Lucene search
K
CertMost viewed

3704 matches found

CERT
CERT
added 2006/06/13 12:0 a.m.35 views

Microsoft IP Source Route Vulnerability

Overview A vulnerability in Microsoft Windows could allow a remote attacker to execute arbitrary code on a vulnerable system. Description Source routing is a technique to determine the network route for a packet based on information supplied by the sender in the IP packet. The TCP/IP driver in so...

9.3CVSS7.2AI score0.58027EPSS
Exploits0References1
CERT
CERT
added 2006/05/12 12:0 a.m.35 views

Apple Quicktime JPEG integer overflow

Overview Apple QuickTime fails to properly handle JPEG images. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service condition. Description Apple's QuickTime Player is multimedia software that allows users to view local and remote...

5.1CVSS7.5AI score0.03676EPSS
Exploits0References2
CERT
CERT
added 2006/05/12 12:0 a.m.35 views

Apple Safari fails to properly handle archive files containing symbolic links

Overview Apple Safari fails to properly handle archive files that contain symbolic links, which may allow a remote, unauthenticated attacker to execute arbitrary code. Description Safari Apple Safari is a web browser that comes with the Mac OS X operating system. Symbolic links Symbolic links are...

2.6CVSS7AI score0.0223EPSS
Exploits0References2
CERT
CERT
added 2006/03/14 12:0 a.m.35 views

Microsoft Excel fails to properly perform range validation when parsing document files

Overview Microsoft Excel contains an error in range validation, which may allow a remote unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Excel fails to properly validate ranges in data files. When a file with a malformed range is opened in Excel,...

6.8CVSS7AI score0.31108EPSS
Exploits0References5
CERT
CERT
added 2006/03/03 12:0 a.m.35 views

Apple Safari vulnerable to buffer overflow

Overview Apple Safari is vulnerable to a stack-based buffer overflow. This may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Safari Apple Safari is a web browser that comes with the Mac OS X operating system. The Problem Apple Safari contains a stack-based...

6.4CVSS6.9AI score0.07774EPSS
Exploits0References2
CERT
CERT
added 2006/01/11 12:0 a.m.35 views

Apple QuickTime fails to properly handle corrupt TGA images

Overview Apple's QuickTime is a player for files and streaming media in a variety of different formats. A flaw in QuickTime's handling of Targa TGA image format files could allow a remote attacker to execute arbitrary code on a vulnerable system. Description Several types of overflow...

7.5CVSS7.8AI score0.25506EPSS
Exploits5References2
CERT
CERT
added 2005/10/18 12:0 a.m.35 views

Snort Back Orifice preprocessor buffer overflow

Overview A buffer overflow exists in the Snort Back Orifice preprocessor that may allow a remote, unauthenticated attacker to execute arbitrary code, possibly with elevated privileges. Description Snort is an open-source intrusion detection system IDS. A lack of validation on attacker-controlled...

7.5CVSS7.5AI score0.83621EPSS
Exploits12References5
CERT
CERT
added 2005/08/09 12:0 a.m.35 views

Microsoft Plug and Play contains a buffer overflow vulnerability

Overview Microsoft Plug and Play contains a flaw in the handling of message buffers that may result in local or remote arbitrary code execution or denial-of-service conditions. Description The following is from the Microsoft Plug and Play description: Plug and Play PnP allows the operating system...

10CVSS7.6AI score0.93405EPSS
Exploits9References14
CERT
CERT
added 2005/08/01 12:0 a.m.35 views

Mozilla insecurely clones objects and member functions

Overview Mozilla fails to enforce security restrictions on cloned base objects. This may allow a remote attacker to execute arbitrary code on a vulnerable web browser. Description Mozilla supports the use of JavaScript to perform client side scripting. JavaScript uses prototyping as a way to...

7.5CVSS6.6AI score0.0596EPSS
Exploits1References7
CERT
CERT
added 2005/05/18 12:0 a.m.35 views

TCP does not adequately validate segments before updating timestamp value

Overview Certain TCP implementations may allow a remote attacker to arbitrarily modify host timestamp values, leading to a denial-of-service condition. Description The Transmission Control Protocol TCP is defined in RFC 793 as a means to provide reliable host-to-host transmission between hosts in...

5CVSS6.3AI score0.83284EPSS
Exploits1References3
CERT
CERT
added 2005/05/16 12:0 a.m.35 views

Apple Mac OS X chpass/chfn/chsh utilities do not properly validate external programs

Overview Apple Mac OS X Directory Service utilities use external programs insecurely, potentially allowing an attacker to execute arbitrary code. Description The OS X Directory Services have three utilities chpass, chfn, and chsh to update information in the user database, such as user name,...

7.2CVSS7AI score0.00764EPSS
Exploits0References5
CERT
CERT
added 2005/05/09 12:0 a.m.35 views

Apple Mac OS X Server Admin fails to properly restrict users from using the proxy service

Overview The Apple Mac OS X Server HTTP proxy service does not restrict access by default and may allow unintended remote users to use the service. Description Mac OS X Server includes a service to provide for HTTP proxying. The HTTP proxy service does not include any access restrictions in the...

7.5CVSS6AI score0.01307EPSS
Exploits0References2
CERT
CERT
added 2005/02/28 12:0 a.m.35 views

Gaim vulnerable to DoS via specially crafted HTML

Overview Gaim contains a flaw in HTML processing that may result in an invalid memory access and denial of service condition. Description From the Gaim project:Gaim is a multi-protocol instant messaging IM client for Linux, BSD, MacOS X, and Windows. It is compatible with AIM and ICQ Oscar...

5CVSS6AI score0.03204EPSS
Exploits0References2
CERT
CERT
added 2005/02/21 12:0 a.m.35 views

Gaim vulnerable to HTML processing denial of service

Overview Gaim contains a flaw in HTML processing that may result in an invalid memory access and denial of service condition. Description From the Gaim project:Gaim is a multi-protocol instant messaging IM client for Linux, BSD, MacOS X, and Windows. It is compatible with AIM and ICQ Oscar...

5CVSS6.2AI score0.03484EPSS
Exploits0References2
CERT
CERT
added 2005/01/31 12:0 a.m.35 views

Apple Mac OS X vulnerable to information disclosure in "Message-ID" header

Overview The Mail application supplied with Apple's Mac OS X operating system identifies the system from which any electronic mail is sent. Description Mac OS X includes the Mail application for handling electronic mail. This application does include the Media Access Control MAC address of a...

5CVSS6.3AI score0.0271EPSS
Exploits0References2
CERT
CERT
added 2005/01/11 12:0 a.m.35 views

LibTIFF vulnerable to integer overflow via corrupted directory entry count

Overview An integer overflow in LibTIFF may allow a remote attacker to execute arbitrary code. Description LibTIFF is a library used to encode and decode images in Tag Image File Format TIFF. A lack of validation on user supplied input may allow buffer overflow to occur. TIFF files contain...

7.4AI score
Exploits0References2
CERT
CERT
added 2004/10/15 12:0 a.m.35 views

Microsoft Windows Program Group Converter vulnerable to buffer overflow

Overview Microsoft Program Group Converter contains a buffer overflow that may allow an attacker to execute arbitrary code. Description Microsoft describes Program Group Converter grpconv.exe as a application to "convert Program Manager Group files .grp extention that were created in Windows 3.1,...

10CVSS7.8AI score0.49951EPSS
Exploits1References2
CERT
CERT
added 2004/10/13 12:0 a.m.35 views

Microsoft Internet Explorer vulnerable to address bar spoofing on double byte character set systems

Overview Microsoft Internet Explorer contains a vulnerability in how it processes URLs on Double Byte Character Set DBCS systems. This could allow an attacker to spoof the address of a web site. Description Microsoft Internet Explorer contains a canonicalization error when it parses special...

5CVSS7.2AI score0.32759EPSS
Exploits0References2
CERT
CERT
added 2004/10/13 12:0 a.m.35 views

Microsoft Windows contains buffer overflow in processing of WMF and EMF image files

Overview A vulnerability in the way the Microsoft Windows Graphics Rendering Engine processes certain types of image files could allow an attacker to execute arbitrary code on a vulnerable system. Description The Microsoft Windows Graphics Rendering Engine supports a number of image formats...

10CVSS7.4AI score0.62054EPSS
Exploits8References4
CERT
CERT
added 2004/03/23 12:0 a.m.35 views

util-linux login program discloses sensitive information

Overview util-linux login program uses a pointer that was previously freed and reallocated which could allow an attacker to gain access to sensitive information. Description util-linux is shipped with Red Hat and numerous other Linux distributions. It contains a collection of utility programs, su...

5CVSS6AI score0.03332EPSS
Exploits0References3
CERT
CERT
added 2004/03/09 12:0 a.m.35 views

Linux kernel do_mremap() call creates virtual memory area of 0 bytes in length

Overview There is a vulnerability in the Linux kernel memory management routines that allows local users to gain superuser privileges. Description The Linux kernel contains a vulnerability in the domremap call that allows software to create a virtual memory area VMA with a length of 0 bytes. This...

6.3AI score
Exploits0References8
CERT
CERT
added 2004/03/05 12:0 a.m.35 views

NTP service vulnerable to internal overflow if date / time offset is greater than 34 years

Overview NTP Network TIme Protocol contains an integer overflow vulnerability that may lead to clients receiving an incorrect date/time offset. Description NTP Network Time Protocol is a method by which client machines can synchronize the local date and time with a reference server. The server wi...

7AI score
Exploits0References3
CERT
CERT
added 2004/02/25 12:0 a.m.35 views

Apple Mac OS X contains a vulnerability in DiskArbitration when initializing writable removable media

Overview Apple Mac OS X contains a vulnerability in the way DiskArbitration initializes writable removable media. Description The DiskArbitration Server in Apple Mac OS X tracks new disks and provides notifications announcing their availability. There is a non-specific vulnerability identified as...

7.5CVSS6AI score0.02272EPSS
Exploits0References2
CERT
CERT
added 2004/02/05 12:0 a.m.35 views

Check Point ISAKMP vulnerable to buffer overflow via Certificate Request

Overview A buffer overflow vulnerability exists in the Internet Security Association and Key Management Protocol ISAKMP implementation used in Check Point VPN-1, SecuRemote, and SecureClient products. An unauthenticated, remote attacker could execute arbitrary code with the privileges of the ISAK...

10CVSS7.7AI score0.07623EPSS
Exploits0References9
CERT
CERT
added 2004/02/03 12:0 a.m.35 views

Apache mod_rewrite vulnerable to buffer overflow via crafted regular expression

Overview A vulnerability in a supplementary module to the Apache HTTP server could allow an attacker to execute arbitrary code on an affected web server under certain circumstances. Description The Apache HTTP server distribution includes a number of supplemental modules that provide additional...

8.1AI score
Exploits0References9
CERT
CERT
added 2003/08/26 12:0 a.m.35 views

Microsoft Windows BR549.DLL ActiveX control contains vulnerability

Overview The Microsoft Windows BR549.DLL ActiveX control, which provides support for the Windows Reporting Tool, contains an unknown vulnerability. The impact of this vulnerability is not known. Description Microsoft Security Bulletin MS03-032 briefly describes a vulnerability in the BR549.DLL...

7.5CVSS7.8AI score0.30387EPSS
Exploits0References8
CERT
CERT
added 2003/08/18 12:0 a.m.35 views

IRISconsole allows login to the "iceadmin" account with incorrect password

Overview SGI IRIS console contains a vulnerability which may allow a local attacker to gain elevated privileges. Description SGI describes IRISconsole as a "central control point that manages and monitors servers and logs their activity." A vulnerability in IRISconsole may allow a local attacker ...

7.5CVSS6.7AI score0.0175EPSS
Exploits0References3
CERT
CERT
added 2003/06/23 12:0 a.m.35 views

Cisco VPN 3000 Concentrator forces device to reload when processing malformed SSH initialization packet

Overview A vulnerability in some Cisco Virtual Private Network VPN products could allow a remote attacker to cause a denial of service. Description The Cisco VPN 3000 Series Concentrators and the Cisco VPN 3002 Hardware Clients are Virtual Private Network VPN platforms designed to provide secure...

5CVSS6.6AI score0.02131EPSS
Exploits0References2
CERT
CERT
added 2003/06/10 12:0 a.m.35 views

Sun Java Runtime Environment allows untrusted applets to access information within trusted applets

Overview The Sun Java Runtime Environment JRE contains a vulnerability that may lead to sensitive information being leaked. Description Sun Microsystems describes the Sun JRE as follows:The Java RE provides the libraries, Java virtual machine, and other components necessary for you to run applets...

7.2AI score
Exploits0References7
CERT
CERT
added 2003/04/30 12:0 a.m.35 views

ScriptLogic sets insecure permissions on "LOGS$" share

Overview Version 4.01 of ScriptLogic contains a vulnerability in the default permissions assigned to the network share used for logging. Description The ScriptLogic product from ScriptLogic, Inc. provides remote system administration capabilities for Microsoft Windows systems in a domain...

7AI score
Exploits0References1
CERT
CERT
added 2003/03/20 12:0 a.m.35 views

TCP/IP implementations handle unusual flag combinations inconsistently

Overview Various vendors' TCP/IP implementations handle packets containing unusual flag combinations in different ways, which may lead to a violation of implicit or explicit security policies. Description Background on TCP/IP Connection Semantics To establish a TCP connection, a client and server...

7.5CVSS7.4AI score0.03742EPSS
Exploits1References9
CERT
CERT
added 2002/09/27 12:0 a.m.35 views

PostNuke does not adequately validate user input thereby allowing malicious user to bypass user authentication via SQL injection

Overview PostNuke does not adequately filter user input, allowing arbitrary MySQL query execution and user authentication without password. Description PostNuke is a web content management system based on PHPNuke, written in PHP. The article.php component of PostNuke versions 0.62, 0.63, and 06.4...

7.8AI score
Exploits0References1
CERT
CERT
added 2002/09/16 12:0 a.m.35 views

X11 vulnerable to buffer overflow in handling of -xrm option

Overview The X11 library included with many UNIX variants contains a buffer-overflow vulnerability that may allow attackers to gain root privileges. Description The X11 library contains an unspecified buffer-overflow vulnerability. Programs that use this library and accept the -xrm option includi...

7.2CVSS6.8AI score0.0046EPSS
Exploits0References4
CERT
CERT
added 2002/08/08 12:0 a.m.35 views

SGI IRIX rpc.xfsmd does not filter shell metacharacters from user input before invoking popen() function

Overview The XFS journaling filesystem daemon uses a call to popen3 with unfiltered client-controlled input. This will lead to arbitrary command execution on remote systems. Description XFS is a 64-bit compliant journaling file system. The XFS journaling filesystem daemon xfsmd on SGI systems use...

10CVSS7.3AI score0.03622EPSS
Exploits0References5
CERT
CERT
added 2002/07/29 12:0 a.m.35 views

util-linux package vulnerable to privilege escalation when "ptmptmp" file is not removed properly when using "chfn" utility

Overview The util-linux package contains a race condition vulnerability that can be used to elevate privileges on the system. Description util-linux is shipped with Red Hat Linux and numerous other Linux distributions. It contains a collection of utility programs, such as fstab, mkfs, and chfn. T...

6.2CVSS5.8AI score0.00529EPSS
Exploits0References1
CERT
CERT
added 2002/05/08 12:0 a.m.35 views

ISC DHCPD contains format string vulnerability when logging DNS-update requests

Overview The DHCP daemon DHCPD is a server that is used to allocate network addresses and assign configuration parameters to dynamically configured hosts. A format string vulnerability may permit an intruder to execute code with the privileges of the DHCP daemon typically root. Description The...

10CVSS7AI score0.31139EPSS
Exploits0References3
CERT
CERT
added 2002/04/30 12:0 a.m.35 views

rpc.rwalld contains remotely exploitable format string vulnerability

Overview rpc.rwalld is a utility that is used to send a message to all terminals of a time sharing system. A format string vulnerability may permit a remote user to execute code with the privileges of the rwall daemon. Description rpc.rwalld is a utility that listens for remote wall requests. Wal...

7.5CVSS6.3AI score0.09217EPSS
Exploits1References1
CERT
CERT
added 2002/03/29 12:0 a.m.35 views

Microsoft scriptlet.typlib ActiveX object unsafe for scripting from Internet Explorer

Overview The ActiveX control "scriptlet.typlib" is incorrectly marked "safe for scripting" in Internet Explorer IE versions 4.0 and 5.0, when it is actually unsafe for scripting. Description There exists a vulnerability in the default installation of an ActiveX control named "scriptlet.typlib,"...

5.1CVSS5.6AI score0.22551EPSS
Exploits0References6
CERT
CERT
added 2002/03/29 12:0 a.m.35 views

Microsoft Internet Explorer Permits Remote Command Execution Through <OBJECT> Tag

Overview Microsoft Internet Explorer IE permits the remote execution of arbitrary commands via the tag. Description A vulnerability exists in the way that Microsoft Internet Explorer IE handles tags. If the CLASSID CLSID is unrecognized, then Internet Explorer will execute arbitrary commands...

7.5CVSS6.7AI score0.11471EPSS
Exploits0References7
CERT
CERT
added 2001/10/19 12:0 a.m.35 views

RSA Security ACE/Agent for Windows, ACE/Agent for Windows NT, and ACE/Agent for Windows 2000 do not properly handle null characters in URL

Overview RSA Security ACE/Agent for Windows, ACE/Agent for Windows NT, and ACE/Agent for Windows 2000 contain a vulnerability in which the ACE/Agent does not properly handle null characters contained in a URL. A specially crafted request may cause ACE/Agent to enter a debugging mode, possibly...

6.6AI score
Exploits0References2
CERT
CERT
added 2001/08/14 12:0 a.m.35 views

TrendMicro InterScan WebManager contains buffer overflow in RegGo.dll

Overview A remotely exploitable buffer overflow exists in Trend Micro InterScan WebManager. Description InterScan WebManager is an application that inspects http traffic flowing into a network for known malicious code. This application also has the capability to restrict access to...

7.5CVSS7.5AI score0.03364EPSS
Exploits0References2
CERT
CERT
added 2001/07/24 12:0 a.m.35 views

klogd does not adequately handle NULL byte when parsing text using LogLine( )

Overview There is a denial-of-service vulnerability in certain distributions of the Linux kernel logging daemon klogd which could allow an attacker to cause klogd to hang. Description The Linux kernel logging daemon klogd can be forced to hang if it receives a null byte in a log message from the...

5CVSS6.3AI score0.0258EPSS
Exploits0References2
CERT
CERT
added 2001/07/18 12:0 a.m.35 views

Linux kernel does not properly validate user input via sysctl for negative value

Overview Unprivileged local users can exploit the sysctl Linux kernel program to gain privileged access. Description A program called sysctl in the Linux kernel allows a privileged local user to read or write runtime system settings. Unprivileged local users are also allowed to use sysctl to read...

4.6CVSS5.5AI score0.00776EPSS
Exploits0References15
CERT
CERT
added 2001/07/17 12:0 a.m.35 views

Multiple versions of OpenLDAP are vulnerable to denial-of-service attacks

Overview Multiple versions of OpenLDAP contain vulnerabilities that may allow denial-of-service attacks. These vulnerabilities were revealed using the PROTOS LDAPv3 test suite and are documented in CERT Advisory CA-2001-18. If your site uses this product, the CERT/CC encourages you to follow the...

5CVSS6.6AI score0.04093EPSS
Exploits0References4
CERT
CERT
added 2001/06/15 12:0 a.m.35 views

Microsoft Internet Information Server (IIS) discloses contents of files via crafted request containing "+.htr"

Overview A vulnerability exists in Microsoft Internet Information Server IIS that could disclose sensitive information contained in CGI-type files. Typically a CGI/script file on a web server should only be executable and not readable to remote users. Sensitive information contained in CGI-type...

5CVSS6.4AI score0.66714EPSS
Exploits0References3
CERT
CERT
added 2001/06/08 12:0 a.m.35 views

gpm creates temporary files insecurely

Overview gpm version 1.19.3, which usually runs as root, is vulnerable due to a flaw that allows a local user to exploit a race condition to corrupt files that gpm uses. Description gpm General Purpose Mouse is a program that lets you use the mouse in console mode when not using XWindows. It is...

1.2CVSS5.9AI score0.00298EPSS
Exploits0References5
CERT
CERT
added 2001/05/17 12:0 a.m.35 views

KDE2 kdesu 'keep password' option does not verify socket listener potentially exposing su password

Overview kdesu is a interactive interface to the substitute user su command for the KDE environment. To pass authentication information, it creates a file that may be read by unauthorized users. Description kdesu communicates with su using a socket, implemented as a file in /tmp with a predictabl...

2.1CVSS6.3AI score0.00362EPSS
Exploits0References6
CERT
CERT
added 2001/05/17 12:0 a.m.35 views

Microsoft Windows 2000 Kerberos service vulnerable to DoS via repeated invalid requests

Overview A core service of Microsoft Windows 2000 domain controllers fails to correctly handle certain invalid requests. After receiving a number of invalid requests, the domain controller may have to be rebooted to return it to correct operation. A disabled domain controller can interfere with t...

5CVSS6.4AI score0.20025EPSS
Exploits0References6
CERT
CERT
added 2000/09/29 12:0 a.m.35 views

statd bounce vulnerability

Overview statd allows access to RPC services it shouldn't. Description Background rpc.statd and rpc.lockd are designed to work in conjunction with each other to manage NFS lock information in the event of a crash of an NFS client or server. The rpc service rpc.statd is a program designed to...

7.5CVSS7AI score0.04257EPSS
Exploits0References15
CERT
CERT
added 2000/09/26 12:0 a.m.35 views

Notes default ECL allows execution of unsigned code

Overview Lotus Notes prior to version 5.02, had permissive ECLs that allow for the execution of malicious mail messages. Description A Notes ECL is a list consisting of a Notes Username and a set of permissions from the following list for Notes 4.6.x: Access to file system Access to current...

7.5CVSS6.9AI score0.02988EPSS
Exploits1References5
Total number of security vulnerabilities3704