832 matches found
Multiple IBM DB2 Products Local Lift Vulnerabilities
IBM DB2 is a relational database management system from IBM in the United States. Multiple IBM DB2 products fail to properly validate input prior to loading into the library, allowing a local attacker to exploit the vulnerability to gain root privileges by constructing malicious libraries in a...
The vulnerability of Microsoft Visio graphic editors and the Microsoft Visio Viewer, which allows attackers to exploit their privileges.
The vulnerability of Microsoft Visio graphic editors and the Microsoft Visio Viewer software relates to errors during library loading. Exploiting this vulnerability can allow attackers to enhance their privileges through a specially created application...
CVE-2016-3235
Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Visio Viewer 2010 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side Loading Vulnerability."...
CVE-2016-3231
The Standard Collector service in Windows Diagnostics Hub mishandles library loading, which allows local users to gain privileges via a crafted application, aka "Windows Diagnostics Hub Elevation of Privilege Vulnerability."...
Security feature bypass
Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Visio Viewer 2010 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side Loading Vulnerability."...
CVE-2016-3235
Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Visio Viewer 2010 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side Loading Vulnerability."...
CVE-2016-3235
Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Visio Viewer 2010 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side Loading Vulnerability."...
Windows Diagnostics Hub Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input, leading to an unsecure library-loading behavior. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system...
PT-2016-2169 · Microsoft · Office Visio +1
Name of the Vulnerable Software and Affected Versions: Microsoft Visio versions 2007 SP3 through 2016 Microsoft Visio Viewer versions 2007 SP3 through 2010 Description: The issue is related to errors in library loading, which can allow a remote attacker to elevate their privileges using a special...
The vulnerability of the Windows operating system, which allows a hacker to increase their privileges
The vulnerability of the Internet Information Services component of the Windows operating system is related to improper handling of library loading. Exploiting this vulnerability can allow a local attacker to enhance their privileges through a specially created application...
About the security content of iTunes 12.4 - Apple Support
For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website. For information about...
About the security content of iTunes 12.4
About the security content of iTunes 12.4 This document describes the security content of iTunes 12.4. For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To...
Debian DLA-473-1 : wpa security update
A vulnerability was found in how hostapd and wpasupplicant writes the configuration file update for the WPA/WPA2 passphrase parameter. If this parameter has been updated to include control characters either through a WPS operation CVE-2016-4476 or through local configuration change over the...
DLA-473-1 wpa - security update
Bulletin has no description...
Microsoft Windows DLL Loading Remote Code Execution Vulnerability
Microsoft Windows is a series of operating systems released by Microsoft Corporation in the U.S. Microsoft Internet Information Services IIS is a set of basic Internet services running in Microsoft Windows. A remote code execution vulnerability exists in IIS for Microsoft Windows Vista SP2 and...
CVE-2016-4477
wpasupplicant 0.4.0 through 2.5 does not reject \n and \r characters in passphrase parameters, which allows local users to trigger arbitrary library loading and consequently gain privileges, or cause a denial of service daemon outage, via a crafted 1 SET, 2 SETCRED, or 3 SETNETWORK command...
DEBIAN-CVE-2016-4477
wpasupplicant 0.4.0 through 2.5 does not reject \n and \r characters in passphrase parameters, which allows local users to trigger arbitrary library loading and consequently gain privileges, or cause a denial of service daemon outage, via a crafted 1 SET, 2 SETCRED, or 3 SETNETWORK command...
CVE-2016-4477
wpasupplicant 0.4.0 through 2.5 does not reject \n and \r characters in passphrase parameters, which allows local users to trigger arbitrary library loading and consequently gain privileges, or cause a denial of service daemon outage, via a crafted 1 SET, 2 SETCRED, or 3 SETNETWORK command...
CVE-2016-4477
wpasupplicant 0.4.0 through 2.5 does not reject \n and \r characters in passphrase parameters, which allows local users to trigger arbitrary library loading and consequently gain privileges, or cause a denial of service daemon outage, via a crafted 1 SET, 2 SETCRED, or 3 SETNETWORK command...
CVE-2016-4477
CVE-2016-4477 affects wpa_supplicant (and hostapd) when updating WPA/WPA2 passphrases: input containing newline/control characters can cause the updated configuration to execute code or disrupt service. In practice, this enables local privilege escalation via the control interface (SET_NETWORK) a...