A security feature bypass vulnerability exists when Active Directory Federation Services (ADFS) improperly updates its list of banned IP addresses. To exploit this vulnerability, an attacker would have to convince a victim ADFS administrator...
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka ‘Windows Hyper-V Denial of Service Vulnerability’....
An elevation of privilege vulnerability exists in Azure Automation "RunAs account" runbooks for users with contributor role, aka ‘Azure Automation Elevation of Privilege Vulnerability’. Date published : 2019-07-15 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0962
A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an authenticated attacker abuses clipboard redirection, aka ‘Remote Desktop Services Remote Code Execution Vulnerability’. Date published...
A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls, aka ‘Microsoft splwow64 Elevation of Privilege Vulnerability’. Date published : 2019-07-15 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0880
A denial of service vulnerability exists when SymCrypt improperly handles a specially crafted digital signature.An attacker could exploit the vulnerability by creating a specially crafted connection or message.The security update addresses the vulnerability by...
A denial of service vulnerability exists in Windows DNS Server when it fails to properly handle DNS queries, aka ‘Windows DNS Server Denial of Service Vulnerability’. Date published : 2019-07-15 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0811
A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server, aka ‘Windows DHCP Server Remote Code Execution Vulnerability’. Date published :...
A Reflected Cross-site Scripting (XSS) vulnerability exists in Apache Roller. Roller’s Math Comment Authenticator did not property sanitize user input and could be exploited to perform Reflected Cross Site Scripting (XSS). The mitigation for...
An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact...
LuaUPnP in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via the code parameter to /port_3480/data_request because the "No unsafe lua allowed" code block is skipped. Date published...
_s_/sprm/_s_/dyn/Player_setScriptFile in Sahi Pro 8.0.0 allows command execution. It allows one to run ".sah" scripts via Sahi Launcher. Also, one can create a new script with an editor. It is possible to execute commands...
In Mirumee Saleor 2.7.0 (fixed in 2.8.0), CSRF protection middleware was accidentally disabled, which allowed attackers to send a POST request without a valid CSRF token and be accepted by the server. Date published...
An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h (startread function), there is an integer overflow on the result of integer addition (wraparound to 0) fed into the lsx_calloc macro that wraps...