CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNVD•added 2016/10/27 12:0 a.m.•3 views

VMware Fusion Local Information Disclosure Vulnerability

VMware Fusion allows Windows applications to run seamlessly on Intel-based Mac machines. A local information disclosure vulnerability exists in VMware Fusion. Since System Integrity Protection SIP is enabled by default on Mac OS X, a local attacker can exploit the vulnerability to obtain kernel...

5.5CVSS6.1AI score0.00327EPSS

ThreatPost•added 2016/10/20 10:31 a.m.•11 views

Bypassing ASLR in 60 Milliseconds

Address Space Layout Randomization was a champion hardening technology introduced in most major desktop and mobile operating systems as a mitigation against memory-based code-execution attacks. Bypassing ASLR, however, has become somewhat of a parlor game for attackers and white-hat researchers,...

1.7AI score

BDU FSTEC•added 2016/09/22 12:0 a.m.•3 views

The vulnerability of the Windows operating system, which allows a hacker to bypass the ASLR protection mechanism

The vulnerability of the Graphics Device Interface GDI component in the Windows operating system is related to security configuration errors. Exploiting this vulnerability allows a malicious actor to bypass the ASLR protection mechanism by using a specially created application...

4.3CVSS6.5AI score0.14198EPSS

Exploits0References2

OSV•added 2016/09/14 10:59 a.m.•1 views

CVE-2016-3354

The Graphics Device Interface GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to bypass the ASLR protection mechanism via a crafted...

3.3CVSS5.8AI score0.14198EPSS

Exploits0References3

OSV•added 2016/09/14 10:59 a.m.•1 views

CVE-2016-0137

The Click-to-Run C2R implementation in Microsoft Office 2013 SP1 and 2016 allows local users to bypass the ASLR protection mechanism via a crafted application, aka "Microsoft APP-V ASLR Bypass."...

3.3CVSS5.8AI score0.06771EPSS

Exploits0References3

CNVD•added 2016/09/14 12:0 a.m.•1 views

Microsoft Windows GDI Information Disclosure Vulnerability

Microsoft Windows is a family of operating systems released by Microsoft Corporation in the United States. Graphics Device Interface GDI is one of the graphics device interface components. An information disclosure vulnerability exists in the Graphics Device Interface in Microsoft Windows that...

4.3CVSS6.2AI score0.14198EPSS

CNVD•added 2016/07/13 12:0 a.m.•3 views

Microsoft Edge Security Feature Bypass Vulnerability (CNVD-2016-04787)

Microsoft Edge is a web browser developed by Microsoft USA and is the default browser that comes with the Windows 10 operating system. A security bypass vulnerability exists in Microsoft Edge that originates from a program incorrectly implementing Address Space Layout Randomization ASLR. A remote...

4.3CVSS6.6AI score0.18752EPSS

Tenable Nessus•added 2016/07/12 12:0 a.m.•53 views

MS16-085: Cumulative Security Update for Microsoft Edge (3169999)

The version of Microsoft Edge installed on the remote Windows host is missing Cumulative Security Update 3169999. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability exists due to a failure to properly implement Address Space Layout Randomization ASL...

9.3CVSS7.3AI score0.36361EPSS

Exploits0References14

BDU FSTEC•added 2016/07/07 12:0 a.m.•3 views

The vulnerability of the Internet Explorer browser, which allows a malicious attacker to compromise the confidentiality, integrity, and accessibility of protected information.

The Internet Explorer browser contains a vulnerability in its ASLR component a mechanism for randomizing the address space, which is related to errors in the implementation of the address space limitation. Exploiting this vulnerability can allow a malicious actor to bypass the ASLR limitation and...

4.3CVSS5.8AI score0.14728EPSS

10CVSS5.4AI score0.05032EPSS

The vulnerability of Adobe Pepper Flash software for Google Chrome allows a malicious intruder to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability exists in Adobe Pepper Flash for Google Chrome, due to the possibility of accessing information related to memory addresses. Exploiting this vulnerability allows attackers to bypass the ASLR Address Space Layout Redirection protection mechanism...

Vulnerability of Adobe AIR software, which allows a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information

Vulnerability exists in Adobe AIR due to the possibility of accessing information related to memory addresses. Exploiting this vulnerability allows an attacker to bypass the ASLR Address Space Layout Randomization protection mechanism...

BDU FSTEC•added 2016/07/06 12:0 a.m.•2 views

Vulnerability of Adobe AIR software, which allows a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information

Vulnerability of Adobe AIR software, which allows a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information

The vulnerability of Adobe Pepper Flash software for Google Chrome allows a malicious intruder to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability exists in Adobe Pepper Flash for Google Chrome, due to the possibility of accessing information related to memory addresses. Exploiting this vulnerability allows an attacker to bypass the ASLR Address Space Layout Randomization protection mechanism...