6867 matches found
Microsoft Dynamics 365 CVE-2018-8607 Cross Site Scripting Vulnerability
Description Microsoft Dynamics 365 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may...
Microsoft Outlook CVE-2018-8558 Information Disclosure Vulnerability
Description Microsoft Outlook is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft...
Microsoft SharePoint Server CVE-2018-8578 Information Disclosure Vulnerability
Description Microsoft SharePoint Server is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft SharePoint Foundation 2013 SP1 Recommendations Run all software as a...
Microsoft Outlook CVE-2018-8524 Remote Code Execution Vulnerability
Description Microsoft Outlook is prone to a remote code-execution vulnerability. Successful exploits may allow an attacker to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft Office 2019...
Microsoft ChakraCore Scripting Engine CVE-2018-8556 Remote Memory Corruption Vulnerability
Description Microsoft ChakraCore is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft ChakraCore...
Microsoft Windows Kernel 'Win32k.sys' CVE-2018-8589 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. A local attacker can exploit this issue to execute arbitrary code in kernel mode with elevated privileges. Technologies Affected Microsoft Windows 7 for 32-bit Systems SP1...
Microsoft Outlook CVE-2018-8576 Remote Code Execution Vulnerability
Description Microsoft Outlook is prone to a remote code-execution vulnerability. Successful exploits may allow an attacker to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft Office 2019...
Microsoft Team Foundation Server CVE-2018-8602 Cross Site Scripting Vulnerability
Description Microsoft Team Foundation Server is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site...
Microsoft Active Directory Federation Services CVE-2018-8547 Cross-Site Scripting Vulnerability
Description Microsoft Active Directory Federation Services is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected...
Microsoft Excel CVE-2018-8574 Remote Code Execution Vulnerability
Description Microsoft Excel is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions. Technologies Affected Microsoft...
Microsoft ChakraCore Scripting Engine CVE-2018-8541 Remote Memory Corruption Vulnerability
Description Microsoft ChakraCore is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft ChakraCore...
Microsoft Internet Explorer CVE-2018-8570 Remote Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Internet Explorer 11 is are vulnerable...
Microsoft Powershell CVE-2018-8415 Tampering Security Bypass Vulnerability
Description Microsoft Powershell is prone to a security bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. Technologies Affected Microsoft PowerShell Core 6.0.0 Microsoft PowerShell Core 6.1.0 Microsoft Windows 10...
Microsoft Team Foundation Server CVE-2018-8529 Remote Code Execution Vulnerability
Description Microsoft Team Foundation Server is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in denial-of-service conditions. Technologies Affected Microso...
Microsoft Edge CVE-2018-8567 Remote Privilege Escalation Vulnerability
Description Microsoft Edge is prone to a remote privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges. Technologies Affected Microsoft Edge Recommendations Block external access at the network boundary, unless external parties require service. Filter...
Microsoft Windows VBScript Engine CVE-2018-8544 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the current user. Failed exploit attempts may result in a denial of service condition. Technologies Affected Microsoft Windows 10 Version...
Microsoft Azure App Service CVE-2018-8600 Cross Site Scripting Vulnerability
Description Microsoft Azure App Service is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This...
Microsoft Dynamics 365 CVE-2018-8609 Remote Code Execution Vulnerability
Description Microsoft Dynamics 365 is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the SQL service account. Failed exploit attempts will result in denial-of-service conditions. Technologies Affected Microsoft Dynamics...
Microsoft Windows JScript Security Feature CVE-2018-8417 Local Security Bypass Vulnerability
Description Microsoft Windows is prone to a local security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems...
Microsoft ChakraCore Scripting Engine CVE-2018-8557 Remote Memory Corruption Vulnerability
Description Microsoft ChakraCore is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft ChakraCore...
Microsoft Windows COM CVE-2018-8550 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code with elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for...
Microsoft Windows DirectX CVE-2018-8485 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attackers may exploit this issue to gain elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windo...
Microsoft Windows Security Feature CVE-2018-8549 Local Security Bypass Vulnerability
Description Microsoft Windows is prone to local security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems...
Microsoft Windows ALPC CVE-2018-8584 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can leverage this issue to execute arbitrary code in the security context of the local system. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10...
Microsoft Windows DirectX CVE-2018-8561 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attackers may exploit this issue to gain elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windo...
Apache HTTP Server Vulnerabilities Jul 2017 - Sep 2018
SUMMARY Symantec Network Protection products using affected versions of Apache httpd are susceptible to multiple security vulnerabilities. A remote attacker can obtain sensitive information, bypass intended security restrictions, modify session information in CGI applications, replay authenticate...
OpenSSL CVE-2018-0734 Side Channel Attack Information Disclosure Vulnerability
Description OpenSSL is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information. This may aid in further attacks. Technologies Affected Bluecoat BCAAA 6.1 IBM AIX 5.3 IBM AIX 6.1 IBM AIX 7.1 IBM Aix 7.2 IBM DataPower Gateway...
FasterXML Jackson-databind Polymorphic Deserialization Multiple Security Vulnerability
Description FasterXML Jackson-databind is prone to multiple security vulnerabilities. Successfully exploiting these issues may allow an attacker to execute arbitrary code, bypass certain security restrictions, perform unauthorized actions or obtain potentially sensitive information. Failed exploi...
GitLab CVE-2018-19495 Server Side Request Forgery Security Bypass Vulnerability
Description GitLab is prone to a security bypass vulnerability. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. GitLab versions prior to 11.3.11, 11.4.x prior to 11.4.8 and 11.5.x prior to 11.5.1 are vulnerable...
Ruby OpenSSL CVE-2018-16395 Certificate Validation Security Bypass Vulnerability
Description Ruby OpenSSL is prone to a security-bypass vulnerability. An attacker may exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. Technologies Affected Oracle Communications Interactive Session Recorder 6.0 Oracle...
Reflected XSS Vulnerability in Web Isolation
SUMMARY Symantec Web Isolation WI is susceptible to a reflected cross-site scripting XSS vulnerability. A remote attacker can target end users protected by WI with social engineering attacks using crafted URLs for legitimate web sites. A successful attack allows injecting malicious JavaScript cod...
Spring Framework CVE-2018-15756 Denial-Of-Service Vulnerability
...
Oracle Enterprise Manager Ops Center CVE-2016-4000 Remote Security Vulnerability
Description Oracle Enterprise Manager Ops Center is prone to a remote security vulnerability. The vulnerability can be exploited over the 'HTTP' protocol. The 'Networking Jython' component is affected. This vulnerability affects the following supported versions: 12.2.2, 12.3.3 Technologies Affect...
Apache Tomcat Vulnerabilities Jan-Aug 2018
SUMMARY Symantec Network Protection products using affected versions of Apache Tomcat are susceptible to multiple security vulnerabilities. A remote attacker, with access to the management interface, can gain unauthorized access to a web application resource or cause denial of service in the Tomc...
OpenSSL Vulnerabilities 16-Apr-2018 and 12-Jun-2018
SUMMARY Symantec Network Protection products using affected versions of OpenSSL are susceptible to several vulnerabilities. A malicious SSL/TLS server can send large DH parameters during connections using DH/DHE cipher suites and cause denial-of-service in the SSL/TLS client. A local attacker can...
Microsoft Windows Graphics Component CVE-2018-8432 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. Successful exploits may allow an attacker to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft Excel Viewer...
Microsoft Edge Chakra Scripting Engine CVE-2018-8503 Remote Memory Corruption Vulnerability
Description Microsoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft ChakraCore Microsoft...
Intel Graphics Driver Remote Code Execution And Denial of Service Vulnerabilities
Description Intel Graphics Driver is prone to a remote code-execution vulnerability and a denial-of-service vulnerability. Successfully exploiting these issues may allow an attacker to execute arbitrary code in the context of affected application or cause denial-of-service conditions. Intel...
Microsoft SQL Server Management Studio CVE-2018-8532 Information Disclosure Vulnerability
Description Microsoft SQL Server Management Studio is prone to an information-disclosure vulnerability. An attacker can leverage this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft SQL Server Management Studio 17.9 Microsoft SQL Server...
Microsoft SQL Server Management Studio CVE-2018-8527 Information Disclosure Vulnerability
Description Microsoft SQL Server Management Studio is prone to an information-disclosure vulnerability. An attacker can leverage this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft SQL Server Management Studio 17.9 Microsoft SQL Server...
Microsoft SharePoint Server CVE-2018-8480 Remote Privilege Escalation Vulnerability
Description Microsoft SharePoint Server is prone to a remote privilege-escalation vulnerability because it fails to properly sanitize user-supplied input. An attacker may exploit this issue to gain elevated privileges. Successful exploits may aid in further attacks. Technologies Affected Microsof...
Microsoft ChakraCore Scripting Engine CVE-2018-8473 Remote Memory Corruption Vulnerability
Description Microsoft ChakraCore Scripting Engine is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsof...
Microsoft Edge CVE-2018-8509 Remote Memory Corruption Vulnerability
Description Microsoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft Edge Recommendations...
Microsoft Edge Chakra Scripting Engine CVE-2018-8511 Remote Memory Corruption Vulnerability
Description Microsoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft ChakraCore Microsoft...
Microsoft Windows Theme API CVE-2018-8413 Remote Code Execution Vulnerability
Description Microsoft Windows Theme API is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the current user. Failed exploit attempts will likely cause a denial-of-service condition. Technologies Affected Microsoft Window...
Microsoft Windows DirectX CVE-2018-8486 Information Disclosure Vulnerability
Description Microsoft Windows is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 16...
Microsoft SharePoint Server CVE-2018-8518 Remote Privilege Escalation Vulnerability
Description Microsoft SharePoint Server is prone to a remote privilege-escalation vulnerability because it fails to properly sanitize user-supplied input. An attacker may exploit this issue to gain elevated privileges. Successful exploits may aid in further attacks. Technologies Affected Microsof...
Microsoft Windows Media Player CVE-2018-8482 Information Disclosure Vulnerability
Description Microsoft Windows Media Player is prone to a information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 1...
Microsoft Windows Codecs Library CVE-2018-8506 Information Disclosure Vulnerability
Description Microsoft Windows Codecs Library is prone to a information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows...
Microsoft Edge CVE-2018-8530 Security Bypass Vulnerability
Description Microsoft Edge is prone to a security-bypass vulnerability. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. This may lead to other attacks. Technologies Affected Microsoft Edge Recommendations Run all...