Lucene search
K

44 matches found

Microsoft KB
Microsoft KB
added 2020/04/14 7:0 a.m.116 views

Description of the security update for Office 2013: April 14, 2020

Description of the security update for Office 2013: April 14, 2020 Summary This security update resolves a remote code execution vulnerability that exists if Microsoft Office incorrectly loads arbitrary type libraries. To learn more about the vulnerability, see Microsoft Common Vulnerabilities an...

8.8CVSS8.4AI score0.0861EPSS
Exploits0
Microsoft KB
Microsoft KB
added 2020/01/17 12:0 a.m.398 views

Servicing stack update for Windows 10, version 1903 and 1909: January 14, 2020

Servicing stack update for Windows 10, version 1903 and 1909: January 14, 2020 Summary This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates SSU makes sure that you have a robust and reliable servicing stack so...

6.7AI score
Exploits0
Oracle linux
Oracle linux
added 2019/12/17 12:0 a.m.36 views

grub2 security update

2.02-78.0.2 - grub-set-bootflag: fix grubenv update method, fix CVE-2019-14865 Orabug: 30607067...

5.9CVSS1.2AI score0.00327EPSS
Exploits0
Microsoft KB
Microsoft KB
added 2019/07/06 12:0 a.m.156 views

Servicing stack update for Windows 10, Version 1703: July 9, 2019

Servicing stack update for Windows 10, Version 1703: July 9, 2019 Summary This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Key changes include: Addresses an issue with a Secure Boot feature update that may cause BitLocker to go...

6.5AI score
Exploits0
Microsoft KB
Microsoft KB
added 2019/06/11 7:0 a.m.173 views

Description of the security update for Office Online Server: June 11, 2019

Description of the security update for Office Online Server: June 11, 2019 Summary This security update resolves a remote code execution vulnerability that exists in Microsoft Word software if the program does not correctly handle objects in memory. To learn more about the vulnerability, see...

9.3CVSS7.9AI score0.06558EPSS
Exploits0
CNVD
CNVD
added 2018/06/04 12:0 a.m.2 views

Quest DR Series Disk Backup Software Command Injection Vulnerability (CNVD-2018-15866)

The Quest DR Series are disk storage and deduplication appliances. A command injection vulnerability exists in the "user update" method in versions of Quest DR Series disk backup software prior to version 4.0.3.1. An attacker could exploit this vulnerability to execute arbitrary system commands...

8.8CVSS9.2AI score0.04602EPSS
Exploits2References1
RedHat Linux
RedHat Linux
added 2018/01/25 11:17 a.m.6 views

kernel: local privesc in key management

A flaw was found in the Linux kernel's key management system where it was possible for an attacker to escalate privileges or crash the machine. If a user key gets negatively instantiated, an error code is cached in the payload area. A negatively instantiated key may be then be positively...

7.8CVSS6.6AI score0.00427EPSS
Exploits0References5
CNVD
CNVD
added 2016/11/08 12:0 a.m.0 views

Exponent CMS SQL Injection Vulnerability (CNVD-2016-10804)

Exponent is a web content management system. Multiple SQL injection vulnerabilities exist in the framework/modules/core/controllers/expRatingController.php/update method in Exponent CMS version 2.4.0, which can be exploited by an authenticated remote user to execute arbitrary SQL commands via the...

8.8CVSS8.5AI score0.01373EPSS
Exploits0References1
Cvelist
Cvelist
added 2016/11/07 11:0 a.m.17 views

CVE-2016-9242

Multiple SQL injection vulnerabilities in the update method in framework/modules/core/controllers/expRatingController.php in Exponent CMS 2.4.0 allow remote authenticated users to execute arbitrary SQL commands via the 1 contenttype or 2 subtype parameter...

9.2AI score0.01373EPSS
Exploits0References2
NVD
NVD
added 2012/08/13 11:55 p.m.25 views

CVE-2012-2330

The Update method in src/nodehttpparser.cc in Node.js before 0.6.17 and 0.7 before 0.7.8 does not properly check the length of a string, which allows remote attackers to obtain sensitive information request header contents and possibly spoof HTTP headers via a zero length string...

6.4CVSS6.1AI score0.02595EPSS
Exploits1References7
UbuntuCve
UbuntuCve
added 2012/08/13 11:55 p.m.47 views

CVE-2012-2330

The Update method in src/nodehttpparser.cc in Node.js before 0.6.17 and 0.7 before 0.7.8 does not properly check the length of a string, which allows remote attackers to obtain sensitive information request header contents and possibly spoof HTTP headers via a zero length string...

6.4CVSS5.9AI score0.02595EPSS
Exploits1References3
CVE
CVE
added 2012/08/13 11:0 p.m.62 views

CVE-2012-2330

The CVE-2012-2330 entry affects Node.js, where the Update method in src/node_http_parser.cc fails to properly check string length in versions prior to 0.6.17 and 0.7 prior to 0.7.8. This could allow remote attackers to read sensitive request header contents and potentially spoof HTTP headers via ...

6.4CVSS6.2AI score0.02595EPSS
Exploits1References7Affected Software1
Cvelist
Cvelist
added 2012/08/13 11:0 p.m.29 views

CVE-2012-2330

The Update method in src/nodehttpparser.cc in Node.js before 0.6.17 and 0.7 before 0.7.8 does not properly check the length of a string, which allows remote attackers to obtain sensitive information request header contents and possibly spoof HTTP headers via a zero length string...

6.1AI score0.02595EPSS
Exploits1References7
Debian CVE
Debian CVE
added 2012/08/13 11:0 p.m.30 views

CVE-2012-2330

The Update method in src/nodehttpparser.cc in Node.js before 0.6.17 and 0.7 before 0.7.8 does not properly check the length of a string, which allows remote attackers to obtain sensitive information request header contents and possibly spoof HTTP headers via a zero length string...

6.4CVSS6AI score0.02595EPSS
Exploits1
myhack58
myhack58
added 2012/05/14 12:0 a.m.12 views

Node.js HTTP parsing vulnerability-vulnerability warning-the black bar safety net

Indicates a temporary no nodejs in the field, and nodejs in the country I'm in Ali cloud seen once, it is sent to it. the poc in this: https://gist.github.com/2628868 The official announcement on this: http://blog.nodejs.org/2012/05/07/http-server-security-vulnerability-please-upgrade-to-0-6-17/...

0.7AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2012/04/09 12:0 a.m.20 views

(Pwn2Own) Adobe Flash Player NetStream addBytes Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Flash...

9CVSS7.6AI score
Exploits0References1
Prion
Prion
added 2009/09/08 10:30 a.m.14 views

Design/Logic Flaw

Insecure method vulnerability in the UUSee UUUpgrade ActiveX control UUUpgrade.ocx 3.0.2.12 allows remote attackers to force the download and overwrite of arbitrary files via crafted arguments to the Update method, as exploited in the wild in June 2009...

9.3CVSS7.4AI score0.05647EPSS
Exploits1References3Affected Software2
Cvelist
Cvelist
added 2009/09/08 10:0 a.m.24 views

CVE-2008-7168

Insecure method vulnerability in the UUSee UUUpgrade ActiveX control UUUpgrade.ocx 3.0.2.12 allows remote attackers to force the download and overwrite of arbitrary files via crafted arguments to the Update method, as exploited in the wild in June 2009...

6.8AI score0.05647EPSS
Exploits1References3
VulnCheck KEV
VulnCheck KEV
added 2009/09/08 12:0 a.m.3 views

VulnCheck KEV: CVE-2008-7168

Insecure method vulnerability in the UUSee UUUpgrade ActiveX control UUUpgrade.ocx 3.0.2.12 allows remote attackers to force the download and overwrite of arbitrary files via crafted arguments to the Update method, as exploited in the wild in June 2009...

9.3CVSS5.9AI score0.05647EPSS
Exploits1References1
Prion
Prion
added 2008/07/11 10:41 p.m.12 views

Stack overflow

Stack-based buffer overflow in the ActiveX control as2guiie.dll in Panda ActiveScan before 1.02.00 allows remote attackers to cause a denial of service crash or execute arbitrary code via a long argument to the Update method...

9.3CVSS8.7AI score0.07706EPSS
Exploits1References9Affected Software1
Rows per page
Query Builder