Lucene search
K
CertMost viewed

3704 matches found

CERT
CERT
•added 2010/12/01 12:0 a.m.•34 views

ISC BIND named validator vulnerability

Overview ISC BIND named contains a vulnerability where under certain situations it could incorrectly mark zone data as insecure. Description According to ISC:named, acting as a DNSSEC validator, was determining if an NS RRset is insecure based on a value that could mean either that the RRset is...

6.4CVSS8.4AI score0.14503EPSS
Exploits0References2
CERT
CERT
•added 2010/11/26 12:0 a.m.•34 views

Microsoft Windows RtlQueryRegistryValues() does not adequately validate registry data

Overview Microsoft Windows does not adequately validate registry data read using the function RtlQueryRegistryValues. By modifying an EUDC registry key value, a local user could execute arbitrary code with SYSTEM privileges. Description Microsoft Windows supports end-user-defined characters EUDC ...

7.5AI score
Exploits0References7
CERT
CERT
•added 2010/10/04 12:0 a.m.•34 views

ActiveCollab permissions failure

Overview An authenticated user can view and delete projects or files that they are not assigned to. Description An authenticated user with no permission to a project can subscribe to the project, delete files, and possibly take other actions by loading a specifically crafted URL. Specific fields...

6CVSS6.3AI score0.01521EPSS
Exploits0References2
CERT
CERT
•added 2010/09/14 12:0 a.m.•34 views

Adobe Flash unspecified code execution vulnerability

Overview Adobe Flash contains an unspecified vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code. Description Adobe Flash contains a vulnerability that can result in memory corruption, which can allow arbitrary code execution. See also Adobe Security Advisory...

9.3CVSS7.6AI score0.15621EPSS
Exploits1References2
CERT
CERT
•added 2010/02/09 12:0 a.m.•34 views

Panda Security ActiveScan fails to properly validate downloaded software

Overview Panda ActiveScan fails to properly validate downloaded software, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Panda ActiveScan is an online scanner that is reported to detect malware, vulnerabilities, and unknown threats...

9.3CVSS6.8AI score0.05743EPSS
Exploits0References3
CERT
CERT
•added 2008/10/07 12:0 a.m.•34 views

Gear Software CD DVD Filter driver privilege escalation vulnerability

Overview The Gear Software CD DVD Filter driver contains a privilege escalation vulnerability, which can allow an attacker to gain SYSTEM privileges. Description Gear Software provides a driver called CD DVD Filter, which is provided by GEARAspiWDM.sys. This driver is used by multiple CD/DVD...

7.2CVSS6.9AI score0.00424EPSS
Exploits2References4
CERT
CERT
•added 2008/06/06 12:0 a.m.•34 views

HP Online Support Services ActiveX DeleteSingleFile() arbitrary file deletion

Overview The HP Online Support Services ActiveX control contains a method called DeleteSingleFile. This may allow a remote, unauthenticated attacker to remove files from a vulnerable system. Description HP Services provides online product support services including HP Instant Support. The...

5.4AI score
Exploits0References2
CERT
CERT
•added 2008/05/30 12:0 a.m.•34 views

OpenSSL Server Name extension Denial of Service

Overview A vulnerability exists in OpenSSL that may allow a remote attacker to cause a denial of service. Description OpenSSL contains a vulnerability in the way server name extension data is handled that may result in a denial of service. According to OpenSSL Security Advisory 28-Mar-2008:If...

4.3CVSS8.1AI score0.04559EPSS
Exploits1References4
CERT
CERT
•added 2008/05/27 12:0 a.m.•34 views

Creative Software AutoUpdate Engine ActiveX stack buffer overflow

Overview The Creative Labs AutoUpdate Engine ActiveX control contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Creative Software AutoUpdate Engine ActiveX control is a component that provides...

9.3CVSS6.8AI score0.41231EPSS
Exploits5References1
CERT
CERT
•added 2008/05/27 12:0 a.m.•34 views

Foxit Reader buffer overflow vulnerability

Overview Foxit Reader contains a buffer overflow vulnerability that may allow an attacker to execute arbitrary code. Description Foxit Reader is a PDF reader that is available on multiple operating systems.From the Secuia Research advisory Foxit Reader "util.printf" Buffer Overflow: S ecunia...

9.3CVSS7.7AI score0.22693EPSS
Exploits3References3
CERT
CERT
•added 2008/03/19 12:0 a.m.•34 views

X.Org PCF font parser buffer overflow

Overview A vulnerability in the X.Org server could allow a remote attacker to execute arbitrary code on an affected system. Description The X.Org project provides an open source implementation of the X Window System. The server supports bitmapped fonts in various formats, including Portable...

7.5CVSS8.8AI score0.05108EPSS
Exploits0References1
CERT
CERT
•added 2008/03/11 12:0 a.m.•34 views

RealNetworks RealPlayer ActiveX controls property heap memory corruption

Overview Multiple RealPlayer ActiveX controls fail to properly handle properties, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description RealNetworks RealPlayer provides multiple ActiveX controls to allow integration with Internet Explorer...

9.3CVSS6.7AI score0.4595EPSS
Exploits6References5
CERT
CERT
•added 2008/03/06 12:0 a.m.•34 views

Mozilla Thunderbird external-body MIME type buffer overflow

Overview Mozilla Thunderbird contains a heap-based buffer overflow which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Mozilla Thunderbird is an open source, cross-platform email and news client. Thunderbird uses Multipurpose Internet...

7.5CVSS7.1AI score0.06049EPSS
Exploits1References3
CERT
CERT
•added 2008/01/08 12:0 a.m.•34 views

Microsoft Windows LSASS privilege escalation vulnerability

Overview The Windows LSASS service contains privilege escalation vulnerability. Description The Windows Local Security Authority Subsystem Service LSASS is a process that enforces the local security policy. Per Microsoft Security Bulletin MS08-002: An elevation of privilege vulnerability exists i...

7.2CVSS6.5AI score0.02571EPSS
Exploits1References3
CERT
CERT
•added 2007/11/16 12:0 a.m.•34 views

RealNetworks player "Lyrics3" buffer overflow

Overview Multiple RealNetworks media players contain a buffer overflow which could allow a remote attacker to execute arbitrary code on an affected system. Description The RealNetworks RealPlayer and Helix Player applications allow users to view local and remote audio and video content. These...

9.3CVSS7.5AI score0.07729EPSS
Exploits0References3
CERT
CERT
•added 2007/10/13 12:0 a.m.•34 views

Cisco IOS LPD buffer overflow vulnerability

Overview The Cisco IOS Line Printer Daemon contains a buffer overflow vulnerability. If successfully exploited, this vulnerability may allow an attacker to execute arbitrary code or create a denial-of-service condition . Description The Cisco IOS includes support for the UNIX Line Printer Daemon...

9.3CVSS7.7AI score0.14682EPSS
Exploits1References5
CERT
CERT
•added 2007/09/11 12:0 a.m.•34 views

Microsoft Agent fails to properly handle specially crafted URLs

Overview Microsoft Agent fails to properly handle specially crafted URLs, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system Description Microsoft Agent is software that provides animated characters to enhance interaction with computer systems...

9.3CVSS6.4AI score0.57217EPSS
Exploits6References4
CERT
CERT
•added 2007/08/14 12:0 a.m.•34 views

IBM and Lenovo Access Support acpRunner ActiveX control fails to validate digital signatures

Overview The IBM Lenovo Access Support acpRunner ActiveX control fails to validate digital signatures, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Access Support software package for IBM and Lenovo systems includes several...

5.8CVSS6.8AI score0.0264EPSS
Exploits1References4
CERT
CERT
•added 2007/07/12 12:0 a.m.•34 views

Flash Player information disclosure vulnerability

Overview The Adobe Flash player contains an information disclosure vulnerability that affects the Konqueror and Opera web browsers. Description Konqueror is the default web browser for the KDE desktop. Opera is a web browser that is available for Windows, Linux and BSD systems.The Adobe Flash...

6.8CVSS5.6AI score0.04958EPSS
Exploits0References8
CERT
CERT
•added 2007/06/25 12:0 a.m.•34 views

Apple Safari cross-domain HTTP redirection race condition

Overview Apple Safari contains a race condition when handling HTTP redirection when updating pages. This can allow a cross-domain violation. Description Apple Safari contains a race condition when updating pages. When this race condition is used in combination with an HTTP redirection, Safari may...

4.3CVSS5.4AI score0.02551EPSS
Exploits1References5
CERT
CERT
•added 2007/06/20 12:0 a.m.•34 views

Cerulean Studios Trillian Instant Messenger fails to properly handle "UTF-8" sequences

Overview A vulnerability in Cerulean Studios Trillian Instant Messenger client may lead to execution of arbitrary code. Description Cerulean Studios Trillian Instant Messenger client fails to properly handle specially crafted UTF-8 text. A heap overflow may occur when Trillian receives a messages...

9.3CVSS6.2AI score0.06228EPSS
Exploits0References3
CERT
CERT
•added 2007/06/14 12:0 a.m.•34 views

Microsoft Windows Secure Channel integer underflow

Overview A vulnerability in Microsoft Windows Secure Channel security package may lead to execution of arbitrary code. Description Microsoft Windows Secure Channel Schannel security package implements standard network authentication protocols Secure Sockets Layer SSL and Transport Layer Security...

9.3CVSS6.1AI score0.12544EPSS
Exploits0References3
CERT
CERT
•added 2007/06/12 12:0 a.m.•34 views

Microsoft Speech API ActiveX controls contain buffer overflows

Overview The Microsoft Speech API ActiveListen and ActiveVoice ActiveX controls contain multiple buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Speech API is a software package that provides text-to-spee...

9.3CVSS7AI score0.57521EPSS
Exploits5References2
CERT
CERT
•added 2007/06/05 12:0 a.m.•34 views

E-Book Systems FlipViewer ActiveX control stack buffer overflows

Overview The E-Book Systems FlipViewer ActiveX control contains multiple stack buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description E-Book Systems FlipViewer is software for viewing "FlipBooks." FlipViewer includes an...

9.3CVSS7.1AI score0.3372EPSS
Exploits3References2
CERT
CERT
•added 2007/03/22 12:0 a.m.•34 views

McAfee ePolicy Orchestrator and ProtectionPilot ActiveX control buffer overflow vulnerability

Overview A vulnerability in an ActiveX control provided with the McAfee ePolicy Orchestrator and ProtectionPilot software could allow a remote attacker to execute arbitrary code on an affected system. Description The McAfee ePolicy Orchestrator and ProtectionPilot are applications that are design...

9.3CVSS7.3AI score0.07729EPSS
Exploits8References11
CERT
CERT
•added 2007/03/19 12:0 a.m.•34 views

Takebishi Electric DeviceXPlorer OPC Server fails to properly validate OPC server handles

Overview The Takebishi Electric DeviceXPlorer OPC server contains a vulnerability that may allow a remote attacker to execute arbitary code or cause a denial-of-service. Description OLE for Process Control OPC is a specification for a standard set of OLE COM objects for use in the process control...

10CVSS7.1AI score0.09055EPSS
Exploits0References4
CERT
CERT
•added 2007/03/05 12:0 a.m.•34 views

WordPress fails to properly sanitize input passed to the iz parameter in wp-includes/theme.php

Overview WordPress fails to properly sanitize input to the iz parameter in wp-includes/theme.php, which could allow a remote, unauthenticated attacker to execute arbitrary commands. Description WordPress is a blogging application that is written in PHP. WordPress 2.1.1 fails to properly sanitize...

7.5CVSS6.6AI score0.27006EPSS
Exploits2References4
CERT
CERT
•added 2007/01/18 12:0 a.m.•34 views

Mozilla JavaScript Engine multiple memory corruption vulnerabilities

Overview Several vulnerabilities exists in the Mozilla JavaScript Engine that may allow a remote attacker to compromise a vulnerable system. Description The Mozilla JavaScript Engine contains multiple vulnerabilities that may result in memory corruption. According to the Mozilla Foundation Securi...

6.8CVSS7.6AI score0.04292EPSS
Exploits0References22
CERT
CERT
•added 2007/01/12 12:0 a.m.•34 views

Apple Quicktime HREFTrack Cross-Zone Scripting vulnerability

Overview Web browsers running the Apple QuickTime plugin may allow remote web sites to reference content on the local filesystem. This may allow an attacker to execute script within the security context of the local machine. Description Web browser plugins that allow remote web sites to reference...

6.8CVSS5.7AI score0.05638EPSS
Exploits1References2
CERT
CERT
•added 2007/01/09 12:0 a.m.•34 views

Microsoft Excel fails to properly handle malformed IMDATA records

Overview A vulnerability in the way that Microsoft Excel handles malformed image records could allow an attacker to execute arbitrary code on a vulnerable system. Description Microsoft Excel fails to properly validate the size of IMDATA records. When a file containing a malformed IMDATA record is...

9.3CVSS7AI score0.3117EPSS
Exploits0References4
CERT
CERT
•added 2006/12/20 12:0 a.m.•34 views

Mozilla mail products vulnerable to heap buffer overflow via Content-Type headers

Overview Mozilla mail products contain a heap buffer overflow vulnerability in the way they process Content-Type headers. This may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Mozilla Thunderbird and SeaMonkey contain a buffer overflow...

6.8CVSS7.4AI score0.04208EPSS
Exploits0References6
CERT
CERT
•added 2006/11/30 12:0 a.m.•34 views

Apple Mac OS X Security Framework Secure Transport may not negotiate the best cipher available

Overview Apple Mac OS X Security Framework Secure Transport may not negotiate the best cipher available. This vulnerability may allow traffic to be weakly encrypted. Description Secure Transport refers to Apple’s implementation of SSL and TLS that is used by Mac OS X to create secure connections...

5CVSS6.1AI score0.01724EPSS
Exploits2References2
CERT
CERT
•added 2006/10/24 12:0 a.m.•34 views

Oracle DISABLE_HIERARCHY_INTERNAL procedure vulnerable to PL/SQL injection

Overview The Oracle DISABLEHIERARCHYINTERNAL procedure is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Description The Oracle DISABLEHIERARCHYINTERNAL procedure fails to...

9CVSS7.1AI score0.0302EPSS
Exploits0References3
CERT
CERT
•added 2006/10/24 12:0 a.m.•34 views

Oracle MDSYS.SDO_LRS package vulnerable to PL/SQL injection

Overview The Oracle MDSYS.SDOLRS package is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Description The Oracle MDSYS.SDOLRS package is vulnerable to PL/SQL injection...

7.1CVSS6.9AI score0.03844EPSS
Exploits0References4
CERT
CERT
•added 2006/09/27 12:0 a.m.•34 views

Cisco IOS contains buffer overflow in VTP VLAN name handling

Overview Cisco IOS fails to properly handle specially crafted VTP summary advertisement with overly long VLAN name. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Description Cisco's VLAN Trunking Protocol VTP...

7.5CVSS7.6AI score0.07365EPSS
Exploits0References4
CERT
CERT
•added 2006/08/08 12:0 a.m.•34 views

Microsoft Internet Explorer fails to properly handle chained Cascading Style Sheets

Overview Microsoft Internet Explorer fails to properly handle chained Cascading Style Sheets CSS. This can allow a remote attacker to execute arbitrary code on a vulnerable system. Description CSS is a mechanism for adding style to web documents. Microsoft Internet Explorer contains a vulnerabili...

7.5CVSS6.9AI score0.41215EPSS
Exploits0References4
CERT
CERT
•added 2006/08/01 12:0 a.m.•34 views

Mozilla Firefox fails to properly handle the "XPCNativeWrapper(window).Function(...)"

Overview Certain Mozilla products contain a cross-site scripting vulnerability because of a vulnerability in the XPCNativeWrapper function. Description XPCNativeWrapper Per Mozilla, XPCNativeWrapper is a way to wrap up an object so that it is safe to access from privileged code. It is used to all...

6.8CVSS5.9AI score0.03314EPSS
Exploits0References5
CERT
CERT
•added 2006/06/02 12:0 a.m.•34 views

Mozilla contains a buffer overflow vulnerability in crypto.signText()

Overview Mozilla products contain a buffer overflow in the crypto.signText method. This may allow a remote attacker to execute arbitrary code. Description crypto.SignText JavaScript contains a crypto.signText method, which allows the user to digitally sign a text string. The problem The Mozilla...

5CVSS7AI score0.04907EPSS
Exploits0References5
CERT
CERT
•added 2006/04/11 12:0 a.m.•34 views

Microsoft Internet Explorer fails to handle specially crafted, invalid HTML

Overview Microsoft Internet Explorer IE fails to properly handle malformed HTML. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Description IE fails to properly handle specially crafted HTML. When a specially crafted, malformed HTML file is opened...

7.5CVSS6.7AI score0.70001EPSS
Exploits0References1
CERT
CERT
•added 2006/04/11 12:0 a.m.•34 views

Microsoft Internet Explorer contains overflow in processing script action handlers

Overview A vulnerability in the Microsoft Internet Explorer web browser could allow a remote attacker to crash the browser or possibly execute arbitrary code on a vulnerable system. Description A programming error in the way that Internet Explorer handles multiple event handlers in an HTML elemen...

7.5CVSS7AI score0.61821EPSS
Exploits1References2
CERT
CERT
•added 2006/02/28 12:0 a.m.•34 views

Adobe Macromedia Shockwave Player ActiveX installer buffer overflow vulnerability

Overview The ActiveX installer for Adobe Macromedia Shockwave contains a buffer overflow, which may allow a remote unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Shockwave Player Adobe Macromedia Shockwave Player is software that plays active web content...

9.3CVSS7.4AI score0.1923EPSS
Exploits0References4
CERT
CERT
•added 2006/01/19 12:0 a.m.•34 views

Oracle Transparent Data Encryption master encryption key stored as plaintext

Overview Oracle Transparent Data Encryption master encryption key is stored as plaintext, which could allow an attacker to decrypt and read sensitive information within the database. Description Transparent Data Encryption TDE According to Oracle, Transparent Data Encryption "allows customers to...

10CVSS5.5AI score0.04863EPSS
Exploits0References3
CERT
CERT
•added 2006/01/11 12:0 a.m.•34 views

Apple QuickTime fails to properly handle corrupt TGA images

Overview Apple's QuickTime is a player for files and streaming media in a variety of different formats. A flaw in QuickTime's handling of Targa TGA image format files could allow a remote attacker to execute arbitrary code on a vulnerable system. Description Several types of overflow...

7.5CVSS7.8AI score0.25506EPSS
Exploits5References2
CERT
CERT
•added 2005/12/06 12:0 a.m.•34 views

Perl contains an integer sign error in format string processing

Overview The Perl interpreter contains a flaw that may increase the impact of format string vulnerabilities in programs written in Perl. Description Perl is a programming language used in many applications and commonly used for web applications. The Perl interpreter, which interprets and executes...

4.6CVSS8.4AI score0.01374EPSS
Exploits2References2
CERT
CERT
•added 2005/09/09 12:0 a.m.•34 views

mod_ssl fails to properly enforce client certificates authentication

Overview modssl, the Apache web server module for Secure Socket Layer SSL communications, may not properly authenticate client certificates. Description modssl provides Secure Socket Layer SSL communications for the Apache web server. SSL is designed to provide the ability to encrypt and...

10CVSS9.2AI score0.30576EPSS
Exploits0References10
CERT
CERT
•added 2005/08/17 12:0 a.m.•34 views

Apple Safari fails to perform security checks on links in rich text content

Overview Apple Safari fails to perform security checks on hyperlinks in rich text content, which may allow an attacker to execute arbitrary commands on a vulnerable system. Description Mac OS X includes the Safari web browser, which can display rich text RTF files directly. When Safari opens a ri...

7.5CVSS9.4AI score0.04767EPSS
Exploits0References2
CERT
CERT
•added 2005/08/15 12:0 a.m.•34 views

Novell eDirectory iMonitor vulnerable to buffer overflow

Overview Novell eDirectory iMonitor contains a buffer overflow that can be remotely exploited to allow execution of arbitrary code or crash an affected system. Description Novell eDirectory iMonitor is a service for monitoring servers in an eDirectory installation. A buffer overflow exists in...

7.5CVSS7.3AI score0.55424EPSS
Exploits7References5
CERT
CERT
•added 2005/08/03 12:0 a.m.•34 views

Computer Associates BrightStor ARCserve Backup Agents vulnerable to buffer overflow

Overview Several Computer Associates BrightStor ARCserve Backup Agents contain a buffer overflow, which may allow a remote attacker to execute arbitrary code. Description Computer Associates BrightStor ARCserve Backup is a cross-platform backup and recovery application. Backup Agents are availabl...

7.5CVSS7.7AI score0.66121EPSS
Exploits8References11
CERT
CERT
•added 2005/07/12 12:0 a.m.•34 views

Microsoft Color Management Module buffer overflow during profile tag validation

Overview Microsoft Color Management Module contains a flaw that may allow an attacker to execute arbitrary code. Description The Microsoft Color Management Module provides consistent color management operations between applications and devices, and transforms between colorspaces such as 'RGB' and...

7.5CVSS6.8AI score0.49922EPSS
Exploits4References3
CERT
CERT
•added 2005/06/14 12:0 a.m.•34 views

Microsoft Outlook Express vulnerable to remote code execution

Overview A vulnerability in Microsoft Outlook Express's NNTP response parsing may allow an attacker to execute arbitrary code. Description Microsoft Outlook Express contains support for Network News Transfer Protocol NNTP data, which is defined in RFC 977 and RFC 2980. A flaw in Outlook Express'...

7.5CVSS7.1AI score0.73961EPSS
Exploits8References2
Total number of security vulnerabilities3704