News aggregator

CVE-2019-17449

National Vulnerability Database - Thu, 10/10/2019 - 12:15
Avira Software Updater before 2.0.6.21094 allows a DLL side-loading attack.
Categories: Security News

CVE-2015-9457

National Vulnerability Database - Thu, 10/10/2019 - 12:15
The pretty-link plugin before 1.6.8 for WordPress has PrliLinksController::list_links SQL injection via the group parameter.
Categories: Security News

CVE-2019-17320

National Vulnerability Database - Thu, 10/10/2019 - 11:15
NetSarang XFTP Client 6.0149 and earlier version contains a buffer overflow vulnerability caused by improper boundary checks when copying file name from an attacker controlled FTP server. That leads attacker to execute arbitrary code by sending a crafted filename.
Categories: Security News

CVE-2019-1359

National Vulnerability Database - Thu, 10/10/2019 - 10:15
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1358.
Categories: Security News

CVE-2019-1361

National Vulnerability Database - Thu, 10/10/2019 - 10:15
An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Information Disclosure Vulnerability'.
Categories: Security News

CVE-2019-1362

National Vulnerability Database - Thu, 10/10/2019 - 10:15
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1364.
Categories: Security News

CVE-2019-1363

National Vulnerability Database - Thu, 10/10/2019 - 10:15
An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI Information Disclosure Vulnerability'.
Categories: Security News

CVE-2019-1364

National Vulnerability Database - Thu, 10/10/2019 - 10:15
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1362.
Categories: Security News

CVE-2019-1365

National Vulnerability Database - Thu, 10/10/2019 - 10:15
An elevation of privilege vulnerability exists when Microsoft IIS Server fails to check the length of a buffer prior to copying memory to it.An attacker who successfully exploited this vulnerability can allow an unprivileged function ran by the user to execute code in the context of NT AUTHORITY\system escaping the Sandbox.The security update addresses the vulnerability by correcting how Microsoft IIS Server sanitizes web requests., aka 'Microsoft IIS Server Elevation of Privilege Vulnerability'.
Categories: Security News

CVE-2019-1366 (chakracore, edge)

National Vulnerability Database - Thu, 10/10/2019 - 10:15
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1307, CVE-2019-1308, CVE-2019-1335.
Categories: Security News

CVE-2019-1368

National Vulnerability Database - Thu, 10/10/2019 - 10:15
A security feature bypass exists when Windows Secure Boot improperly restricts access to debugging functionality, aka 'Windows Secure Boot Security Feature Bypass Vulnerability'.
Categories: Security News

CVE-2019-1369

National Vulnerability Database - Thu, 10/10/2019 - 10:15
An information disclosure vulnerability exists when affected Open Enclave SDK versions improperly handle objects in memory, aka 'Open Enclave SDK Information Disclosure Vulnerability'.
Categories: Security News

CVE-2019-1371

National Vulnerability Database - Thu, 10/10/2019 - 10:15
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'.
Categories: Security News

CVE-2019-1372

National Vulnerability Database - Thu, 10/10/2019 - 10:15
An remote code execution vulnerability exists when Azure App Service/ Antares on Azure Stack fails to check the length of a buffer prior to copying memory to it.An attacker who successfully exploited this vulnerability could allow an unprivileged function run by the user to execute code in the context of NT AUTHORITY\system thereby escaping the Sandbox.The security update addresses the vulnerability by ensuring that Azure App Service sanitizes user inputs., aka 'Azure App Service Remote Code Execution Vulnerability'.
Categories: Security News

CVE-2019-1375

National Vulnerability Database - Thu, 10/10/2019 - 10:15
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'.
Categories: Security News

CVE-2019-1376 (sql_server_management_studio)

National Vulnerability Database - Thu, 10/10/2019 - 10:15
An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when it improperly enforces permissions, aka 'SQL Server Management Studio Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1313.
Categories: Security News

CVE-2019-1378

National Vulnerability Database - Thu, 10/10/2019 - 10:15
An elevation of privilege vulnerability exists in Windows 10 Update Assistant in the way it handles permissions.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows 10 Update Assistant Elevation of Privilege Vulnerability'.
Categories: Security News

CVE-2019-4265 (maximo_anywhere)

National Vulnerability Database - Thu, 10/10/2019 - 10:15
IBM Maximo Anywhere 7.6.0, 7.6.1, 7.6.2, and 7.6.3 does not have device root detection which could result in an attacker gaining sensitive information about the device. IBM X-Force ID: 160198.
Categories: Security News

CVE-2019-1337

National Vulnerability Database - Thu, 10/10/2019 - 10:15
An information disclosure vulnerability exists when Windows Update Client fails to properly handle objects in memory, aka 'Windows Update Client Information Disclosure Vulnerability'.
Categories: Security News

CVE-2019-1338

National Vulnerability Database - Thu, 10/10/2019 - 10:15
A security feature bypass vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLMv2 protection if a client is also sending LMv2 responses, aka 'Windows NTLM Security Feature Bypass Vulnerability'.
Categories: Security News

Pages