Lucene search
K
CertMost viewed

3704 matches found

CERT
CERT
•added 2002/12/06 12:0 a.m.•40 views

Microsoft Windows Remote Desktop Protocol (RDP) uses weak algorithm for encrypting packets

Overview Microsoft Windows Remote Desktop Protocol RDP uses a weak algorithm for encrypting packets. Description Microsoft describes RDP as follows.RDP is based on, and is an extension of, the T.120 protocol family standards. It is a multichannel-capable protocol that allows for separate virtual...

5CVSS6.1AI score0.24001EPSS
Exploits0References5
CERT
CERT
•added 2002/10/04 12:0 a.m.•40 views

Microsoft Services for Unix 3.0 Interix SDK vulnerable to buffer overrun via RPC request containing improper parameter size check

Overview Microsoft Services for Unix 3.0 Interix SDK contains a remotely exploitable buffer overflow. Description Quoting from Microsoft's Services for Unix 3.0 homepage, "Windows Services for UNIX version 3.0 provides a full range of cross-platform services for integrating Windows into existing...

5CVSS6.9AI score0.13903EPSS
Exploits0References1
CERT
CERT
•added 2002/09/16 12:0 a.m.•40 views

Microsoft Internet Explorer contains cross-site scripting vulnerabilities in local HTML resources

Overview Microsoft Internet Explorer IE includes several local HTML resources that contain cross-site scripting vulnerabilities. These resources use the dialogArguments property of dialog frames insecurely, allowing an attacker to execute arbitrary script in the Local Machine Zone. Description...

7.6AI score
Exploits0References26
CERT
CERT
•added 2002/07/26 12:0 a.m.•40 views

Microsoft SQL Server contains buffer overflow vulnerabilities in multiple extended stored procedures

Overview Microsoft SQL Server 7.0 and SQL Server 2000 contain buffer overflow vulnerabilities in multiple extended stored procedures. A remote attacker could cause a denial of service or execute arbitrary code or commands with the privileges of the SQL Server process, potentially gaining complete...

7.5CVSS8.3AI score0.24864EPSS
Exploits0References5
CERT
CERT
•added 2002/06/13 12:0 a.m.•40 views

Microsoft Internet Information Server (IIS) contains remote buffer overflow in chunked encoding data transfer mechanism for HTR

Overview A buffer overflow vulnerability in IIS 4.0 and 5.0 could allow an intruder to execute arbitrary code on an IIS server with the privileges of the HTR ISAPI extension. Description Chunked encoding is a means to transfer variable-sized units of data called chunks from a web client to a web...

7.5CVSS7.6AI score0.23901EPSS
Exploits4References1
CERT
CERT
•added 2002/03/28 12:0 a.m.•40 views

HP-UX kernel specifies incorrect arguments for setrlimit()

Overview A problem exists in some versions of the HP-UX kernel allowing an intruder to cause kernel panics. Description Certain versions of HP-UX setrlimit system call contain a vulnerability that permits an intruder to cause kernel panics or compromise the system. Quoting from HP Security Bullet...

4.6CVSS6.5AI score0.00622EPSS
Exploits0References2
CERT
CERT
•added 2002/02/25 12:0 a.m.•40 views

Oracle9i Application Server Apache PL/SQL module does not properly handle HTTP Authorization header

Overview A vulnerability exists in the way the Apache Procedural Language/Structured Query Language PL/SQL module used by Oracle9i Application Server iAS handles HTTP Authorization headers. This vulnerability could allow an unauthenticated remote attacker to crash the Apache service. Description...

5CVSS9.1AI score0.03575EPSS
Exploits0References8
CERT
CERT
•added 2001/12/10 12:0 a.m.•40 views

GnuPG format string vulnerability in do_get() in ttyio.c while prompting for a new filename

Overview There is a format string vulnerability in GNU Privacy Guard. By sending a GPG message with a carefully crafted malicious filename, an attacker may be able to execute arbitrary code as the user who decrypts the message. Description GNU Privacy Guard GPG is a free, RFC2440 compliant...

7.5CVSS6.8AI score0.13728EPSS
Exploits0References13
CERT
CERT
•added 2001/05/11 12:0 a.m.•40 views

ISC BIND 8.2.2-P6 vulnerable to DoS when processing SRV records, aka the "srv bug"

Overview There is a denial-of-service vulnerability in several versions of the Internet Software Consortium's ISC BIND software. This vulnerability is referred to by the ISC as the "srv bug" and affects ISC BIND versions 8.2 through 8.2.2-P6. Description This vulnerability can cause affected DNS...

5CVSS6.3AI score0.07548EPSS
Exploits0References2
CERT
CERT
•added 2025/01/17 12:0 a.m.•39 views

Insecure Implementation of Tunneling Protocols (GRE/IPIP/4in6/6in4)

Overview Tunnelling protocols are an essential part of the Internet and form much of the backbone that modern network infrastructure relies on today. One limitation of these protocols is that they do not authenticate and/or encrypt traffic. Though this limitation exists, IPsec can be implemented ...

6.5CVSS6.5AI score0.28537EPSS
Exploits0References4
CERT
CERT
•added 2024/03/14 12:0 a.m.•39 views

CPU hardware utilizing speculative execution may be vulnerable to speculative race conditions

Overview A Speculative Race Condition SRC vulnerability that impacts modern CPU architectures supporting speculative execution has been discovered. CPU hardware utilizing speculative execution that are vulnerable to Spectre v1 are likely affected. An unauthenticated attacker can exploit this...

5.7CVSS6.3AI score0.01231EPSS
Exploits0References4
CERT
CERT
•added 2022/08/04 12:0 a.m.•39 views

muhttpd versions 1.1.5 and earlier are vulnerable to path traversal

Overview Versions 1.1.5 and earlier of the mu HTTP deamon muhttpd are vulnerable to path traversal via crafted HTTP request from an unauthenticated user. This vulnerability can allow unauthenticated users to download arbitrary files and collect private information on the target device. Descriptio...

7.5CVSS7.7AI score0.12001EPSS
Exploits2References3
CERT
CERT
•added 2016/01/07 12:0 a.m.•39 views

IPSwitch WhatsUp Gold does not validate commands when deserializing XML objects

Overview IPSwitch WhatsUp Gold version 16.3 does not properly validate data when deserializing XML objects sent over SOAP requests. Description CWE-502: Deserialization of Untrusted Data - CVE-2015-8261 WhatsUp Gold version 16.3 contains a SOAP request handler named DroneDeleteOldMeasurements...

9.8CVSS9.8AI score0.0355EPSS
Exploits4
CERT
CERT
•added 2015/10/27 12:0 a.m.•39 views

EPSON Network Utility installs EpsonBidirectionalService with insecure permissions

Overview EPSON Network Utility contains a local privilege escalation vulnerability, which allows a local attacker to execute arbitrary code with SYSTEM privileges. Description CWE-276: Incorrect Default Permissions - CVE-2015-6034EPSON Network Utility v4.10 is an application that checks the print...

6.9CVSS7.3AI score0.00319EPSS
Exploits0References2
CERT
CERT
•added 2015/07/30 12:0 a.m.•39 views

BIOS implementations fail to properly set UEFI write protections after waking from sleep mode

Overview Multiple BIOS implementations fail to properly set write protections after waking from sleep, leading to the possibility of an arbitrary BIOS image reflash. Description According to Cornwell, Butterworth, Kovah, and Kallenberg, who reported the issue affecting certain Dell client systems...

7.2CVSS5.5AI score0.00765EPSS
Exploits0References3
CERT
CERT
•added 2015/06/15 12:0 a.m.•39 views

Retrospect Backup Client uses weak password hashing

Overview Retrospect Backup Client is a client to a network-based backup utility. This client stores passwords in a hashed format that is weak and susceptible to collision, allowing an attacker to generate a password hash collision and gain access to the target's backup files. Description CWE-916:...

5CVSS7.1AI score0.03338EPSS
Exploits1References3
CERT
CERT
•added 2015/03/20 12:0 a.m.•39 views

BIOS implementations permit unsafe SMM function calls to memory locations outside of SMRAM

Overview Multiple BIOS implementations permit unsafe System Management Mode SMM function calls to memory locations outside of SMRAM. Description Multiple BIOS implementations permit unsafe System Management Mode SMM function calls to memory locations outside of SMRAM. According to Corey Kallenber...

7.8CVSS8.1AI score0.00394EPSS
Exploits0References1
CERT
CERT
•added 2015/02/02 12:0 a.m.•39 views

SerVision HVG Video Gateway web interface contains multiple vulnerabilities

Overview SerVision HVG Video Gateway web interface contains multiple vulnerabilities affecting multiple firmware versions. Description CWE-288: Authentication Bypass Using an Alternate Path or Channel, andCWE-284: Improper Access Control - CVE-2015-0929By visiting time.htm, a user is issued a...

10CVSS7AI score0.03445EPSS
Exploits1References4
CERT
CERT
•added 2015/01/23 12:0 a.m.•39 views

LabTech contains privilege escalation vulnerability

Overview LabTech startup scripts and directories on Linux platforms are world-writeable and the scripts execute with root privileges. Description CWE-284: Improper Access Control LabTech startup scripts and directories on Linux platforms are world-writeable and the scripts execute with root...

6.8CVSS6.6AI score0.00353EPSS
Exploits0References1
CERT
CERT
•added 2015/01/05 12:0 a.m.•39 views

Tianocore UEFI implementation reclaim function vulnerable to buffer overflow

Overview The reclaim function in the Tianocore open source implementation of UEFI contains a buffer overflow vulnerability. Description The open source Tianocore project provides a reference implementation of the Unified Extensible Firmware Interface UEFI. Some commercial UEFI implementations...

6.8CVSS6.9AI score0.00405EPSS
Exploits0References4
CERT
CERT
•added 2014/08/04 12:0 a.m.•39 views

Symantec Endpoint Protection Client contains a kernel pool overflow vulnerability

Overview Symantec Endpoint Protection Client 11.x and 12.x contains a kernel pool overflow vulnerability. Description CWE-788: Access of Memory Location After End of Buffer An attacker logged into a Windows XP, Vista, 7, or 8 system as an unprivileged user is able to cause a kernel pool overflow ...

6.9CVSS6.2AI score0.01628EPSS
Exploits3References4
CERT
CERT
•added 2014/04/14 12:0 a.m.•39 views

Artiva Agency Single Sign-On (SSO) feature vulnerability

Overview Artiva Agency Single Sign-On SSO feature checks only the local Windows login name which could allow an attacker to impersonate another Artiva Agency user. Description Artiva Agency Single Sign-On SSO feature when configured with the domain name option allows the currently logged on Windo...

3.5CVSS6.2AI score0.00884EPSS
Exploits0References1
CERT
CERT
•added 2014/02/03 12:0 a.m.•39 views

Fortinet Fortiweb 5.0.3 contains a reflected cross-site scripting vulnerability

Overview Fortinet Fortiweb 5.0.3, and possibly earlier versions, contains a cross-site scripting vulnerability. CWE-79 Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' Fortinet Fortiweb 5.0.3, and possibly earlier versions, contains a cross-si...

4.3CVSS6.2AI score0.02413EPSS
Exploits1References3
CERT
CERT
•added 2014/01/09 12:0 a.m.•39 views

libpng 1.6.1 through 1.6.7 contain a null-pointer dereference vulnerability

Overview libpng versions 1.6.1 through 1.6.7 fail to reject colormapped images with empty palettes, leading to a null-pointer dereference crash in pngdoexpandpalette. Description The PNG Development Group has reported that "libpng versions 1.6.1 through 1.6.7 fail to reject colormapped images wit...

6.5CVSS7.8AI score0.04692EPSS
Exploits1References1
CERT
CERT
•added 2012/10/30 12:0 a.m.•39 views

CA ARCserve Backup authentication service denial-of-service vulnerability

Overview The CA ARCserve Backup authentication service, caauthd.exe, is susceptible to a denial-of-service vulnerability. CA ARCserve Backup r16 SP1 was reported to be vulnerable. Description The Offensive Security advisory states:By specifying an invalid field size for the encrypted username or...

5CVSS6.8AI score0.03467EPSS
Exploits0References1
CERT
CERT
•added 2012/07/24 12:0 a.m.•39 views

Symantec Web Gateway contains multiple vulnerabilities

Overview The Symantec Web Gateway management console is vulnerable to remote command execution, local file inclusion, arbitrary password changes, and SQL injection. Description The Symantec SYM12-011 advisory states:"Symantec's Web Gateway management console is susceptible to multiple security...

7.5AI score
Exploits0References1
CERT
CERT
•added 2011/11/04 12:0 a.m.•39 views

Microsoft Windows TrueType font parsing vulnerability

Overview A vulnerability in the Microsoft Windows TrueType font parsing component could allow an attacker to run arbitrary code in kernel mode. This vulnerability is reportedly being exploited by malicious software in the wild known as Duqu. Description The Microsoft Windows kernel includes a...

9.3CVSS6.5AI score0.78285EPSS
Exploits1References1
CERT
CERT
•added 2010/12/13 12:0 a.m.•39 views

ISC DHCP server vulnerability

Overview The ISC DHCP server contains a vulnerability that could allow a remote attacker to cause a denial of service. Description According to ISC:If a TCP connection is established to the server on a port which has been configured for communication with a failover peer, this can cause it to...

5CVSS6.2AI score0.07946EPSS
Exploits0References1
CERT
CERT
•added 2010/11/18 12:0 a.m.•39 views

PGP Desktop unsigned data injection vulnerability

Overview PGP Desktop 10.0.3 and earlier versions as well as 10.1.0 are vulnerable to an unsigned data injection attack. PGP Command Line versions 9.6 and greater are not affected by this vulnerability. Description The PGP Desktop user interface incorrectly displays messages with unsigned data as...

4.3CVSS6.3AI score0.01555EPSS
Exploits1References3
CERT
CERT
•added 2010/04/06 12:0 a.m.•39 views

IntelliCom NetBiter devices have default HICP passwords

Overview IntelliCom NetBiter devices ship with default passwords for the HICP network configuration service. An attacker with network access could change network settings and prevent legitimate users from accessing the HICP service. Description IntelliCom NetBiter products use the proprietary HIC...

10CVSS5.9AI score0.03361EPSS
Exploits1References4
CERT
CERT
•added 2010/01/13 12:0 a.m.•39 views

NOS Microsystems Adobe getPlus Helper ActiveX control stack buffer overflows

Overview The NOS Microsystems Adobe getPlus Helper ActiveX control contains stack buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description NOS Microsystems getPlus is download management software that is used to install Ado...

10CVSS8.9AI score0.52586EPSS
Exploits0References1
CERT
CERT
•added 2009/12/15 12:0 a.m.•39 views

Adobe Acrobat and Reader contain a use-after-free vulnerability in the JavaScript Doc.media.newPlayer method

Overview The Doc.media.newPlayer method in Adobe Acrobat and Reader contains a use-after-free vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Adobe Reader and the Adobe Acrobat family of software are designed to creat...

9.3CVSS8.7AI score0.81933EPSS
Exploits21References8
CERT
CERT
•added 2009/04/03 12:0 a.m.•39 views

Microsoft Office PowerPoint code execution vulnerability

Overview Microsoft PowerPoint contains a vulnerability. If exploited, this vulnerability could allow an attacker to execute code. Description Microsoft Powerpoint is a component of Microsoft Office. Per Microsoft Security Advisory 969136: The vulnerability is caused when Microsoft Office PowerPoi...

9.3CVSS6.7AI score0.67539EPSS
Exploits5References2
CERT
CERT
•added 2008/12/11 12:0 a.m.•39 views

Microsoft Internet Explorer data binding memory corruption vulnerability

Overview Microsoft Internet Explorer contains an invalid pointer vulnerability in its data binding code, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Internet Explorer contains an invalid pointer vulnerability in its da...

9.3CVSS7.3AI score0.66513EPSS
Exploits10References9
CERT
CERT
•added 2008/05/06 12:0 a.m.•39 views

PHP path translation vulnerability

Overview PHP contains a path translation vulnerability that may allow an attacker to execute arbitrary code. Description PHP is a scripting language that is designed for web-based applications and can be imbedded directly into HTML.PHP versions prior to 5.2.6 contain a path translation...

10CVSS9.4AI score0.10918EPSS
Exploits2References2
CERT
CERT
•added 2008/01/25 12:0 a.m.•39 views

inet_network() off-by-one buffer overflow

Overview The inetnetwork resolver function contains an off-by-one buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The inetnetwork function takes a character string representation for an internet address and returns...

10CVSS7.9AI score0.123EPSS
Exploits1References7
CERT
CERT
•added 2007/08/14 12:0 a.m.•39 views

Microsoft GDI Windows Metafile AttemptWrite integer overflow

Overview Microsoft Windows GDI contains an integer overflow in the handling of Windows metafiles, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Windows GDI Graphics Device Interface enables applications to use graphics a...

9.3CVSS7.2AI score0.54749EPSS
Exploits1References4
CERT
CERT
•added 2007/07/11 12:0 a.m.•39 views

Mozilla Firefox URL protocol handling vulnerability

Overview Mozilla Firefox protocol handlers may allow remotely supplied JavaScript to execute with elevated privileges. This may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description On Microsoft Windows systems, Mozilla Firefox installs protocol...

4.3CVSS8.4AI score0.29355EPSS
Exploits3References12
CERT
CERT
•added 2007/03/06 12:0 a.m.•39 views

Apple QuickTime 3GP integer overflow

Overview A vulnerabilty in the way Apple QuickTime processes 3GP files may allow execution of arbitrary code. Description A vulnerability exists in the way Apple QuickTime handles specially crafted 3GP files. According to Apple QuickTime 7.1.5 security document 305149:An integer overflow exists i...

9.3CVSS7AI score0.05856EPSS
Exploits1References6
CERT
CERT
•added 2007/02/13 12:0 a.m.•39 views

Microsoft HTML Help ActiveX control fails to properly validate input

Overview The Microsoft HTML Help ActiveX control fails to properly validate input, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The HTML Help Control HHCtrl Object is a Windows ActiveX control that provides the ability to view...

9.3CVSS6.6AI score0.26374EPSS
Exploits0References5
CERT
CERT
•added 2007/01/18 12:0 a.m.•39 views

Mozilla products vulnerable to privilege escalation via a JavaScript watch() function

Overview A vulnerability exists in Mozilla products that may allow a remote attacker to gain elevated privileges. Description Mozilla products contain a vulnerability in the way the JavaScript watch function is handled that may result in privilege escalation. According to the Mozilla Foundation...

6.8CVSS6.2AI score0.0283EPSS
Exploits0References13
CERT
CERT
•added 2006/11/30 12:0 a.m.•39 views

Apple AirPort driver fails to properly handle probe response frames

Overview A buffer overflow in certain Apple AirPort drivers may allow an attacker to execute arbitrary code with system privileges, or create a denial-of-service condition. Description Apple Airport products are 802.11b and 802.11g compatible wireless devices that are produced by Apple. Airport...

7.5CVSS7.6AI score0.18071EPSS
Exploits2References5
CERT
CERT
•added 2006/11/02 12:0 a.m.•39 views

Computer Associates BrightStor ARCserv and Protection Suite products RPC buffer overflow vulnerabilities

Overview Multiple vulnerabilities exist in Computer Associates backup products. If successfully exploited, these vulnerabilities may allow an attacker to execute arbitrary code. Description BrightStor ARCserve Backup is a backup and data retention tool that integrates with other BrightStor Data...

7.5CVSS7.6AI score0.78513EPSS
Exploits12References15
CERT
CERT
•added 2006/09/19 12:0 a.m.•39 views

gzip NULL dereference in huft_build()

Overview The gzip program contains a null dereference vulnerability that may allow an attacker to execute arbitrary code or create a denial-of-service condition. Description The gzip program is used to compress and decompress archived files. A null dereference vulnerability exists in gzip. An...

5CVSS6.8AI score0.03895EPSS
Exploits1References2
CERT
CERT
•added 2006/09/05 12:0 a.m.•39 views

BIND vulnerable to an INSIST failure via sending of multiple recursive queries

Overview A vulnerability in the BIND name server could allow a remote attacker to cause a denial of service against an affected system. Description The Berkeley Internet Name Domain BIND is a popular Domain Name System DNS implementation from Internet Systems Consortium ISC. A flaw exists in the...

7.7AI score
Exploits0References4
CERT
CERT
•added 2006/08/10 12:0 a.m.•39 views

Sun ONE and Sun Java System Applications vulnerable to cross-site scripting via default error page

Overview A cross-site scripting vulnerability in Sun ONE and Sun Java System Applications may allow an attacker to read or modify data in web pages and cookies. Description From Sun Alert Notification 102164: A Cross Site Scripting XSS vulnerability in various releases of the Sun Java System Web...

6.8CVSS5.2AI score0.03398EPSS
Exploits0References6
CERT
CERT
•added 2006/07/27 12:0 a.m.•39 views

Mozilla products contain a race condition

Overview Mozilla products contain a race condition. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Description The Mozilla products JavaScript garbage collection process may delete a variable while that variable is still in use. This may corrupt...

5.1CVSS6.8AI score0.04378EPSS
Exploits0References6
CERT
CERT
•added 2006/05/04 12:0 a.m.•39 views

Juniper Networks IVE client ActiveX control buffer overflow

Overview The ActiveX control used by Juniper IVE OS devices contains a buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable client. Description Juniper IVE OS is an operating system used by Juniper devices, such as the Juniper Networks Secu...

7.5CVSS7.4AI score0.67312EPSS
Exploits3References3
CERT
CERT
•added 2006/04/17 12:0 a.m.•39 views

Mozilla products vulnerable to privilege escalation via XBL.method.eval

Overview A vulnerability in the way Mozilla products and derivative programs handle certain XBL methods could allow a remote attacker to execute arbitrary code on a vulnerable system. Description The Mozilla browser and derived products include support for the Extensible Bindings Language XBL, a...

9.3CVSS6.5AI score0.08979EPSS
Exploits1References4
CERT
CERT
•added 2006/03/24 12:0 a.m.•39 views

Pubcookie login server contains cross-site scripting vulnerabilities

Overview Cross-site scripting vulnerabilities in the Pubcookie login server could allow a remote attacker to gain access to sensitive information. Description Pubcookie is a software package that provides intra-institutional single-sign-on authentication for end-users over the web. The Pubcookie...

4.3CVSS6.3AI score0.0165EPSS
Exploits0References1
Total number of security vulnerabilities3704