CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2015/12/11 11:0 a.m.•47 views

CVE-2015-7063

The CVE-2015-7063 issue affects Apple macOS (OS X) EFI kernel loader prior to macOS 10.11.2. A local attacker can gain privileges through a crafted pathname, as described in the vulnerability summary. The impact is local privilege escalation, with the vulnerability rooted in EFI kernel-loader pat...

7.2CVSS7.6AI score0.00354EPSS

Exploits0References3Affected Software1

Cvelist•added 2015/12/11 11:0 a.m.•21 views

CVE-2015-7063

The kernel loader in EFI in Apple OS X before 10.11.2 allows local users to gain privileges via a crafted pathname...

7.9AI score0.00354EPSS

RedHat Linux•added 2015/11/11 11:21 a.m.•3 views

flash-plugin: multiple code execution issues fixed in APSB15-25

Buffer overflow in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allows attackers to execute arbitrary code via a...

BDU FSTEC•added 2015/10/29 12:0 a.m.•3 views

Exploits0References5

The vulnerability of the Flash Player and Adobe Integrated Runtime software allows a perpetrator to execute arbitrary code.

The vulnerability of the Flash Player and Adobe Integrated Runtime programming platforms arises due to buffer overflows. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted Loader object...

9.3CVSS6.3AI score0.08245EPSS

Exploits0References3Affected Software2

RedHat Linux•added 2015/10/15 11:17 a.m.•2 views

flash-plugin: multiple code execution issues fixed in APSB15-25

UbuntuCve•added 2015/10/15 12:0 a.m.•22 views

Exploits0References5

CVE-2015-7632

OSV•added 2015/10/15 12:0 a.m.•1 views

UBUNTU-CVE-2015-7632

Zero Day Initiative•added 2015/10/13 12:0 a.m.•30 views

Adobe Flash Loader loadBytes Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Loader object. B...

6.8CVSS6.8AI score0.08245EPSS

Exploits0References1

Tenable Nessus•added 2015/09/28 12:0 a.m.•34 views

Debian DLA-316-1 : eglibc security update

Several vulnerabilities have been discovered in eglibc that may lead to a privilege escalation or denial of service. Glibc pointer guarding weakness A weakness in the dynamic loader prior has been found. The issue is that the LDPOINTERGUARD in the environment is not sanitized allowing local...

5CVSS7.5AI score0.06359EPSS

Exploits1References3

OSV•added 2015/09/08 7:20 a.m.•3 views

MGASA-2015-0339 Updated freeimage packages fix security vulnerabilities

Updated freeimage packages fix security vulnerability: FreeImage is vulnerable to an integer overflow in PluginPCX.cpp, making the PCX loader vulnerable to malicious images with a bad window specification CVE-2015-0852. Moreover, FreeImage was built in Mageia against a number of bundled libraries...

5CVSS6.6AI score0.0295EPSS

Tenable Nessus•added 2015/08/31 12:0 a.m.•51 views

RHEL 7 : kernel-rt (RHSA-2015:1565)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:1565 advisory. - kernel: netfilter connection tracking extensions denial of service CVE-2014-9715 - kernel: execution in the early microcode loader...

6.9CVSS8AI score0.03027EPSS

Exploits7References12

RedHat Linux•added 2015/08/06 2:42 a.m.•0 views

kernel: execution in the early microcode loader

A stack-based buffer overflow flaw was found in the Linux kernel's early load microcode functionality. On a system with UEFI Secure Boot enabled, a local, privileged user could use this flaw to increase their privileges to the kernel ring0 level, bypassing intended restrictions in place...

6.9CVSS7AI score0.0042EPSS

RedHat Linux•added 2015/08/05 8:13 p.m.•0 views

kernel: execution in the early microcode loader

6.9CVSS7AI score0.0042EPSS

CNVD•added 2015/07/24 12:0 a.m.•4 views

Google Chrome Blink Security Bypass Vulnerability (CNVD-2015-04879)

Blink is the United States Google Google Inc. and Norway Opens Opera Software company jointly developed a set of browser layout engine rendering engine. A security vulnerability exists in the core/loader/ImageLoader.cpp file in Blink, as used in Google Chrome versions prior to 44.0.2403.89, which...

4.3CVSS8.9AI score0.0171EPSS

Exploits0References1

Prion•added 2015/07/23 12:59 a.m.•18 views

Design/Logic Flaw

core/loader/ImageLoader.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly determine the V8 context of a microtask, which allows remote attackers to bypass Content Security Policy CSP restrictions by providing an image from an unintended source...

4.3CVSS6.5AI score0.0171EPSS

Exploits0References9Affected Software7

ThreatPost•added 2015/07/22 2:54 p.m.•8 views

Bartalex Variants Spotted Dropping Pony, Dyre Malware

Some strains of Bartalex malware, a macro-based malware that first surfaced earlier this year, have recently been spotted dropping Pony loader malware and the Dyre banking Trojan. Primarily spread through spam, the first iterations of Bartalex were observed in late March embedded in Microsoft Wor...

2.1AI score