Internet Security Security Vulnerabilities
Stack-based buffer overflow in the QuickTime ActiveX control in Apple QuickTime before 7.7 on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted QTL...
7.9AI Score
0.01EPSS
Microsoft Internet Explorer 8 and earlier, and Internet Explorer 9 beta, does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing a file: URL, as...
6.5AI Score
0.01EPSS
Multiple race conditions in Comodo Internet Security before 5.8.213334.2131 allow local users to bypass the Defense+ feature via unspecified...
6.4AI Score
0.0004EPSS
The Antivirus component in Comodo Internet Security before 5.4.189822.1355 allows remote attackers to cause a denial of service (application crash) via a crafted .PST...
6.7AI Score
0.001EPSS
The Antivirus component in Comodo Internet Security before 5.3.175888.1227 does not properly check whether unspecified X.509 certificates are revoked, which has unknown impact and remote attack...
6.9AI Score
0.001EPSS
The Antivirus component in Comodo Internet Security before 5.3.175888.1227 does not check whether X.509 certificates in signed executable files have been revoked, which has unknown impact and remote attack...
7AI Score
0.001EPSS
The Antivirus component in Comodo Internet Security before 5.3.175888.1227 allows remote attackers to cause a denial of service (application crash) via a crafted compressed...
6.7AI Score
0.001EPSS
Multiple race conditions in Comodo Internet Security before 5.8.211697.2124 allow local users to bypass the Defense+ feature via unspecified...
6.5AI Score
0.0004EPSS
The Keystroke Encryption feature in Trend Micro Internet Security 2009 (aka Virus Buster 2009 and PC-cillin 2009) does not completely encrypt passwords, which allows local users to obtain sensitive information by leveraging a...
5.9AI Score
0.001EPSS
The sandbox protection mechanism in Microsoft Internet Explorer 9 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own competition at CanSecWest...
7.7AI Score
0.05EPSS
Unspecified vulnerability in Microsoft Internet Explorer 10 on Windows 8 allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a Medium integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest...
6.8AI Score
0.088EPSS
Unspecified vulnerability in BitDefender allows attackers to execute arbitrary code via unspecified vectors, aka EEYEB-20071024. NOTE: as of 20071029, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being...
7.5AI Score
0.024EPSS
Microsoft Internet Explorer cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS)...
6.6AI Score
0.004EPSS
A Denial-of-Service vulnerability was discovered in the F-Secure and WithSecure products where aerdl.so/aerdl.dll may go into an infinite loop when unpacking PE files. It is possible that this can crash the scanning...
5.5CVSS
5.5AI Score
0.001EPSS
A Denial-of-Service vulnerability was discovered in the F-Secure and WithSecure products where aerdl.dll may go into an infinite loop when unpacking PE files. It is possible that this can crash the scanning...
7.5CVSS
7.5AI Score
0.001EPSS
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aerdl unpack function crashes. This can lead to a possible scanning engine crash. The exploit can be triggered remotely by an...
7.5CVSS
7.4AI Score
0.001EPSS
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aegen.dll will go into an infinite loop when unpacking PE files. This eventually leads to scanning engine crash. The exploit can be triggered remotely by an...
7.5CVSS
7.4AI Score
0.001EPSS
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the aerdl.dll component used in certain WithSecure products unpacker function crashes which leads to scanning engine crash. The exploit can be triggered remotely by an...
7.5CVSS
7.4AI Score
0.001EPSS
A Denial-of-Service vulnerability was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files it is possible that can crash the scanning engine. The exploit can be triggered remotely by an...
7.5CVSS
7.5AI Score
0.001EPSS
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aepack.dll component can crash the scanning...
7.5CVSS
7.5AI Score
0.001EPSS
A Denial-of-Service vulnerability was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed APK file it is possible that can crash the scanning...
7.5CVSS
7.5AI Score
0.001EPSS
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aeheur.dll component can crash the scanning engine. The exploit can be triggered remotely by an...
7.5CVSS
7.5AI Score
0.001EPSS
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aemobile component can crash the scanning engine. The exploit can be triggered remotely by an...
6.5CVSS
6.4AI Score
0.001EPSS
Local privilege escalation in Windows products of ESET allows user who is logged into the system to exploit repair feature of the installer to run malicious code with higher privileges. This issue affects: ESET, spol. s r.o. ESET NOD32 Antivirus 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o.....
7.8CVSS
7.6AI Score
0.0004EPSS
Privilege escalation vulnerability in Windows products of ESET, spol. s r.o. allows attacker to exploit "Repair" and "Uninstall" features what may lead to arbitrary file deletion. This issue affects: ESET, spol. s r.o. ESET NOD32 Antivirus 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET.....
7.1CVSS
7AI Score
0.0004EPSS
The DOM XML parser and SAX XML parser components of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center, TIBCO Managed File Transfer Command Center, TIBCO Managed File Transfer Internet Server, and TIBCO Managed File Transfer Internet Server contains an easily exploitable...
9.1CVSS
9.4AI Score
0.001EPSS
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the fsicapd component used in certain F-Secure products while scanning larger packages/fuzzed files consume too much memory eventually can crash the scanning engine. The exploit can be triggered remotely by an...
7.5CVSS
7.4AI Score
0.001EPSS
Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security with antivirus databases released before 12 March 2022 had a bug in a data parsing module that potentially allowed an attacker to execute arbitrary code. The fix was delivered automatically. Credits: Georgy Zaytsev (Positive...
9.8CVSS
9.5AI Score
0.003EPSS
A denial-of-service issue existed in one of modules that was incorporated in Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security. A local user could cause Windows crash by running a specially crafted binary module. The fix was delivered automatically. Credits: (Straghkov Denis,.....
5.5CVSS
5.4AI Score
0.0004EPSS
Internet Routing Registry daemon version 4 is an IRR database server, processing IRR objects in the RPSL format. IRRd did not always filter password hashes in query responses relating to mntner objects and database exports. This may have allowed adversaries to retrieve some of these hashes,...
7.5CVSS
7.6AI Score
0.001EPSS
Bluedon Information Security Technologies Co.,Ltd Internet Access Detector v1.0 was discovered to contain an information leak which allows attackers to access the contents of the password file via unspecified...
7.5CVSS
7.3AI Score
0.002EPSS
The kernel mode driver kwatch3 of KINGSOFT Internet Security 9 Plus Version 2010.06.23.247 fails to properly handle crafted inputs, leading to stack-based buffer...
7.8CVSS
7.5AI Score
0.001EPSS
An arbitrary code execution vulnerability was found in the F-Secure Support Tool. A standard user can craft a special configuration file, which when run by administrator can execute any...
7.3CVSS
7.5AI Score
0.0004EPSS
Incorrect Permission Assignment for Critical Resource vulnerability in the crash handling component BDReinit.exe as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools for Windows allows a remote attacker to escalate local privileges to SYSTEM. This issue....
7.8CVSS
7.6AI Score
0.005EPSS
A NULL Pointer Dereference vulnerability in the messaging_ipc.dll component as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools, VPN Standalone allows an attacker to arbitrarily crash product processes and generate crashdump files. This issue affects:.....
6.1CVSS
6.1AI Score
0.001EPSS
ZyXEL ZyWALL 2 Plus Internet Security Appliance is affected by Cross Site Scripting (XSS). Insecure URI handling leads to bypass security restriction to achieve Cross Site Scripting, which allows an attacker able to execute arbitrary JavaScript codes to perform multiple attacks such as clipboard...
6.1CVSS
6.4AI Score
0.122EPSS
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Linux Security whereby the Fmlib component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service of the...
6.5CVSS
6.4AI Score
0.001EPSS
A Process Control vulnerability in ProductAgentUI.exe as used in Bitdefender Antivirus Plus allows an attacker to tamper with product settings via a specially crafted DLL file. This issue affects: Bitdefender Antivirus Plus versions prior to 24.0.26.136. Bitdefender Internet Security versions...
8.2CVSS
7.3AI Score
0.001EPSS
A vulnerability affecting F-Secure antivirus engine before Capricorn update 2022-02-01_01 was discovered whereby decompression of ACE file causes the scanner service to stop. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the...
5.3CVSS
5.2AI Score
0.001EPSS
ESET products for Windows allows untrusted process to impersonate the client of a pipe, which can be leveraged by attacker to escalate privileges in the context of NT...
7.8CVSS
7.6AI Score
0.001EPSS
A vulnerability affecting F-Secure antivirus engine was discovered whereby scanning MS outlook .pst files can lead to denial-of-service. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus...
5.5CVSS
5.4AI Score
0.001EPSS
A link following denial-of-service (DoS) vulnerability in the Trend Micro Security (Consumer) 2021 familiy of products could allow an attacker to abuse the PC Health Checkup feature of the product to create symlinks that would allow modification of files which could lead to a...
7.1CVSS
6.8AI Score
0.001EPSS
Trend Micro Security 2021 v17.0 (Consumer) contains a vulnerability that allows files inside the protected folder to be modified without any...
5.5CVSS
5.4AI Score
0.0004EPSS
A vulnerability affecting F-Secure antivirus engine was discovered whereby unpacking UPX file can lead to denial-of-service. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus...
5.5CVSS
5.4AI Score
0.001EPSS
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVRDL unpacking module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in...
6.5CVSS
6.4AI Score
0.001EPSS
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVPACK module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS).....
6.5CVSS
6.4AI Score
0.001EPSS
A vulnerability affecting the F-Secure Antivirus engine was discovered when the engine tries to unpack a zip archive (LZW decompression method), and this can crash the scanning engine. The vulnerability can be exploited remotely by an attacker. A successful attack will result in Denial-of-Service.....
5.5CVSS
5.2AI Score
0.001EPSS
A denial-of-service (DoS) vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. The vulnerability occurs because of an attacker can trigger assertion via malformed HTTP packet to web interface. An unauthenticated attacker could exploit this vulnerability by...
7.5CVSS
7.4AI Score
0.001EPSS
A vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. An authenticated user can modify settings through the web user interface in a way that could lead to an arbitrary code execution on the F-Secure Internet Gatekeeper...
8.8CVSS
8.7AI Score
0.001EPSS
A security researcher stored XSS via a Help Server setting. This affects customers using Internet Explorer, because they do not support...
6.5CVSS
5.6AI Score
0.001EPSS