799 matches found
CVE-2016-3235
Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Visio Viewer 2010 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side Loading Vulnerability."...
CVE-2016-3231
The Standard Collector service in Windows Diagnostics Hub mishandles library loading, which allows local users to gain privileges via a crafted application, aka "Windows Diagnostics Hub Elevation of Privilege Vulnerability."...
Security feature bypass
Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Visio Viewer 2010 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side Loading Vulnerability."...
CVE-2016-3235
Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Visio Viewer 2010 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side Loading Vulnerability."...
CVE-2016-3235
Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Visio Viewer 2010 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side Loading Vulnerability."...
Windows Diagnostics Hub Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input, leading to an unsecure library-loading behavior. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system...
PT-2016-2169 · Microsoft · Office Visio +1
Name of the Vulnerable Software and Affected Versions: Microsoft Visio versions 2007 SP3 through 2016 Microsoft Visio Viewer versions 2007 SP3 through 2010 Description: The issue is related to errors in library loading, which can allow a remote attacker to elevate their privileges using a special...
About the security content of iTunes 12.4 - Apple Support
For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website. For information about...
About the security content of iTunes 12.4
About the security content of iTunes 12.4 This document describes the security content of iTunes 12.4. For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To...
Debian DLA-473-1 : wpa security update
A vulnerability was found in how hostapd and wpasupplicant writes the configuration file update for the WPA/WPA2 passphrase parameter. If this parameter has been updated to include control characters either through a WPS operation CVE-2016-4476 or through local configuration change over the...
DLA-473-1 wpa - security update
Bulletin has no description...
Microsoft Windows DLL Loading Remote Code Execution Vulnerability
Microsoft Windows is a series of operating systems released by Microsoft Corporation in the U.S. Microsoft Internet Information Services IIS is a set of basic Internet services running in Microsoft Windows. A remote code execution vulnerability exists in IIS for Microsoft Windows Vista SP2 and...
CVE-2016-4477
wpasupplicant 0.4.0 through 2.5 does not reject \n and \r characters in passphrase parameters, which allows local users to trigger arbitrary library loading and consequently gain privileges, or cause a denial of service daemon outage, via a crafted 1 SET, 2 SETCRED, or 3 SETNETWORK command...
CVE-2016-4477
wpasupplicant 0.4.0 through 2.5 does not reject \n and \r characters in passphrase parameters, which allows local users to trigger arbitrary library loading and consequently gain privileges, or cause a denial of service daemon outage, via a crafted 1 SET, 2 SETCRED, or 3 SETNETWORK command...
DEBIAN-CVE-2016-4477
wpasupplicant 0.4.0 through 2.5 does not reject \n and \r characters in passphrase parameters, which allows local users to trigger arbitrary library loading and consequently gain privileges, or cause a denial of service daemon outage, via a crafted 1 SET, 2 SETCRED, or 3 SETNETWORK command...
CVE-2016-4477
CVE-2016-4477 affects wpa_supplicant (and hostapd) when updating WPA/WPA2 passphrases: input containing newline/control characters can cause the updated configuration to execute code or disrupt service. In practice, this enables local privilege escalation via the control interface (SET_NETWORK) a...
CVE-2016-4477
wpasupplicant 0.4.0 through 2.5 does not reject \n and \r characters in passphrase parameters, which allows local users to trigger arbitrary library loading and consequently gain privileges, or cause a denial of service daemon outage, via a crafted 1 SET, 2 SETCRED, or 3 SETNETWORK command...
UBUNTU-CVE-2016-4477
wpasupplicant 0.4.0 through 2.5 does not reject \n and \r characters in passphrase parameters, which allows local users to trigger arbitrary library loading and consequently gain privileges, or cause a denial of service daemon outage, via a crafted 1 SET, 2 SETCRED, or 3 SETNETWORK command...
Cisco WebEx Productivity Tools Search Path Handling Vulnerability
Cisco WebEx Productivity Tools is a set of tools for adding a user's application to a WebEx Meetings session. Cisco WebEx Productivity Tools fails to handle search paths correctly, allowing local attackers to build multiple malicious cryptsp.dll, dwmapi.dll, msimg32.dll, ntmarta.dll, propsys.dll,...
Microsoft .NET Framework Remote Code Execution Vulnerability (CNVD-2016-02244)
Microsoft .NET Framework is a comprehensive and consistent programming model developed by Microsoft Corporation USA and a development platform for building Windows, Windows Store, Windows Phone, Windows Server and Microsoft Azure Windows Store, Windows Phone, Windows Server, and Microsoft Azure...