Gesytec ElonFmt ActiveX 1.1.14 - ElonFmt.ocx pid Item Buffer Overflow (SEH)
Gesytec ElonFmt ActiveX 1.1.14 - ElonFmt.ocx pid Item Buffer Overflow...
0.4AI Score
Gesytec ElonFmt ActiveX 1.1.14 (ElonFmt.ocx) pid Item Buffer Overflow (SEH)
Title: Gesytec ElonFmt ActiveX 1.1.14 (ElonFmt.ocx) pid Item Buffer Overflow (SEH) Advisory ID: ZSL-2011-5011 Type: Local/Remote Impact: System Access, DoS Risk: (3/5) Release Date: 21.04.2011 Summary Connects LonWorks networks to process control, visualization, SCADA and office software. ...
8.6AI Score
3.7AI Score
0.0004EPSS
7.4AI Score
0.7AI Score
[USN-1115-1] language-selector vulnerability
========================================================================== Ubuntu Security Notice USN-1115-1 April 19, 2011 language-selector vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 10.10 Summary: Local users could gain root access via the...
0.8AI Score
0.0004EPSS
dbus_backend/lsd.py in the D-Bus backend in language-selector before 0.6.7 does not validate the arguments to the (1) SetSystemDefaultLangEnv and (2) SetSystemDefaultLanguageEnv functions, which allows local users to gain privileges via shell metacharacters in a string argument, a different...
7.3AI Score
0.0004EPSS
language-selector vulnerability
Releases Ubuntu 10.10 Packages language-selector - Language selector for Ubuntu Linux Details Romain Perier discovered that the language-selector D-Bus backend did not correctly check for Policy Kit authorizations. A local attacker could exploit this to inject shell commands into the...
6.4AI Score
0.0004EPSS
dbus_backend/ls-dbus-backend in the D-Bus backend in language-selector before 0.6.7 does not restrict access on the basis of a PolicyKit check result, which allows local users to modify the /etc/default/locale and /etc/environment files via a (1) SetSystemDefaultLangEnv or (2)...
4.8AI Score
0.0004EPSS
-0.2AI Score
kvm security and bug fix update
[kvm-83-224.0.1] - Added kvm-add-oracle-workaround-for-libvirt-bug.patch - Added kvm-Introduce-oel-machine-type.patch [kvm-83-224.el5] - kvm-kernel-KVM-x86-zero-kvm_vcpu_events-interrupt.pad.patch [bz#665407] - Resolves: bz#665407 (kvm_vcpu_events.interrupt.pad must be zeroed) - CVE:...
-0.2AI Score
0.001EPSS
Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, RealPlayer Enterprise 2.1.2 and 2.1.3, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to execute arbitrary code via crafted ImageMap...
8AI Score
0.356EPSS
Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, RealPlayer Enterprise 2.1.2 and 2.1.3, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to execute arbitrary code via crafted ImageMap...
8AI Score
0.356EPSS
Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, RealPlayer Enterprise 2.1.2 and 2.1.3, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to execute arbitrary code via crafted ImageMap...
8.7AI Score
0.356EPSS
Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, RealPlayer Enterprise 2.1.2 and 2.1.3, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to execute arbitrary code via crafted ImageMap...
7.8AI Score
0.356EPSS
RealNetworks RealPlayer ImageMap Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the...
7.3AI Score
0.356EPSS
[kvm-83-164.0.1.el5_5.25] - Added kvm-add-oracle-workaround-for-libvirt-bug.patch - Added kvm-add-oracle-workaround-for-libvirt-bug.patch [kvm-83-164.el5_5.25] - Adding load_gs_index to kmod symbol greylist - Related: bz#639886 (CVE-2010-3698 kvm: invalid selector in fs/gs causes kernel panic...
2.8AI Score
0.001EPSS
SuSE 11 / 11.1 Security Update : Mozilla Firefox (SAT Patch Numbers 2780 / 2781)
This update brings Mozilla Firefox to the 3.5.11 security release. It fixes following security issues : Several memory safety bugs in habe been identified in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs show evidence of memory corruption...
9.8CVSS
-0.2AI Score
0.798EPSS
Oracle Secure Backup Administration selector parameter command injection
Added: 11/19/2010 CVE: CVE-2010-0906 BID: 41597 OSVDB: 67128 Background Oracle Secure Backup is a centralized tape backup management solution for Oracle Database. Problem A command injection vulnerability allows remote, authenticated attackers to execute arbitrary commands specified in the...
0.9AI Score
0.972EPSS
Oracle Secure Backup Administration selector parameter command injection
Added: 11/19/2010 CVE: CVE-2010-0906 BID: 41597 OSVDB: 67128 Background Oracle Secure Backup is a centralized tape backup management solution for Oracle Database. Problem A command injection vulnerability allows remote, authenticated attackers to execute arbitrary commands specified in the...
0.9AI Score
0.972EPSS
Oracle Secure Backup Administration selector parameter command injection
Added: 11/19/2010 CVE: CVE-2010-0906 BID: 41597 OSVDB: 67128 Background Oracle Secure Backup is a centralized tape backup management solution for Oracle Database. Problem A command injection vulnerability allows remote, authenticated attackers to execute arbitrary commands specified in the...
0.9AI Score
0.972EPSS
Oracle Secure Backup Administration selector parameter command injection
Added: 11/19/2010 CVE: CVE-2010-0906 BID: 41597 OSVDB: 67128 Background Oracle Secure Backup is a centralized tape backup management solution for Oracle Database. Problem A command injection vulnerability allows remote, authenticated attackers to execute arbitrary commands specified in the...
0.9AI Score
0.972EPSS
RHEL 6 : kernel (RHSA-2010:0842)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2010:0842 advisory. kernel: drm ioctls infoleak (CVE-2010-2803) kernel: wireless: fix 64K kernel heap content leak via ioctl (CVE-2010-2955) kernel:...
7.8CVSS
8.4AI Score
0.017EPSS
RealPlayer RealMedia文件ImageMap解析堆溢出漏洞
BUGTRAQ ID: 44847 RealPlayer是一款流行的多媒体播放器。 RealPlayer在解析RealMedia(.rm)文件中的ImageMap元素时存在整数截尾错误,用户受骗打开了恶意的媒体文件就可能触发堆溢出,导致执行任意代码。 Real Networks RealPlayer 1.1.5 Build 12.0.0.879 厂商补丁: Real Networks 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:...
6.9AI Score
Real Networks RealPlayer < 14.0.1.609 (Build 12.0.1.609) Multiple Vulnerabilities
The remote host is running RealPlayer, a multi-media application. RealPlayer builds earlier than 12.0.1.609 are potentially affected by vulnerabilities : An uncontrolled array index vulnerability exists in RealMedia media properties. (CVE-2010-4384) A heap overflow vulnerability exists in...
1.6AI Score
0.356EPSS
SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 7101)
This update brings Mozilla Firefox to the 3.5.11 security release. It fixes following security issues : Several memory safety bugs in habe been identified in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs show evidence of memory corruption...
9.8CVSS
-0.2AI Score
0.798EPSS
Twitter Closes Web Hole After Attack Hits Up to 500,000
UPDATE: Engineers at social network Twitter.com plugged a vulnerability in the company’s main Web page after attacks that exploited the hole may have hit more than 500,000 users. The security hole was patched at about 9:45 AM ET, according to a post by Del Harvey (@delbius), the head of Twitter’s.....
-0.3AI Score
Oracle Secure Backup Administration selector Variable Command Injection (CVE-2010-0906)
Oracle Secure Backup is a backup solution allowing for single point of management of data present on network attached storage (NAS) devices and distributed hosts. A command execution vulnerability exists in Oracle Secure Backup server. The vulnerability is due to an insufficient sanitizing when...
7.2AI Score
0.972EPSS
0.5AI Score
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine Advisory ID: cisco-sa-20100811-ace Revision 1.0 For Public Release 2010 August 11 1600 UTC (GMT)...
0.6AI Score
0.001EPSS
openSUSE Security Update : MozillaFirefox (openSUSE-SU-2010:0430-3)
This update brings Mozilla Firefox to the 3.5.11 security release. It fixes following security bugs: MFSA 2010-34 / CVE-2010-1211: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed...
9.8CVSS
10.7AI Score
0.798EPSS
openSUSE Security Update : MozillaFirefox (openSUSE-SU-2010:0430-3)
This update brings Mozilla Firefox to the 3.5.11 security release. It fixes following security bugs: MFSA 2010-34 / CVE-2010-1211: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed...
9.8CVSS
10.7AI Score
0.798EPSS
openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2010:0430-2)
This update brings Mozilla Thunderbird to the 3.0.6 security release. It fixes following security bugs: MFSA 2010-34 / CVE-2010-1211: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed....
9.8CVSS
0.3AI Score
0.798EPSS
openSUSE Security Update : seamonkey (openSUSE-SU-2010:0430-1)
This update brings Mozilla SeaMonkey to the 2.0.6 security release. It fixes following security bugs: MFSA 2010-34 / CVE-2010-1211: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed...
9.8CVSS
AI Score
0.798EPSS
Mozilla Products Multiple Vulnerabilities jul-10 (Windows)
The host is installed with Mozilla Firefox/Seamonkey/Thunderbird that are prone to multiple...
0.5AI Score
0.798EPSS
Mozilla Firefox/Seamonkey/Thunderbird are prone to multiple...
8.8CVSS
8.7AI Score
0.798EPSS
Mozilla Foundation Security Advisory 2010-46
Mozilla Foundation Security Advisory 2010-46 Title: Cross-domain data theft using CSS Impact: Moderate Announced: July 20, 2010 Reporter: Chris Evans Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.6.7 Firefox 3.5.11 Thunderbird 3.1.1 Thunderbird 3.0.6 SeaMonkey 2.0.6...
-0.1AI Score
0.006EPSS
Cross-domain data theft using CSS — Mozilla
Google security researcher Chris Evans reported that data can be read across domains by injecting bogus CSS selectors into a target site and then retrieving the data using JavaScript APIs. If an attacker can inject opening and closing portions of a CSS selector into points A and B of a target...
1.3AI Score
0.006EPSS
ZDI-10-121: Command Injection Remote Code Execution Vulnerability
ZDI-10-121: Command Injection Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-121 July 13, 2010 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: Oracle -- Affected Products: Oracle Secure Backup -- Vulnerability Details: This vulnerability...
1.2AI Score
Oracle Secure Backup Administration selector Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to inject arbitrary commands on vulnerable installations of Oracle Secure Backup. Authentication is required to exploit this vulnerability but may be bypassed. The specific flaw exists in the handling of the 'selector[0]' variable to the script index.php.....
2.6AI Score
0.972EPSS
0.7AI Score
0.546EPSS
0.3AI Score
0.546EPSS
CORE-2010-0316 - Novell iManager Multiple Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://corelabs.coresecurity.com/ Novell iManager Multiple Vulnerabilities Advisory Information Title: Novell iManager Multiple Vulnerabilities Advisory Id: CORE-2010-0316 Advisory URL:...
-0.1AI Score
0.546EPSS
7AI Score
6.4AI Score
EPSS
0.7AI Score
0.546EPSS
Novell iManager Multiple Vulnerabilities
Novell iManager Multiple Vulnerabilities 1. Advisory Information Title: Novell iManager Multiple Vulnerabilities Advisory Id: CORE-2010-0316 Advisory URL: http://www.coresecurity.com/content/novell-imanager-buffer-overflow-off-by-one-vulnerabilities Date published: 2010-06-23 Date of last update:.....
8.2AI Score
AI Score
0.008EPSS
AI Score
0.008EPSS
[SECURITY] Fedora 11 Update: kdeutils-4.4.3-1.fc11.1
Utilities for KDE 4. Includes: * ark: tar/gzip archive manager * kcalc: scientific calculator * kcharselect: character selector * kdelirc: Linux Infrared Remote Control frontend * kdf: view disk usage * kfloppy: floppy formatting tool * kgpg: gpg gui * ktimer: task scheduler *...
0.8AI Score
0.008EPSS