Lucene search
K
CertMost viewed

3704 matches found

CERT
CERT
•added 2004/08/23 12:0 a.m.•36 views

Mozilla fails to validate the DN of X.509 certificates

Overview Mozilla fails to verify that the Distinguished Name DN of an X.509 certificate is unique when importing it. A denial of service occurs when Mozilla imports a specially crafted, self-signed certificate that has the same DN as an existing Certificate Authority CA root certificate...

5CVSS6.1AI score0.03146EPSS
Exploits0References4
CERT
CERT
•added 2004/07/30 12:0 a.m.•36 views

Microsoft Internet Explorer contains an integer overflow in the processing of bitmap files

Overview A vulnerability in Microsoft Internet Explorer could allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft Internet Explorer IE is a web browser. An integer overflow vulnerability has been discovered in the way that Internet Explorer processes...

7.5CVSS7.6AI score0.38477EPSS
Exploits1References4
CERT
CERT
•added 2004/06/22 12:0 a.m.•36 views

ISC DHCP contains C Includes that define vsnprintf() to vsprintf() creating potential buffer overflow conditions

Overview The Internet Systems Consortium's ISC Dynamic Host Configuration Protocol DHCP 3 application contains a vulnerability that introduces several potential buffer overflow conditions. Exploitation of this vulnerability can cause a denial-of-service condition to the DHCP Daemon DHCPD and may...

10CVSS7.8AI score0.16773EPSS
Exploits0
CERT
CERT
•added 2004/05/21 12:0 a.m.•36 views

Apple Mac OS X help system may interpret inappropriate local script files

Overview A vulnerability has been reported in the default URI protocol handler in Apple's Mac OS X help system. Exploitation of this vulnerability may permit a remote attacker to execute arbitrary scripts on the local system. Description A vulnerability has been reported in Apple's Mac OS X...

6.7AI score
Exploits0References4
CERT
CERT
•added 2004/03/22 12:0 a.m.•36 views

Oracle Application Server Web Cache contains heap overflow vulnerability

Overview Oracle Application Server Web Cache contains a heap overflow vulnerability in the handling of client requests that could result in arbitrary code execution. Description The Oracle Web Cache acts as a reverse proxy, caching static and dynamic content generated from Oracle Application web...

10CVSS7.4AI score0.15501EPSS
Exploits0References7
CERT
CERT
•added 2004/03/15 12:0 a.m.•36 views

Apple Mac OS X "cd9660.util" buffer overflow

Overview A component utility in Apple's Mac OS X operating system suffers from a buffer overflow vulnerability in its handling of command-line arguments. This vulnerability could allow a local attacker to gain elevated privileges on the vulnerable system. Description Apple's Mac OS X operating...

7.2CVSS6.9AI score0.01292EPSS
Exploits1References1
CERT
CERT
•added 2004/02/05 12:0 a.m.•36 views

HTTP Parsing Vulnerabilities in Check Point Firewall-1

Overview Several versions of Check Point Firewall-1 contain a vulnerability that allows remote attackers to execute arbitrary code with administrative privileges. Description The HTTP Security Servers component of Check Point Firewall-1 contains an HTTP parsing vulnerability that is triggered by...

10CVSS7.3AI score0.09314EPSS
Exploits0References4
CERT
CERT
•added 2004/01/20 12:0 a.m.•36 views

Red Hat Enterprise Linux kernel-2.4.21 does not perform adequate checking of eflags when in 32-bit ptrace emulation mode

Overview Red Hat Enterprise Linux kernel prior to version 2.4.21 does not perform adequate checking of eflags when in 32-bit ptrace emulation mode. This could allow a local user to gain elevated or root privileges. Description The Linux kernel handles the basic functionality of the operating...

7.2CVSS5.9AI score0.00436EPSS
Exploits0References3
CERT
CERT
•added 2003/10/16 12:0 a.m.•36 views

Microsoft Authenticode mechanism installs ActiveX controls without prompting user

Overview A vulnerability in Microsoft's Authenticode could allow a remote attacker to install an untrusted ActiveX control on the victim's system. Description According to Microsoft Security Bulletin MS03-041:ActiveX is a technology that allows programmers to develop self-contained software modul...

7.5CVSS6.1AI score0.22932EPSS
Exploits0References2
CERT
CERT
•added 2003/09/19 12:0 a.m.•36 views

Sun Solstice AdminSuite ships with insecure default configuration

Overview The sadmind service provided on many Solaris and SunOS systems ships with an insecure default configuration that allows remote users to execute arbitrary commands with superuser root privileges. Description The Sun Microsystems Solstice AdminSuite is a graphical tool that allows Solaris...

7.3AI score
Exploits0References7
CERT
CERT
•added 2003/09/17 12:0 a.m.•36 views

Linux NFS utils package "rpc.mountd" contains off-by-one buffer overflow in xlog() function

Overview A vulnerability in the Linux NFS network File System could permit an attacker to cause a denial of service, or potentially execute arbitrary code on the system. Description The Linux NFS network File System was developed to allow machines to mount a disk partition on a remote machine as ...

10CVSS9.5AI score0.15784EPSS
Exploits1References6
CERT
CERT
•added 2003/08/19 12:0 a.m.•36 views

gtop daemon contains buffer overflow

Overview A buffer overflow exists in the gtop daemon. Description A buffer overflow in gtopd, specifically permitted, may allow a remote attacker to execute arbitrary code. For more detailed information, please see Flavio Veloso's analysis.gtop background information Many Unix systems allow only...

7.5CVSS7.2AI score0.06053EPSS
Exploits0References2
CERT
CERT
•added 2003/08/11 12:0 a.m.•36 views

Postfix vulnerable to DoS by supplying a remote SMTP listener with a malformed envelope address

Overview A denial-of-service vulnerability exists in all versions of Postfix prior to 2.0. This vulnerability may allow a remote attacker to cause mail service interruption. Description Postfix is a very popular mail transfer agent MTA. Michal Zalewski has discovered a denial-of-service...

7.1AI score
Exploits0References5
CERT
CERT
•added 2003/07/31 12:0 a.m.•36 views

Microsoft Windows RPC service vulnerable to denial of service

Overview A vulnerability exists in Microsoft's Remote Procedure Call RPC implementation. A remote attacker could exploit this vulnerability to cause a denial of service. An exploit for this vulnerability is publicly available. Description Microsoft has released MS03-039 to address a vulnerability...

7.5CVSS6.3AI score0.60799EPSS
Exploits1References2
CERT
CERT
•added 2003/07/24 12:0 a.m.•36 views

Microsoft SQL Server contains flaw in checking method for the named pipe

Overview A vulnerability in Microsoft SQL Server may allow an attacker to hijack a named pipe. An attacker may be able to leverage this vulnerability to gain elevated privileges. Description Microsoft describes a named pipe as, "a specifically named one-way or two-way channel for communication...

7.2CVSS6.4AI score0.02262EPSS
Exploits0References12
CERT
CERT
•added 2002/11/25 12:0 a.m.•36 views

SSH Secure Shell for Servers fails to remove child process from master process group

Overview A locally exploitable privilege escalation vulnerability exists in SSH Secure Shell versions 2.0.13 - 3.2.1. Description Secure Shell for Servers, developed by SSH Communications Security, does not properly remove the child process from the master process group after non-interactive...

7.7AI score
Exploits0References1
CERT
CERT
•added 2002/11/19 12:0 a.m.•36 views

The default NTFS permissions are not applied to a converted boot partition on Microsoft Windows 2000 and Windows XP systems when CONVERT.EXE is used

Overview Several commercial desktops and laptops from OEM distributors ship with insecure permissions set on files and directories. It has been confirmed that this is due to the use of Microsoft's CONVERT.EXE utility. Description Microsoft's CONVERT.EXE program is used to convert FAT32 file syste...

4.6CVSS6.8AI score0.01949EPSS
Exploits0References2
CERT
CERT
•added 2002/10/10 12:0 a.m.•36 views

ypxfrd daemon fails to properly validate user supplied arguments in "getdbm" procedure

Overview A vulnerability in the ypxfrd daemon may allow a local attacker to read arbitrary files on the vulnerable system. Description Janusz Niewiadomski, of iSEC, discovered this vulnerability and produced the following advisory.Issue: ====== Improper arguments validation in ypxfrd may allow...

5CVSS6AI score0.02238EPSS
Exploits0References2
CERT
CERT
•added 2002/09/27 12:0 a.m.•36 views

Microsoft Internet Explorer allows read access to local files via incorrect VBScript handling

Overview A vulnerability in the cross-domain frame security model of Internet Explorer may allow remote attackers to view the contents of local files when a user views a malicious web page. Description There's a vulnerability in the cross-domain frame security model of Internet Explorer that may...

5CVSS6AI score0.18223EPSS
Exploits0References3
CERT
CERT
•added 2002/09/24 12:0 a.m.•36 views

EFTP does not adequately validate user input thereby allowing directory traversal

Overview Encrypted File Transfer Program EFTP does not properly validate CWD commands, allowing authenticated users to read arbitrary directories and files. Description Encrypted File Transfer Program EFTP is an implementation of the FTP protocol using 448-bit Blowfish encryption. EFTP allows...

5CVSS6.2AI score0.0226EPSS
Exploits0References2
CERT
CERT
•added 2002/08/23 12:0 a.m.•36 views

Microsoft Windows Server Message Block (SMB) fails to properly handle SMB_COM_TRANSACTION packets requesting NetServerEnum2 transaction

Overview Microsoft Server Message Block SMB may crash when it receives a crafted SMBCOMTRANSACTION packet requesting a NetServerEnum2 transaction. Attackers can use this vulnerability to cause a denial of service. Description SMB is a protocol for sharing data and resources between computers. It ...

7.5CVSS6.6AI score0.30132EPSS
Exploits3References2
CERT
CERT
•added 2002/08/22 12:0 a.m.•36 views

Novell Netware RCONAG6 fails to validate user password when "Secure IP" is used to establish connection

Overview Novell Netware RCONAG6 allows users to gain access to the server without a password. Description Novell Netware RCONAG6 allows users to remotely administer a Novell host. A vulnerability in RCONAG6 makes it possible for a remote user to connect to the server without supplying a password...

7.5CVSS6.6AI score0.03317EPSS
Exploits0References1
CERT
CERT
•added 2002/08/16 12:0 a.m.•36 views

Microsoft Windows SQL Server allows arbitrary queries to be executed via "xp_displayparamstmt" extended procedure

Overview MS SQL Server contains an extended stored procedure with inappropriate permission settings. Description Microsoft SQL Server 7.0 and Microsoft SQL Server 2000 contain an extended stored procedure, xpdisplayparamstmt , that permits an unprivileged user of a database to gain administrative...

10CVSS6.6AI score0.46307EPSS
Exploits0References2
CERT
CERT
•added 2002/08/10 12:0 a.m.•36 views

Cisco CallManager contains memory leak

Overview The Cisco Call Manager contains a vulnerability that could permit an intruder to crash the Call Manager. Description The Cisco Call Manageris software to manage telephone calls in a mixed data and voice environment. Specifically the Cisco Call Manager "extends enterprise telephony featur...

5CVSS7.1AI score0.01771EPSS
Exploits0References4
CERT
CERT
•added 2002/07/31 12:0 a.m.•36 views

Certain implementations of SSH1 may reveal internal cryptologic state

Overview An implementation problem in at least one Secure Shell SSH product and a weakness in the PKCS11.5 public key encryption standard allows attackers to recover plaintext of messages encrypted with SSH. Description A weakness in some SSH products using the SSH1 protocol may allow an attacker...

4CVSS9.3AI score0.02501EPSS
Exploits0References2
CERT
CERT
•added 2002/06/05 12:0 a.m.•36 views

Yahoo! Messenger contains buffer overflow in "IMvironment" field

Overview Yahoo! Messenger is an instant messaging client. There is a remotely exploitable buffer overflow vulnerability in the "imv" field of Yahoo! Messenger. Description A remotely exploitable buffer overflow exists in the "imv" field that may permit a remote attacker to execute arbitrary code ...

7.5CVSS7.9AI score0.06955EPSS
Exploits0References3
CERT
CERT
•added 2002/05/06 12:0 a.m.•36 views

Sun Solaris cachefsd vulnerable to heap overflow in cfsd_calloc() function via long string of characters

Overview Sun's NFS/RPC cachefs daemon cachefsd is shipped and installed by default with Sun Solaris 2.5.1, 2.6, 7, and 8 SPARC and Intel architectures. Cachefsd caches requests for operations on remote file systems mounted via the use of NFS protocol. A remotely exploitable heap overflow exists i...

10CVSS7.1AI score0.23078EPSS
Exploits4References2
CERT
CERT
•added 2002/04/30 12:0 a.m.•36 views

rpc.rwalld contains remotely exploitable format string vulnerability

Overview rpc.rwalld is a utility that is used to send a message to all terminals of a time sharing system. A format string vulnerability may permit a remote user to execute code with the privileges of the rwall daemon. Description rpc.rwalld is a utility that listens for remote wall requests. Wal...

7.5CVSS6.3AI score0.09217EPSS
Exploits1References1
CERT
CERT
•added 2002/03/04 12:0 a.m.•36 views

Cisco IOS discloses fragments of previous packets when Express Forwarding is enabled

Overview A vulnerability exists in multiple versions of Cisco's Internetworking Operating System IOS software that allows an attacker to collect fragments of previously processed packets. Description Many networking devices running Cisco IOS with Cisco Express Forwarding CEF enabled contain a...

5CVSS6AI score0.01781EPSS
Exploits0References2
CERT
CERT
•added 2001/10/25 12:0 a.m.•36 views

Cisco IOS vulnerable to deferred DoS via SYN scan to certain TCP port ranges

Overview Cisco Internetwork Operating System IOS may reload unexpectedly after being scanned on certain ports. Description Certain versions of Cisco IOS contain a vulnerability that allows the router to enter an unstable state after receiving a connection attempt on any TCP port in the following...

5CVSS6.5AI score0.01675EPSS
Exploits0References2
CERT
CERT
•added 2001/07/29 12:0 a.m.•36 views

Cisco IOS vulnerable to DoS via crafted PPTP packet sent to port 1723/tcp

Overview Cisco IOS contains a vulnerability that allows an intruder to crash the router. Description By sending a specially crafted PPTP packet to port 1723, an intruder can crash a device running a vulnerable version of IOS. Quoting from the Cisco Advisory: By sending a crafted PPTP packet to a...

5CVSS6.7AI score0.03755EPSS
Exploits0References2
CERT
CERT
•added 2001/06/01 12:0 a.m.•36 views

RIT Research Labs The Bat! does not properly parse <CR> characters not followed by a <LF> character

Overview Due to a problem parsing carriage return/line feeds in RFC822 format mail messages, The Bat! mail client may permaturely detect the end of a mail message, causing an error to occur. This error may prevent the mail user from retrieving other mail messages until the message with the error ...

5CVSS6AI score0.03213EPSS
Exploits1References4
CERT
CERT
•added 2001/02/18 12:0 a.m.•36 views

MySQL monitor drop database command contains buffer overflow

Overview MySQL is a popular open source database package. It contains a buffer overflow in the code that processes drop database commands. Description The MySQL server, mysqld, contains a buffer overflow in the code used to process drop database requests . By carefully crafting a MySQL drop...

8.3AI score
Exploits0References4
CERT
CERT
•added 2000/11/08 12:0 a.m.•36 views

Cisco IOS software vulnerable to DoS via HTTP request containing "?/"

Overview A vulnerability exists in multiple versions of Cisco's Internetworking Operating System IOS software that allows an attacker to force affected switches and routers to crash and reboot. Description To exploit this vulnerability, the IOS HTTP interface must be enabled and the attacker must...

5CVSS6.2AI score0.04295EPSS
Exploits1References6
CERT
CERT
•added 2000/10/25 12:0 a.m.•36 views

IE 5.01 will execute VBA code contained in Access databases when triggered from HTML code contained in an IFRAME

Overview Under certain conditions, Internet Explorer can open Microsoft Access database or project files containing malicious code and execute the code without giving a user prior warning. Access files that are referenced by OBJECT tags in HTML documents can allow attackers to execute arbitrary...

7.5CVSS7.6AI score0.2477EPSS
Exploits0References6
CERT
CERT
•added 2024/10/23 12:0 a.m.•35 views

Vulnerable WiFi Alliance example code found in Arcadyan FMIMG51AX000J

Overview A command injection vulnerability has been identified in the Wi-Fi Test Suite, a tool developed by the WiFi Alliance, which has been found deployed on Arcadyan routers. This flaw allows an unauthenticated local attacker to exploit the Wi-Fi Test Suite by sending specially crafted packets...

8.8CVSS8.1AI score0.02548EPSS
Exploits1References6
CERT
CERT
•added 2022/01/20 12:0 a.m.•35 views

McAfee Agent for Windows is vulnerable to privilege escalation due to OPENSSLDIR location

Overview McAfee Agent contains a privilege escalation vulnerability due to the use of an OPENSSLDIR variable that specifies a location where an unprivileged Windows user may be able to place files. Description CVE-2022-0166 McAfee Agent, which comes with various McAfee products such as McAfee...

7.8CVSS7.9AI score0.02969EPSS
Exploits0References2
CERT
CERT
•added 2021/02/09 12:0 a.m.•35 views

Siemens Totally Integrated Automation Portal vulnerable to privilege escalation due to Node.js paths

Overview Siemens Totally Integrated Administrator TIA fails to properly set the module search path to be used by a privileged Node.js component, which can allow an unprivileged Windows user to run arbitrary code with SYSTEM privileges. The PCS neo administration console is reported to be affected...

7.8CVSS7.7AI score0.00862EPSS
Exploits0References2
CERT
CERT
•added 2019/04/08 12:0 a.m.•35 views

MyCar Controls uses hard-coded credentials

Overview The MyCar Controls mobile applications prior to v3.4.24 on iOS and prior to v4.1.2 on Android contains hard-coded admin credentials. Description MyCar is a small aftermarket telematics unit from AutoMobility Distribution Inc. MyCar add smartphone-controlled geolocation, remote start/stop...

10CVSS8AI score0.03573EPSS
Exploits0References4
CERT
CERT
•added 2016/10/04 12:0 a.m.•35 views

Animas OneTouch Ping insulin pump contains multiple vulnerabilities

Overview The Animas OneTouch Ping insulin pump contains multiple vulnerabilities that may allow an unauthenticated remote attacker to obtain patient treatment or device data, or execute commands on the device. The attacker cannot obtain personally identifiable information. Description CWE-319:...

9.8CVSS9.4AI score0.04519EPSS
Exploits0References2
CERT
CERT
•added 2015/12/21 12:0 a.m.•35 views

Juniper ScreenOS contains multiple vulnerabilities

Overview Juniper Networks ScreenOS versions 6.3.0r17 through 6.3.0r20 allows unauthorized remote administration access to the device. Juniper Networks ScreenOS versions 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20 allow for an attacker to monitor and decrypt VPN traffic. Description...

10CVSS8.3AI score0.614EPSS
Exploits7References7
CERT
CERT
•added 2015/11/23 12:0 a.m.•35 views

CSL DualCom GPRS CS2300-R alarm signalling boards contain multiple vulnerabilties

Overview CSL DualCom GPRS CS2300-R alarm signalling boards, firmware versions v1.25 to v3.53, contain multiple vulnerabilties. Description CSL DualCom GPRS CS2300-R alarm signalling boards are secure premises transmitters SPT that notify alarm receiving centers ARC when an alarm system is tripped...

7.5CVSS7.4AI score0.03212EPSS
Exploits4References6
CERT
CERT
•added 2015/10/20 12:0 a.m.•35 views

Virtual Machine Monitors (VMM) contain a memory deduplication vulnerability

Overview Multiple vendors' implementations of Virtual Machine Monitors VMM are vulnerable to a memory deduplication attack. Description As reported in the "Cross-VM ASL INtrospection CAIN" paper, an attacker with basic user rights within the attacking Virtual Machine VM can leverage memory...

3.3CVSS4.4AI score0.00942EPSS
Exploits0References1
CERT
CERT
•added 2015/09/09 12:0 a.m.•35 views

Impero Education Pro classroom management software vulnerable to remote code execution

Overview Impero Software Education Pro classroom management software is vulnerable to remote code execution via improper encryption and authentication mechanisms. Description CWE-321: Use of Hard-coded Cryptographic KeyCWE-329: Not Using a Random IV with CBC Mode - CVE-2015-5997 According to the...

10CVSS7.8AI score0.02643EPSS
Exploits0
CERT
CERT
•added 2015/02/05 12:0 a.m.•35 views

Ektron Content Management System (CMS) contains multiple vulnerabilities

Overview Ektron Content Management System CMS versions 8.5, 8.7, and 9.0 contain a XXE and a resource injection vulnerability. Description Note: A prior version of this report indicated incorrectly that Ektron CMS version 9.1 was vulnerable. The vendor indicated that the last version to ship with...

6.8CVSS6.8AI score0.22034EPSS
Exploits3References4
CERT
CERT
•added 2014/05/07 12:0 a.m.•35 views

Fortinet Fortiweb 5.1 contains a cross-site request forgery vulnerability

Overview Fortinet Fortiweb prior to version 5.2.0 do not sufficiently verify whether a valid request was intentionally provided by the user, which results in a cross-site request forgery CSRF vulnerability. CWE-352 Description CWE-352: Cross-Site Request Forgery CSRF Fortinet Fortiweb prior to...

6.8CVSS7.2AI score0.01179EPSS
Exploits1References3
CERT
CERT
•added 2014/03/06 12:0 a.m.•35 views

Huawei E355 contains a direct request vulnerability

Overview Huawei E355 USB WiFi adapter with firmware version: 21.157.37.01.910 has been reported to contain a direct request vulnerability in the web interface. CWE-425 Description Huawei E355 USB WiFi adapter with firmware version: 21.157.37.01.910 has been reported to contain a direct request...

4.3CVSS6.4AI score0.06129EPSS
Exploits5References3
CERT
CERT
•added 2014/02/18 12:0 a.m.•35 views

Belkin Wemo Home Automation devices contain multiple vulnerabilities

Overview Belkin Wemo Home Automation devices contain multiple vulnerabilities. Description CWE-321: Use of Hard-coded Cryptographic Key -CVE-2013-6952 Belkin Wemo Home Automation firmware contains a hard-coded cryptographic key and password. An attacker may be able to extract the key and password...

10CVSS7.2AI score0.03836EPSS
Exploits5References7
CERT
CERT
•added 2014/01/10 12:0 a.m.•35 views

Atmail Webmail Server version 7.1.3 contains cross-site scripting (XSS) and cross-site request forgery (CSRF) vulnerabilities

Overview Atmail Webmail Server version 7.1.3 and possibly earlier versions contain stored cross-site scripting XSS CWE-79 and cross-site request forgery CSRF CWE-352 vulnerabilities. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' -...

6.8CVSS6.1AI score0.04373EPSS
Exploits0References3
CERT
CERT
•added 2013/10/17 12:0 a.m.•35 views

SAP Sybase Adaptive Server Enterprise vulnerable to XML injection

Overview SAP Sybase Adaptive Server Enterprise Version 15.7 ESD 2 and possibly earlier versions contains an XML injection vulnerability CWE-91. Description CWE-611:Improper Restriction of XML External Entity Reference 'XXE' SAP Sybase Adaptive Server Enterprise ASE Version 15.7 ESD 2 contains an...

4CVSS6.8AI score0.08201EPSS
Exploits2References2
Total number of security vulnerabilities3704