostics Agent is prone to an OS command-injection vulnerability because it fails to properly sanitize user-supplied input. An attacker may exploit this issue to inject and execute arbitrary commands within the context of the affected application; this may aid in further attack...

Das U-Boot CVE-2019-13103 Denial of Service Vulnerability

Description Das U-Boot is prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash the affected application resulting in a denial-of-service condition. Das U-Boot versions through 2019.07-rc4 are vulnerable. Technologies Affected Siemens RUGGEDCOM RSG2488 Siemens...

Microsoft ASP.NET Core CVE-2019-1075 Spoofing Vulnerability

Description Microsoft ASP.NET Core is prone to a spoofing vulnerability because it fails to properly sanitize user-supplied input. An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirect...

Microsoft Excel CVE-2019-1111 Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions. Technologies Affected Microsoft...

PHP CVE-2019-11042 Heap Buffer Overflow Vulnerability

Description PHP is prone to a heap-based buffer-overflow vulnerability. Successfully exploiting this issue allow attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions. PHP versions prior to 7.3.8 are vulnerable...

libxslt CVE-2019-13118 Stack Buffer Overflow Vulnerability

Description libxslt is prone to a stack-based buffer-overflow vulnerability. An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. libxslt 1.1.33 is vulnerable; other versions may also be affected. Technologies Affected Apple TV Apple Watch Apple iOS ...

Pivotal Ops Manager CVE-2019-11271 Local Information Disclosure Vulnerability

Description Pivotal Ops Manager is prone to local information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. Technologies Affected Pivotal Cloud Foundry Ops Manager 2.3 Pivotal Cloud Foundry Ops Manager 2.3.0...

PHP CVE-2019-11041 Heap Buffer Overflow Vulnerability

Description PHP is prone to a heap-based buffer-overflow vulnerability. Successfully exploiting this issue allow attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions. PHP versions prior to 7.3.8 are vulnerable...

Symantec Messaging Gateway Privilege Escalation

SUMMARY Symantec has released an update to address an issue that was discovered in the Symantec Messaging Gateway SMG product. AFFECTED PRODUCTS Symantec Messaging Gateway SMG --- CVE | Affected Versions | Remediation CVE-2019-12751 | Prior to 10.7.1 | Upgrade to 10.7.1 ISSUES CVE-2019-12751 ---...

curl CVE-2019-5443 Local Code Injection Vulnerability

Description curl is prone to a vulnerability that lets attackers inject and execute arbitrary code. Successfully exploiting this issue may allow attackers to inject and execute arbitrary code. This may lead to other attacks. curl for windows versions prior to 7.65.12 are vulnerable. Technologies...

Apache Tomcat CVE-2019-10072 Incomplete Fix Denial of Service Vulnerability

Description Apache Tomcat is prone to a denial-of-service vulnerability. Attackers may leverage this issue to cause denial-of-service conditions. The following products are affected: Apache Tomcat 9.0.0.M1 through 9.0.19 Apache Tomcat 8.5.0 through 8.5.40 Technologies Affected Apache Tomcat 8.5.0...

Mozilla Firefox and Firefox ESR CVE-2019-11708 Security Bypass Vulnerability

Description Mozilla Firefox and Firefox ESR are prone to a security-bypass vulnerability. An attacker may leverage this issue to bypass certain security restrictions and perform unauthorized actions. This issue is fixed in: Firefox 67.0. Firefox ESR 60.7.2 Technologies Affected Mozilla Firefox 0....

FasterXML Jackson-databind CVE-2019-12814 Information Disclosure Vulnerability

Description FasterXML Jackson-databind is prone to an information-disclosure vulnerability. An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. FasterXML jackson-databind versions 2.x through 2.9.9 are vulnerable. Technologies Affected FasterXML...

Oracle WebLogic Server Deserialization CVE-2019-2729 Remote Code Execution Vulnerability

Description Oracle WebLogic Server is prone to a remote code-execution vulnerability. A remote attacker can leverage this issue to execute arbitrary code within the context of the affected system. Failed exploit attempts may result in a denial-of-service condition. Oracle WebLogic Server...

Symantec Endpoint Encryption Privilege Escalation

SUMMARY Symantec has released an update to address issues that were discovered in the Symantec Endpoint Encryption and Symantec Encryption Desktop products. AFFECTED PRODUCTS Symantec Endpoint Encryption SEE --- CVE | Affected Versions | Remediation CVE-2019-9702 CVE-2019-9703 | Prior to SEE 11.3...

Linux Kernel CVE-2019-11477 Integer Overflow Vulnerability

Description Linux Kernel is prone to a remote integer-overflow vulnerability. An attacker can exploit this issue to cause denial-of-service conditions. Technologies Affected Bluecoat Mail Threat Defense 1.1 Bluecoat Malware Analysis Appliance 4.2 Bluecoat PacketShaper S-Series 11.10 Bluecoat...

Xen CVE-2019-17349 Denial of Service Vulnerability

Description Xen is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. Technologies Affected Xen Xen 3.0.2 Xen Xen 3.0.3 Xen Xen 3.0.4 Xen Xen 3.1 Xen Xen 3.1.3 Xen Xen 3.1.4 Xen Xen 3.2 Xen Xen 3.2.0 Xen Xen 3.2.1 Xen Xen 3.2.2 X...

DLP Cross Site Scripting

SUMMARY Symantec has released updates to address an issue that was discovered in the DLP product. AFFECTED PRODUCTS Product family | Affected Versions | Remediation ---|---|--- Data Loss Prevention | 14.x | Upgrade to 15.5 and follow remediation actions mentioned below. Customers who are unable t...

Microsoft Edge Chakra Scripting Engine CVE-2019-0991 Remote Memory Corruption Vulnerability

Description Microsoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft ChakraCore Microsoft...

Microsoft Windows User Profile Service CVE-2019-0986 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based...

Microsoft Windows Shell CVE-2019-1053 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to gain the elevated privileges on the system. Failed exploit attempts may result in a denial of service condition. Technologies Affected Microsoft Windows 10 Version 1607 for...

Microsoft Edge Chakra Scripting Engine CVE-2019-1003 Remote Memory Corruption Vulnerability

Description Microsoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft ChakraCore Microsoft...