6867 matches found
Microsoft Edge Chakra Scripting Engine CVE-2019-1106 Remote Memory Corruption Vulnerability
Description Microsoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft ChakraCore Microsoft...
Microsoft Azure Automation CVE-2019-0962 Local Privilege Escalation Vulnerability
Description Microsoft Azure Automation is prone to a local privilege-escalation vulnerability. An attacker may exploit this issue to gain elevated privileges. Successful exploits may aid in further attacks. Technologies Affected Microsoft Azure Automation Recommendations Permit local access for...
Microsoft Windows Kernel CVE-2019-1073 Local Information Disclosure Vulnerability
Description Microsoft Windows is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version...
Microsoft Office CVE-2019-1109 Spoofing Vulnerability
Description Microsoft Office is prone to a spoofing vulnerability. Attackers can exploit this issue to conduct spoofing attacks and perform unauthorized actions; other attacks are also possible. Technologies Affected Microsoft Office 2013 RT Service Pack 1 Microsoft Office 2013 Service Pack 1...
Microsoft Windows ADFS CVE-2019-0975 Security Bypass Vulnerability
Description Microsoft Windows is prone to a security-bypass vulnerability. An attacker can leverage this issue to bypass certain security restrictions and perform unauthorized actions. Technologies Affected Microsoft Windows Server 1803 Microsoft Windows Server 1903 Microsoft Windows Server 2016...
Microsoft Internet Explorer Scripting Engine CVE-2019-1056 Remote Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft Internet...
Microsoft ASP.NET Core CVE-2019-1075 Spoofing Vulnerability
Description Microsoft ASP.NET Core is prone to a spoofing vulnerability because it fails to properly sanitize user-supplied input. An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirect...
Microsoft Windows 'DirectWrite' API CVE-2019-1097 Information Disclosure Vulnerability
Description Microsoft Windows is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 16...
Microsoft Windows AppX Deployment Service CVE-2019-1129 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to gain the elevated privileges on the system. Technologies Affected Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1803 for 32-bit...
Microsoft Internet Explorer Scripting Engine CVE-2019-1004 Remote Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft Internet...
Microsoft Windows Active Directory Federation Services CVE-2019-1126 Security Bypass Vulnerability
Description Microsoft Windows is prone to a security-bypass vulnerability. An attacker can leverage this issue to bypass certain security restrictions and perform unauthorized actions. Technologies Affected Microsoft Windows Server 1803 Microsoft Windows Server 1903 Microsoft Windows Server 2012 ...
Microsoft Exchange Server CVE-2019-1137 Spoofing Vulnerability
Description Microsoft Exchange Server is prone to a security vulnerability that may allow attackers to conduct spoofing attacks. An attacker can exploit this issue to conduct spoofing attacks and perform unauthorized actions; other attacks are also possible. Technologies Affected Microsoft Exchan...
Microsoft Windows Audio Service CVE-2019-1088 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to gain the elevated privileges on the system. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based System...
Microsoft Excel CVE-2019-1111 Remote Code Execution Vulnerability
Description Microsoft Excel is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions. Technologies Affected Microsoft...
Microsoft Windows Kernel CVE-2019-1067 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based...
Microsoft Windows Error Reporting CVE-2019-1037 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. Attackers can exploit this issue to gain elevated privileges. Technologies Affected Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Window...
Microsoft Windows DHCP Server CVE-2019-0785 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code or cause the DHCP service to become nonresponsive. Technologies Affected Microsoft Windows Server 1803 Microsoft Windows Server 1903 Microsoft Windows...
Microsoft SQL Server CVE-2019-1068 Remote Code Execution Vulnerability
Description Microsoft SQL Server is prone to a remote code-execution vulnerability. Successful exploits can allow attackers to execute arbitrary code within the context of the SQL Server Database Engine service account. Failed exploit attempts may result in a denial-of-service condition...
Microsoft Internet Explorer Scripting Engine CVE-2019-1059 Remote Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft Internet...
Microsoft Windows 'DirectWrite' API CVE-2019-1128 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions. Technologies Affected Microsof...
Microsoft Windows WCF/WIF SAML Token CVE-2019-1006 Authentication Bypass Vulnerability
Description Microsoft Windows is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and gain unauthorized access. This may lead to further attacks. Technologies Affected Microsoft .NET Framework 2.0 SP2 Microsoft .NET Framewo...
Microsoft Exchange Server CVE-2019-1136 Remote Privilege Escalation Vulnerability
Description Microsoft Exchange Server is prone to a remote privilege-escalation vulnerability. Attackers can exploit this issue to gain elevated privileges. Technologies Affected Microsoft Exchange Server 2010 SP3 Microsoft Exchange Server 2013 Cumulative Update 23 Microsoft Exchange Server 2016...
Das U-Boot CVE-2019-13103 Denial of Service Vulnerability
Description Das U-Boot is prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash the affected application resulting in a denial-of-service condition. Das U-Boot versions through 2019.07-rc4 are vulnerable. Technologies Affected Siemens RUGGEDCOM RSG2488 Siemens...
Microsoft Windows Audio Service CVE-2019-1087 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to gain the elevated privileges on the system. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based System...
Microsoft Internet Explorer and Edge CVE-2019-1104 Remote Memory Corruption Vulnerability
Description Microsoft Internet Explorer and Edge are prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsof...
Microsoft Excel CVE-2019-1112 Information Disclosure Vulnerability
Description Microsoft Excel is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft...
Microsoft Windows 'DirectWrite' API CVE-2019-1121 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions. Technologies Affected Microsof...
Microsoft .NET Framework CVE-2019-1113 Remote Code Execution Vulnerability
Description Microsoft .NET Framework is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions. Technologies Affected...
Microsoft Windows 'DirectWrite' API CVE-2019-1124 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions. Technologies Affected Microsof...
Microsoft Windows splwow64 CVE-2019-0880 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges on the system. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems...
Microsoft Windows Win32k CVE-2019-1132 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code in kernel mode with elevated privileges. Technologies Affected Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Syste...
SAP ERP HCM CVE-2019-0325 Remote Authorization Bypass Vulnerability
Description SAP ERP HCM Basis is prone to an authorization-bypass vulnerability. Attackers can exploit this issue to gain unauthorized access and obtain sensitive information. This may aid in further attacks. Technologies Affected SAP ERP HCM 3.0 Recommendations Block external access at the netwo...
PHP CVE-2019-11042 Heap Buffer Overflow Vulnerability
Description PHP is prone to a heap-based buffer-overflow vulnerability. Successfully exploiting this issue allow attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions. PHP versions prior to 7.3.8 are vulnerable...
libxslt CVE-2019-13118 Stack Buffer Overflow Vulnerability
Description libxslt is prone to a stack-based buffer-overflow vulnerability. An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. libxslt 1.1.33 is vulnerable; other versions may also be affected. Technologies Affected Apple TV Apple Watch Apple iOS ...
Pivotal Ops Manager CVE-2019-11271 Local Information Disclosure Vulnerability
Description Pivotal Ops Manager is prone to local information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. Technologies Affected Pivotal Cloud Foundry Ops Manager 2.3 Pivotal Cloud Foundry Ops Manager 2.3.0...
PHP CVE-2019-11041 Heap Buffer Overflow Vulnerability
Description PHP is prone to a heap-based buffer-overflow vulnerability. Successfully exploiting this issue allow attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions. PHP versions prior to 7.3.8 are vulnerable...
Symantec Messaging Gateway Privilege Escalation
SUMMARY Symantec has released an update to address an issue that was discovered in the Symantec Messaging Gateway SMG product. AFFECTED PRODUCTS Symantec Messaging Gateway SMG --- CVE | Affected Versions | Remediation CVE-2019-12751 | Prior to 10.7.1 | Upgrade to 10.7.1 ISSUES CVE-2019-12751 ---...
curl CVE-2019-5443 Local Code Injection Vulnerability
Description curl is prone to a vulnerability that lets attackers inject and execute arbitrary code. Successfully exploiting this issue may allow attackers to inject and execute arbitrary code. This may lead to other attacks. curl for windows versions prior to 7.65.12 are vulnerable. Technologies...
Apache Tomcat CVE-2019-10072 Incomplete Fix Denial of Service Vulnerability
Description Apache Tomcat is prone to a denial-of-service vulnerability. Attackers may leverage this issue to cause denial-of-service conditions. The following products are affected: Apache Tomcat 9.0.0.M1 through 9.0.19 Apache Tomcat 8.5.0 through 8.5.40 Technologies Affected Apache Tomcat 8.5.0...
Mozilla Firefox and Firefox ESR CVE-2019-11708 Security Bypass Vulnerability
Description Mozilla Firefox and Firefox ESR are prone to a security-bypass vulnerability. An attacker may leverage this issue to bypass certain security restrictions and perform unauthorized actions. This issue is fixed in: Firefox 67.0. Firefox ESR 60.7.2 Technologies Affected Mozilla Firefox 0....
FasterXML Jackson-databind CVE-2019-12814 Information Disclosure Vulnerability
Description FasterXML Jackson-databind is prone to an information-disclosure vulnerability. An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. FasterXML jackson-databind versions 2.x through 2.9.9 are vulnerable. Technologies Affected FasterXML...
Oracle WebLogic Server Deserialization CVE-2019-2729 Remote Code Execution Vulnerability
Description Oracle WebLogic Server is prone to a remote code-execution vulnerability. A remote attacker can leverage this issue to execute arbitrary code within the context of the affected system. Failed exploit attempts may result in a denial-of-service condition. Oracle WebLogic Server...
Symantec Endpoint Encryption Privilege Escalation
SUMMARY Symantec has released an update to address issues that were discovered in the Symantec Endpoint Encryption and Symantec Encryption Desktop products. AFFECTED PRODUCTS Symantec Endpoint Encryption SEE --- CVE | Affected Versions | Remediation CVE-2019-9702 CVE-2019-9703 | Prior to SEE 11.3...
Linux Kernel CVE-2019-11477 Integer Overflow Vulnerability
Description Linux Kernel is prone to a remote integer-overflow vulnerability. An attacker can exploit this issue to cause denial-of-service conditions. Technologies Affected Bluecoat Mail Threat Defense 1.1 Bluecoat Malware Analysis Appliance 4.2 Bluecoat PacketShaper S-Series 11.10 Bluecoat...
Xen CVE-2019-17349 Denial of Service Vulnerability
Description Xen is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. Technologies Affected Xen Xen 3.0.2 Xen Xen 3.0.3 Xen Xen 3.0.4 Xen Xen 3.1 Xen Xen 3.1.3 Xen Xen 3.1.4 Xen Xen 3.2 Xen Xen 3.2.0 Xen Xen 3.2.1 Xen Xen 3.2.2 X...
DLP Cross Site Scripting
SUMMARY Symantec has released updates to address an issue that was discovered in the DLP product. AFFECTED PRODUCTS Product family | Affected Versions | Remediation ---|---|--- Data Loss Prevention | 14.x | Upgrade to 15.5 and follow remediation actions mentioned below. Customers who are unable t...
Microsoft Windows Audio Service CVE-2019-1022 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to gain the elevated privileges on the system. Technologies Affected Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based...
Microsoft Office SharePoint CVE-2019-1036 Cross Site Scripting Vulnerability
Description Microsoft Office SharePoint is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This...
Microsoft Skype for Business and Lync Server CVE-2019-1029 Denial of Service Vulnerability
Description Microsoft Skype for Business and Lync Server are prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause the target service to stop responding, denying service to legitimate users. Technologies Affected Microsoft Lync Server 2010 Microsoft Lync...
Microsoft Office SharePoint CVE-2019-1033 Cross Site Scripting Vulnerability
Description Microsoft Office SharePoint is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This...