6867 matches found
Microsoft Windows Graphics Component CVE-2017-0108 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. Successful exploits may allow an attacker to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft Live Meeting...
Microsoft Windows CVE-2017-0039 DLL Loading Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can leverage this issue to execute arbitrary code with elevated privileges. Technologies Affected Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microso...
Microsoft Edge CVE-2017-0138 Scripting Engine Remote Memory Corruption Vulnerability
Description Microsoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page. This could allow the attacker to execute arbitrary code in the context of the currently logged-in user. Failed...
Microsoft Windows SMB Server CVE-2017-0144 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to execute arbitrary code on the target system. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit...
Microsoft Windows Uniscribe CVE-2017-0072 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. An attacker can exploit this issue by enticing an unsuspecting user to open a malicious file or webpage. An attacker can exploit this issue to execute arbitrary code in the context of an affected system. Failed explo...
Microsoft Office CVE-2017-0029 Denial of Service Vulnerability
Description Microsoft Office is prone to a remote denial of service vulnerability. Attackers can exploit this issue to cause the affected application to stop responding, denying service to legitimate users. Technologies Affected Microsoft Office 2010 Service Pack 2 32-bit editions Microsoft Offic...
Microsoft Windows SMB Server CVE-2017-0148 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to execute arbitrary code on the target system. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit...
Microsoft Office CVE-2017-0006 Memory Corruption Vulnerability
Description Microsoft Office is prone to a remote memory-corruption vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions. Technologies Affected...
Microsoft Windows Graphics Component CVE-2017-0062 Local Information Disclosure Vulnerability
Description Microsoft Windows is prone to a local information-disclosure vulnerability. An attacker can leverage this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607...
Microsoft Windows Hyper-V CVE-2017-0096 Information Disclosure Vulnerability
Description Microsoft Windows is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 for...
Microsoft Edge CVE-2017-0131 Scripting Engine Remote Memory Corruption Vulnerability
Description Microsoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Faile...
Microsoft Windows Kernel 'Win32k.sys' CVE-2017-0082 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. A local attacker can exploit this issue to execute arbitrary code in kernel mode with elevated privileges. Technologies Affected Microsoft Windows 10 for 32-bit Systems Microsof...
Microsoft Windows Kernel 'Win32k.sys' CVE-2017-0080 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. A local attacker can exploit this issue to execute arbitrary code in kernel mode with elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit...
Microsoft Edge CVE-2017-0141 Scripting Engine Remote Memory Corruption Vulnerability
Description Microsoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page. This could allow the attacker to execute arbitrary code in the context of the currently logged-in user. Failed...
Microsoft Windows HelpPane CVE-2017-0100 Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a privilege-escalation vulnerability. Successful exploits may allow an attacker to execute arbitrary code in the context of another user's session. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 160...
Microsoft Windows Uniscribe CVE-2017-0085 Information Disclosure Vulnerability
Description Microsoft Windows Uniscribe is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-bas...
Microsoft Windows Uniscribe CVE-2017-0088 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. An attacker can exploit this issue by enticing an unsuspecting user to open a malicious file or webpage. An attacker can exploit this issue to execute arbitrary code in the context of an affected system. Failed explo...
Microsoft Edge CVE-2017-0137 Scripting Engine Remote Memory Corruption Vulnerability
Description Microsoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page. This could allow the attacker to execute arbitrary code in the context of the currently logged-in user. Failed...
Microsoft XML Core Services CVE-2017-0022 Information Disclosure Vulnerability
Description Microsoft XML Core Services MSXML is prone to an information-disclosure vulnerability. An attacker can exploit this issue by enticing an unsuspecting user to visit a specially crafted webpage. An attacker can exploit this issue to gain access to sensitive information that may lead to...
Microsoft Windows Uniscribe CVE-2017-0124 Information Disclosure Vulnerability
Description Microsoft Windows Uniscribe is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-bas...
Microsoft Internet Explorer and Edge CVE-2017-0033 Spoofing Vulnerability
Description Microsoft Internet Explorer and Edge are prone to a security vulnerability that may allow attackers to conduct spoofing attacks. An attacker can exploit this issue to conduct spoofing attacks and perform unauthorized actions; other attacks are also possible. Technologies Affected...
Microsoft Windows Uniscribe CVE-2017-0118 Information Disclosure Vulnerability
Description Microsoft Windows Uniscribe is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10...
Microsoft Windows Graphics CVE-2017-0025 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code within the context of the kernel privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10...
Microsoft Windows Hyper-V CVE-2017-0097 Remote Denial of Service Vulnerability
Description Microsoft Windows is prone to a remote denial of service vulnerability. An attacker can exploit this issue to crash the host machine, resulting in a denial of service condition. Technologies Affected Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 for...
Microsoft Edge CVE-2017-0132 Scripting Engine Remote Memory Corruption Vulnerability
Description Microsoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page. This could allow the attacker to execute arbitrary code in the context of the currently logged-in user. Failed...
Microsoft Windows Uniscribe CVE-2017-0123 Information Disclosure Vulnerability
Description Microsoft Windows Uniscribe is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-bas...
Microsoft Windows Kernel CVE-2017-0103 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to gain elevated privileges. Technologies Affected Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows Server 2008 R...
Microsoft Windows Uniscribe CVE-2017-0121 Information Disclosure Vulnerability
Description Microsoft Windows Uniscribe is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10...
Microsoft Edge CVE-2017-0071 Scripting Engine Remote Memory Corruption Vulnerability
Description Microsoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page. This could allow the attacker to execute arbitrary code in the context of the currently logged-in user. Failed...
Symantec Web Gateway Management Console XSS
SUMMARY Symantec has released updates to address cross-site scripting XSS issues in Symantec Web Gateway SWG Management Console releases prior to 5.2.7 AFFECTED PRODUCTS Symantec Web Gateway SWG --- CVE | Affected Versions | Remediation CVE-2016-9096 | Prior to 5.2.7 | Upgrade to 5.2.7 ISSUES...
Symantec Endpoint Protection Clients Local Elevation of Privilege, CSV Formula Injection
SUMMARY Symantec has released updates to address security issues reported in both Symantec Endpoint Protection 12.1 and Symantec Endpoint Protection 14.0 Windows clients. AFFECTED PRODUCTS Symantec Endpoint Protection SEP --- CVE | Affected Versions | Remediation CVE-2016-9093 CVE-2016-9094 | Pri...
SA144 : OpenSSH Vulnerabilities January 2017
SUMMARY Blue Coat products using affected versions of OpenSSH are susceptible to several vulnerabilities. A remote attacker with access to an SSH server can exploit these vulnerabilities to execute arbitrary code on an SSH client. A local attacker can also exploit these vulnerabilities to obtain...
Microsoft Internet Explorer and Edge CVE-2017-0037 Remote Memory Corruption Vulnerability
Description Microsoft Internet Explorer and Edge are prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Internet Explorer 10 and 11 ar...
Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
Description Apache Tomcat is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause the application to enter an infinite loop, resulting in denial-of-service conditions. The following versions are affected: Apache Tomcat 8.0.0 through 8.0.19 Apache Tomcat 7.0.0...
Adobe Flash Player APSB17-04 Multiple Use After Free Remote Code Execution Vulnerabilities
Description Adobe Flash Player is prone to multiple remote code-execution vulnerabilities. An attacker can exploit these issues to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions...
Adobe Flash Player CVE-2017-2995 Type Confusion Remote Code Execution Vulnerability
Description Adobe Flash Player is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause a denial-of-service condition. Technologies Affected...
Adobe Flash Player APSB17-04 Multiple Unspecified Memory Corruption Vulnerabilities
Description Adobe Flash Player is prone to multiple unspecified memory-corruption vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition...
Adobe Flash Player APSB17-04 Multiple Heap Buffer Overflow Vulnerabilities
Description Adobe Flash Player is prone to multiple heap-based buffer overflow vulnerabilities because it fails to properly bounds check user-supplied data before copying it into an insufficiently sized buffer. Attackers can exploit these issues to execute arbitrary code in the context of the...
SA141 : OpenSSL Vulnerabilities 26-Jan-2017
SUMMARY Symantec Network Protection products using affected versions of OpenSSL are susceptible to several vulnerabilities. A remote attacker can exploit these vulnerabilities to cause denial of service and obtain private key information. AFFECTED PRODUCTS The following products are vulnerable:...
Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
Description Apache Groovy is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition. Apache Groovy 2.4.4...
SA139 : November 2016 NTP Security Vulnerabilities
SUMMARY Symantec Network Protection products using affected versions of the NTP reference implementation from ntp.org are susceptible to multiple vulnerabilities. A remote attacker can modify the targets system time, prevent the target from synchronizing its time, cause denial of service through...
Microsoft Office CVE-2017-0003 Memory Corruption Vulnerability
Description Microsoft Office is prone to a remote memory-corruption vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions. Technologies Affected...
Microsoft Windows LSASS CVE-2017-0004 Denial of Service Vulnerability
Description Microsoft Windows LSASS is prone to a denial-of-service vulnerability. Successful exploitation of the issue will cause a denial of service on the target system's LSASS service, resulting in an automatic reboot of the system. Technologies Affected Microsoft Windows 7 for 32-bit Systems...
Microsoft Identity Model Extensions Token Signing Verification Privilege Escalation Vulnerability
Description Microsoft Identity Model Extensions is prone to a privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges. Technologies Affected Microsoft .NET Framework 4.5 Microsoft .NET Framework 4.5.1 Microsoft .NET Framework 4.5.2 Microsoft...
Microsoft Edge CVE-2017-0002 Remote Privilege Escalation Vulnerability
Description Microsoft Edge is prone to a remote privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges. Technologies Affected Microsoft Edge Recommendations Block external access at the network boundary, unless external parties require service. Filter...
SA133 : Sweet32 Birthday Attack against DES, 3DES, and Blowfish
SUMMARY Symantec Network ProtectionSy products that use the DES, 3DES, and Blowfish symmetric encryption ciphers in long-lived encrypted SSL/TLS, SSH, or VPN connections are susceptible to the Sweet32 birthday attack. A remote attacker with the ability to observe a long-lived encrypted connection...
SA137 : NSS Vulnerabilities
SUMMARY Blue Coat products using affected versions of NSS are susceptible to several vulnerabilities. A remote attacker can exploit these vulnerabilities to obtain private Diffie-Hellman DH keys, cause denial of service through application crashes, or possibly execute arbitrary code. AFFECTED...
SA136 : OpenSSH Vulnerabilities
SUMMARY Blue Coat products using affected versions of OpenSSH are susceptible to several vulnerabilities. A remote attacker, with access to the management interface, can exploit these vulnerabilities to enumerate existing user accounts and cause denial of service through excessive CPU consumption...
Adobe Flash Player APSB16-39 Unspecified Use After Free Remote Code Execution Vulnerability
Description Adobe Flash Player is prone to an unspecified remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition...
Microsoft Windows Graphics Component CVE-2016-7257 Information Disclosure Vulnerability
Description Microsoft Windows is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Office 2016 for Mac Microsoft Office for Mac 2011 Microsoft Windows 7 for...