Lucene search
K
CertMost viewed

3704 matches found

CERT
CERT
•added 2016/07/19 12:0 a.m.•36 views

Objective Systems ASN1C generates code that contains a heap overflow vulnerability

Overview ASN.1 is a standard representation of data for networking and telecommunications applications. Objective System's ASN1C compiler generates C and C++ code that may be vulnerable to heap overflow. Description CWE-122: Heap-based Buffer Overflow - CVE-2016-5080ASN1C is used to generate...

10CVSS9.3AI score0.10064EPSS
Exploits0References4
CERT
CERT
•added 2016/07/05 12:0 a.m.•36 views

Acer Portal app for Android does not properly validate SSL certificates

Overview The Acer Portal app for Android allows customers to connect to the Acer Cloud. The Acer Portal app, from version 3.9.3.2003 to 3.9.3.2006, does not properly validate SSL certificates when connecting to the Acer Cloud. Description CVE-2016-5648 - CWE-295: Improper Certificate Validation T...

5.3CVSS5.2AI score0.01173EPSS
Exploits1References1
CERT
CERT
•added 2015/12/01 12:0 a.m.•36 views

Epiphany Cardio Server is vulnerable to SQL and LDAP injection

Overview The Epiphany Cardio Server is vulnerable to SQL injection and LDAP injection, allowing an unauthenticated attacker to gain administrator rights. Description Epiphany Cardio Server was reported as being vulnerable to the following issues:CWE-89: Improper Neutralization of Special Elements...

9.8CVSS10AI score0.01875EPSS
Exploits0References3
CERT
CERT
•added 2015/07/31 12:0 a.m.•36 views

Chiyu Technology fingerprint access control contains multiple vulnerabilities

Overview Multiple models of Chiyu Technology fingerprint access control devices contain a cross-site scripting XSS vulnerability and an authentication bypass vulnerability. Description CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS- CVE-2015-2870According to t...

7.5CVSS5.8AI score0.01736EPSS
Exploits0References2
CERT
CERT
•added 2014/07/10 12:0 a.m.•36 views

Raritian PX power distribution software is vulnerable to the cipher zero attack.

Overview Raritan PX power distribution software version 01.05.08 and previous running on a model DPXR20A-16 device allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 aka cipher zero and an arbitrary password. Description CWE-287: Improper...

10CVSS7.7AI score0.02774EPSS
Exploits0References3
CERT
CERT
•added 2014/04/29 12:0 a.m.•36 views

Ignite Realtime Smack XMPP API contains multiple vulnerabilities

Overview Ignite Realtime's Smack XMPP API ServerTrustManger trusts unauthorized SSL certificates CWE-358 and IQ requests do not verify the from attribute allowing anyone to spoof IQ responses. CWE-345 Description CWE-358:Improperly Implemented Security Check for Standard- CVE-2014-0363 The...

5.8CVSS9.1AI score0.06242EPSS
Exploits0References6
CERT
CERT
•added 2014/02/03 12:0 a.m.•36 views

Fortinet FortiOS 5.0.5 contains a reflected cross-site scripting (XSS) vulnerability

Overview Fortinet FortiOS 5.0.5, and possibly earlier versions, contains a cross-site scripting vulnerability. CWE-79 Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' Fortinet FortiOS 5.0.5, and possibly earlier versions, contains a cross-site...

4.3CVSS6.2AI score0.02413EPSS
Exploits1References3
CERT
CERT
•added 2013/12/30 12:0 a.m.•36 views

RealPlayer version 16.0.3.51 contains a buffer overflow vulnerability

Overview RealPlayer version 16.0.3.51 and possibly earlier versions contain a stack-based buffer overflow vulnerability CWE-121. Description CWE-121: Stack-based Buffer Overflow RealPlayer version 16.0.3.51 and possibly earlier versions contain a stack-based buffer overflow vulnerability. The .RM...

7.5CVSS7.6AI score0.66885EPSS
Exploits4References3
CERT
CERT
•added 2013/04/02 12:0 a.m.•36 views

The TigerText Free Consumer Private Texting App (iOS) sends unencrypted user information in support requests

Overview The TigerText Free Consumer Private Texting App iOS sends unencrypted user information to TigerText support. Description The TigerText app generates an unencrypted log file containing the TigerText username and password on the device when a user taps on "Contact Customer Support." An ema...

5CVSS6.3AI score0.01308EPSS
Exploits0References2
CERT
CERT
•added 2012/12/17 12:0 a.m.•36 views

Adobe Shockwave player installs Xtras without prompting

Overview Adobe Shockwave Player installs Xtras that are signed by Adobe or Macromedia without prompting, which can allow an attacker to target vulnerabilities in older Xtras. Description Adobe Macromedia Shockwave Player is software that plays active web content developed in Macromedia and Adobe...

9.3CVSS6.5AI score0.02681EPSS
Exploits0References2
CERT
CERT
•added 2012/08/16 12:0 a.m.•36 views

Samsung and HTC android phone information disclosure vulnerability

Overview Certain Samsung and HTC android phones store user interactions to the dmesg buffer which could allow a a malicious application to derive certain user-inputted information from the phone. Description The Android operating system on certain Samsung and HTC mobile phones store certain user...

7.1CVSS6.7AI score0.01759EPSS
Exploits0References1
CERT
CERT
•added 2012/06/13 12:0 a.m.•36 views

Bradford Network Sentry v5.3 NS500 appliance contains multiple vulnerabilities

Overview Bradford Network Sentry v5.3 NS500 appliance contains multiple vulnerabilities which could allow an attacker to execute arbitrary code with the privileges of the application. Description Bradford Network Sentry v5.3 NS500 appliance contains multiple vulnerabilities:CWE-79: Improper...

6.8CVSS8.2AI score0.02073EPSS
Exploits0References6
CERT
CERT
•added 2012/05/29 12:0 a.m.•36 views

AutoFORM PDM Archive contains multiple vulnerabilities

Overview AutoFORM PDM Archive contains multiple vulnerabilities which could allow an attacker to execute arbitrary code with the privileges of the application. Description According to AutoFORM's website AutoFORM PDM Archive is a comprehensive output management solution that encompasses document...

6.5CVSS8.1AI score0.01574EPSS
Exploits0References4
CERT
CERT
•added 2011/10/13 12:0 a.m.•36 views

OneOrZero AIMS authentication bypass and SQLi vulnerabilities

Overview OneOrZero Action & Information Management System AIMS is vulnerable to an authentication bypass and SQL injection. Description According to the vendor's website:"OneOrZero AIMS is a powerful enterprise ready suite that includes a help desk, knowledge base, time manager and reporting syst...

8.2AI score
Exploits0References3
CERT
CERT
•added 2009/08/21 12:0 a.m.•36 views

Libpurple buffer overflow vulnerability

Overview The Libpurple instant messenger library contains a vulnerability that may allow an attacker to execute arbitrary code. Description Libpurple is an instant messenger IM library that is used by various programs to connect to multiple networks. Libpurple contains a buffer overflow...

10CVSS7.9AI score0.20295EPSS
Exploits8References5
CERT
CERT
•added 2008/10/02 12:0 a.m.•36 views

IPv6 implementations insecurely update Forwarding Information Base

Overview A vulnerability in some implementations of the IPv6 Neighbor Discovery Protocol may allow a nearby attacker to intercept traffic or cause congested links to become overloaded. Description IPv6 networks use the Neighbor Discovery Protocol NDP to detect and locate routers and other on-link...

6.4AI score
Exploits0References11
CERT
CERT
•added 2008/09/09 12:0 a.m.•36 views

Windows Media Encoder WMEX.DLL ActiveX Control buffer overflow

Overview The WMEX.DLL ActiveX control, which is installed by Windows Media Encoder 9 Series, contains a buffer overflow vulnerability. Description According to Microsoft, the Windows Media Encoder is a tool used to capture audio and video content using Windows Media. The WMEX.DLL ActiveX control...

9.3CVSS7.2AI score0.54553EPSS
Exploits9References3
CERT
CERT
•added 2008/04/11 12:0 a.m.•36 views

Microsoft GDI buffer overflow vulnerability

Overview The Microsoft GDI contains a buffer overflow vulnerability that may allow an attacker to execute arbitrary code. Description The Graphics Device Interface GDI is component of the Microsoft Windows user interface. Windows Metafile WMF and Enhanced Metafile EMF are image file formats...

9.3CVSS7.6AI score0.57102EPSS
Exploits1References5
CERT
CERT
•added 2008/01/08 12:0 a.m.•36 views

SSH Tectia Client and Server ssh-signer local privilege escalation

Overview The SSH Communications Security Tectia Client and Server products are vulnerable to privilege escalation, which may allow a local user to gain root access. Description The SSH Tectia Client and Server products contain an unspecified privilege escalation vulnerability in ssh-signer. A loc...

7.2CVSS6.7AI score0.00942EPSS
Exploits0References5
CERT
CERT
•added 2007/12/19 12:0 a.m.•36 views

Adobe Flash Player asfunction protocol may enable cross-site scripting

Overview The Adobe Flash player asfunction protocol could allow an attacker to conduct cross-site scripting attacks on websites that host vulnerable Flash files. Description The Adobe Flash Player is a player for the Flash media format and enables frame-based animations and multimedia to be viewe...

4.3CVSS5.4AI score0.12931EPSS
Exploits1References9
CERT
CERT
•added 2007/12/14 12:0 a.m.•36 views

Microsoft DirectX remote code execution

Overview Microsoft DirectX is vulnerable to a remote code execution vulnerability which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft DirectX is a feature of the Microsoft Windows operating system used for streaming multimedia...

9.3CVSS7.7AI score0.36234EPSS
Exploits1References1
CERT
CERT
•added 2007/11/01 12:0 a.m.•36 views

CUPS buffer overflow vulnerability

Overview The Common Unix Printing System contains a buffer overflow vulnerability. This vulnerability may allow a remote attacker to execute arbitrary code. Description The Common Unix Printing System CUPS is a printing service used by many Linux and Unix operating systems. CUPS uses a print...

10CVSS9.3AI score0.07377EPSS
Exploits1References9
CERT
CERT
•added 2007/07/27 12:0 a.m.•36 views

Microsoft Windows URI protocol handling vulnerability

Overview Microsoft Windows fails to properly handle protocols specified in a URI, which could allow a remote, unauthenticated attacker to execute arbitrary commands on a vulnerable system. Description A Uniform Resource Identifier URI is a string of characters that can be used to identify a...

9.3CVSS6.8AI score0.53831EPSS
Exploits7References12
CERT
CERT
•added 2007/07/11 12:0 a.m.•36 views

Adobe Flash Player FLV integer overflow

Overview A vulnerability in the Adobe Flash Player could allow a remote attacker to execute arbitrary code on an affected system. Description Adobe Flash Player is a player for the Flash media format and enables frame-based animations with sound to be viewed within a web browser. An integer...

9.3CVSS8AI score0.56309EPSS
Exploits0References4
CERT
CERT
•added 2007/04/09 12:0 a.m.•36 views

Internet Pictures Corporation iPIX Image Well ActiveX controls contain buffer overflows

Overview The Internet Pictures Corporation iPIX Image Well ActiveX controls contain buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Internet Pictures Corporation has produced equipment and software to create 360...

10CVSS7.3AI score0.11112EPSS
Exploits0References1
CERT
CERT
•added 2007/03/26 12:0 a.m.•36 views

file integer overflow vulnerability

Overview The file program contains a vulnerability that may allow an attacker to execute arbitrary code or create a denial-of-service condition. Description file is a program for Unix-like operating systems that is used to determine what type of data is contained in a file.file contains a buffer...

9.3CVSS8.9AI score0.12226EPSS
Exploits1References13
CERT
CERT
•added 2007/03/06 12:0 a.m.•36 views

Apple QuickTime movie heap buffer overflow vulnerability

Overview The Apple QuickTime player contains a heap buffer overflow vulnerability. This vulnerability may allow an attacker to execute arbitrary code or create a denial-of-service condition. Description Apple QuickTime contains a heap buffer overflow vulnerability. This vulnerability may allow an...

5.8CVSS7.4AI score0.06095EPSS
Exploits1References15
CERT
CERT
•added 2007/02/26 12:0 a.m.•36 views

Apple iChat fails to properly handle crafted TXT key hashes

Overview A vulnerability in the way Apple iChat handles specially crafted TXT key hashes could lead to denial of service. Description Apple iChat is an instant message client for Apple Mac OS X. Apple iChat Agent is a back-end process that manages iChat sessions and available contacts. Apple...

2.1CVSS6.2AI score0.03264EPSS
Exploits1References8
CERT
CERT
•added 2007/01/31 12:0 a.m.•36 views

Cisco IOS fails to properly handle Session Initiated Protocol packets

Overview Cisco devices that run IOS and support voice traffic fail to properly handle Session Initiated Protocol packets. Exploitation of this vulnerability may result in a denial-of-service condition. Description Cisco IOS is an operating system that is used on Cisco network devices. According t...

7.8CVSS6.4AI score0.03517EPSS
Exploits0References7
CERT
CERT
•added 2007/01/12 12:0 a.m.•36 views

CA BrightStor ARCserve Backup Tape Engine directly calls user supplied data in RPC requests

Overview The Computer Associates BrightStor ARCserve Backup Tape Engine contains a vulnerability in its Tape Engine RPC service. If successfully exploited, this vulnerability may allow a remote attacker to execute arbitrary code. Description BrightStor ARCserve Backup is a backup and data retenti...

7.5CVSS7AI score0.19776EPSS
Exploits1References3
CERT
CERT
•added 2007/01/09 12:0 a.m.•36 views

Microsoft Outlook fails to properly parse Office Saved Searches (.oss) files

Overview A vulnerability exists in the way Microsoft Outlook handles Office Saved Searches .oss. This vulnerability may allow a remote attacker to execute arbitrary code. Description Office Saved Searches .oss contain views of e-mail items that satisfy previous search criteria.Microsoft Outlook...

9.3CVSS7.3AI score0.36843EPSS
Exploits0References7
CERT
CERT
•added 2007/01/04 12:0 a.m.•36 views

Citrix ICA Client ActiveX control buffer overflow

Overview A vulnerability in an ActiveX control provided with the Citrix Presentation Server Client could allow a remote attacker to execute arbitrary code on an affected system. Description The Citrix Presentation Server Client software provides an ActiveX control that can be used to integrate th...

6.8CVSS7.3AI score0.34611EPSS
Exploits10References3
CERT
CERT
•added 2006/12/15 12:0 a.m.•36 views

Symantec Veritas NetBackup bpcd.exe CONNECT_OPTIONS buffer overflow

Overview Symantec Veritas NetBackup contains a buffer overflow vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Symantec VERITAS NetBackup is a client/server based backup software solution. The NetBackup bpcd daemon is...

10CVSS7.8AI score0.11754EPSS
Exploits0References4
CERT
CERT
•added 2006/11/30 12:0 a.m.•36 views

Apple Mac OS X ftpd may allow arbitrary users to determine account name validity

Overview Apple Mac OS X ftpd may allow arbitrary users to determine account name validity. This vulnerability may reveal protected information or allow an attacker to cause a denial-of-service condition. Description According to Apple Security Update 2006-007:When attempting to authenticate a val...

4CVSS6AI score0.0358EPSS
Exploits2References2
CERT
CERT
•added 2006/11/15 12:0 a.m.•36 views

Microsoft Internet Explorer fails to properly interpret HTML with certain layout combinations

Overview A vulnerability in the way Microsoft Internet Explorer interprets malformed Web pages may lead to execution of arbitrary code. Description Microsoft Internet Explorer contatins a vulnerabilty that could be exploited when Internet Explorer attempts to interpret specially crafted Web pages...

5.1CVSS7AI score0.24798EPSS
Exploits0References2
CERT
CERT
•added 2006/10/10 12:0 a.m.•36 views

Microsoft Excel fails to properly handle Lotus 1-2-3 files

Overview Microsoft Excel contains a vulnerability in the handling of malformed Lotus 1-2-3 files, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Excel contains an unspecified vulnerability that could be exploited when Exc...

5.1CVSS6.9AI score0.09321EPSS
Exploits0References2
CERT
CERT
•added 2006/10/10 12:0 a.m.•36 views

Microsoft PowerPoint fails to properly handle malformed data records

Overview Microsoft PowerPoint contains a vulnerability in the handling of malformed data records, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft PowerPoint contains a vulnerability that could be exploited when PowerPoint...

9.3CVSS6.8AI score0.11423EPSS
Exploits4References2
CERT
CERT
•added 2006/09/15 12:0 a.m.•36 views

Microsoft DirectAnimation Path ActiveX control fails to validate input

Overview The Microsoft DirectAnimation Path ActiveX control fails to properly validate input. This may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Microsoft DirectAnimation Path object is an ActiveX control that is used to move object...

7.6CVSS6.5AI score0.78755EPSS
Exploits3References5
CERT
CERT
•added 2006/09/14 12:0 a.m.•36 views

Apple QuickTime fails to properly handle FLC movies

Overview Apple QuickTime fails to properly handle FLC movies. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Description Apple QuickTime is multimedia software that allows users to view local and remote audio, vide...

5.1CVSS7.9AI score0.15248EPSS
Exploits1References4
CERT
CERT
•added 2006/08/08 12:0 a.m.•36 views

Microsoft Management Console cross-site scripting vulnerability

Overview Microsoft Management Console MMC is vulnerable to cross-site scripting, which may allow a remote attacker to execute arbitrary code on a vulnerable system. Description MMCMMC is an application that allows a user to perform administrative tasks. Through the use of various snap-ins, MMC ca...

6CVSS6.2AI score0.20488EPSS
Exploits0References2
CERT
CERT
•added 2006/08/08 12:0 a.m.•36 views

Microsoft Internet Explorer HTML layout rendering vulnerability

Overview Microsoft Internet Explorer fails to properly render certain HTML layout combinations. This can allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft Internet Explorer contains a vulnerability in the rendering of certain HTML layout combinations...

5.1CVSS6.9AI score0.43757EPSS
Exploits0References3
CERT
CERT
•added 2006/08/04 12:0 a.m.•36 views

Apple Mac OS X Image RAW vulnerable to buffer overflow via specially crafted Canon RAW image

Overview The Apple Mac OS X ImageIO framework contains a buffer overflow that may allow a remote attacker to execute arbitrary code on an affected system. Description RAW image files provide access to image information directly from a camera's sensor prior to in-camera processing, retaining the...

5.1CVSS7.6AI score0.03134EPSS
Exploits1References2
CERT
CERT
•added 2006/07/27 12:0 a.m.•36 views

Mozilla fails to properly handle simultaneous XPCOM events

Overview Mozilla products are vulnerable to memory corruption via simultaneous XPCOM events. This may allow a remote attacker to execute arbitrary code on a vulnerable system. Description XPCOMXPCOM is a cross-platform component object model similar to Microsoft COM or CORBA. XPCOM provides the...

7.5CVSS6.9AI score0.06305EPSS
Exploits0References8
CERT
CERT
•added 2006/07/27 12:0 a.m.•36 views

Mozilla JavaScript engine contains multiple integer overflows

Overview The Mozilla JavaScript engine contains multiple integer overflows. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Mozilla products that use the Mozilla JavaScript engine are vulnerable to integer overflows. Specifically, the...

7.5CVSS6.9AI score0.05359EPSS
Exploits0References9
CERT
CERT
•added 2006/06/29 12:0 a.m.•36 views

Microsoft Internet Explorer fails to properly handle CLSID extensions

Overview Microsoft Internet Explorer fails to properly handle directories with CLSID extensions. This may allow an attacker to bypass the warning dialog that Internet Explorer should display before executing downloaded code. Description CLSID According to Microsoft MSDN, A CLSID is a "globally...

5.1CVSS6.4AI score0.48215EPSS
Exploits1References5
CERT
CERT
•added 2006/05/15 12:0 a.m.•36 views

Apple QuickTime FlashPix integer overflow

Overview Apple QuickTime fails to properly handle FlashPix images. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service condition. Description Apple's QuickTime Player is multimedia software that allows users to view local and remo...

6.8CVSS7.5AI score0.06EPSS
Exploits0
CERT
CERT
•added 2006/05/02 12:0 a.m.•36 views

Mozilla Firefox designMode deleted object reference

Overview Mozilla Firefox contains a deleted object reference vulnerability. This may allow a remote attacker to execute arbitrary code. Description Mozilla Firefox contains a vulnerability that causes a deleted object to be referenced when designMode is set to "on." When Firefox attempts to use...

5.1CVSS7AI score0.51346EPSS
Exploits1References6
CERT
CERT
•added 2006/04/17 12:0 a.m.•36 views

Mozilla products border-rendering code vulnerability using CSS

Overview A vulnerability in the way Mozilla products and derivative programs handle certain CSS methods could allow a remote attacker to crash the application or execute arbitrary code on a vulnerable system. Description The Mozilla browser and derived products include support for Content Style...

9.3CVSS7AI score0.08251EPSS
Exploits0References1
CERT
CERT
•added 2006/04/01 12:0 a.m.•36 views

RealNetworks products vulnerable to buffer overflow via specially crafted MBC file

Overview Numerous RealNetworks products are vulnerable to a buffer overflow that may allow a remote attacker to execute arbitrary code on a vulnerable system. Description RealNetworks RealPlayer RealNetworks RealPlayer is a multimedia application that allows users to view local and remote...

9.3CVSS7.5AI score0.02947EPSS
Exploits0References6
CERT
CERT
•added 2006/03/16 12:0 a.m.•36 views

Adobe Flash products contain multiple vulnerabilities

Overview Several vulnerabilities in Adobe Macromedia Flash products may allow a remote attacker to execute arbitrary code on a vulnerable system. Description The Adobe Flash Player is a player for the Flash media format and enables frame-based animations with sound to be viewed within a web...

5.1CVSS9.5AI score0.06602EPSS
Exploits0References6
Total number of security vulnerabilities3704