Lucene search
K
CertMost viewed

3702 matches found

CERT
CERT
•added 2006/05/30 12:0 a.m.•30 views

Symantec products vulnerable to buffer overflow

Overview Symantec products are vulnerable to a stack-based buffer overflow. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. Description Symantec Client Security and Symantec Antivirus Corporate Edition contain a stack-based buffer overflow. For informati...

10CVSS7AI score0.73558EPSS
Exploits7References5
CERT
CERT
•added 2006/03/14 12:0 a.m.•30 views

Microsoft Office routing slip buffer overflow

Overview Microsoft Office contains a buffer overflow in the parsing of routing slips, which may allow an attacker to execute arbitrary code on a vulnerable system. Description Routing slips According to Microsoft Security Bulletin MS06-012: Microsoft Office applications have the ability to add a...

5.1CVSS7.2AI score0.14205EPSS
Exploits0References2
CERT
CERT
•added 2006/01/11 12:0 a.m.•30 views

Apple QuickTime image handling buffer overflow

Overview Apple QuickTime contains a heap-based buffer overflow that may allow an attacker to execute arbitrary code or cause a denial-of-service condition. Description Apple QuickTime fails to properly validate QuickTime Images QTIF, potentially allowing a heap-based buffer overflow to occur. If ...

7.5CVSS7.5AI score0.25506EPSS
Exploits5
CERT
CERT
•added 2006/01/11 12:0 a.m.•30 views

Apple QuickTime fails to properly handle corrupt media files

Overview Apple QuickTime contains a heap overflow vulnerability in the handling of media files which may allow a remote unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system. Description Apple's QuickTime Player is multimedia software that allows...

7.5CVSS7.3AI score0.08778EPSS
Exploits0References3
CERT
CERT
•added 2005/10/26 12:0 a.m.•30 views

Skype vulnerable to heap-based buffer overflow

Overview A heap-based buffer overflow in Skype may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. Description Skype software provides telephone service over IP networks. Skype contains a buffer overflow in a routine that parses incoming network traffic...

10CVSS7.6AI score0.07295EPSS
Exploits1References3
CERT
CERT
•added 2005/08/10 12:0 a.m.•30 views

Microsoft Windows domain controller denial of service in Kerberos message handling

Overview Microsoft Windows domain controllers do not properly handle some Kerberos messages, potentially allowing a remote, authenticated attacker to cause a denial-of-service condition. Description Microsoft Windows domain controllers running Windows 2000 Server and Server 2003 use the Kerberos...

2.1CVSS6.1AI score0.06521EPSS
Exploits0References1
CERT
CERT
•added 2005/08/04 12:0 a.m.•30 views

Computer Associates BrightStor ARCserve Backup Discovery Service vulnerable to buffer overflow

Overview The Computer Associates BrightStor ARCserve Backup Discovery Service contains a buffer overflow, which may allow a remote attacker to execute arbitrary code. Description Computer Associates BrightStor ARCserve Backup is a cross-platform backup and recovery application. The ARCserve Backu...

10CVSS7.5AI score0.69727EPSS
Exploits6References4
CERT
CERT
•added 2005/06/24 12:0 a.m.•30 views

VERITAS Backup Exec remote registry access validation vulnerability

Overview VERITAS Backup Exec contains a remote registry access validation vulnerability. Description VERITAS Backup Exec is a data backup and recovery solution with support for over the network backup.An access validation vulnerability in Backup Exec for Windows allows remote attackers to access...

10CVSS6.9AI score0.54155EPSS
Exploits2References7
CERT
CERT
•added 2005/03/30 12:0 a.m.•30 views

Symantec Norton AntiVirus vulnerable to DoS via the Auto-Protect "SmartScan" feature

Overview Symantec Norton AntiVirus may hang or crash when the Auto-Protect module SmartScan feature scans a renamed file on a network share. Description Symantec Norton AntiVirus is an anti-virus product for desktop and enterprise use. The Norton AntiVirus "Auto-Protect" module provides automatic...

2.1CVSS5.8AI score0.00446EPSS
Exploits0References4
CERT
CERT
•added 2005/03/09 12:0 a.m.•30 views

ISC DHCP contains a format string vulnerabilty in errwarn.c

Overview The Internet Systems Consortium ISC Dynamic Host Configuration Protocol DHCP application contains a format string vulnerability in errwarn.c that could allow an attacker to execute arbitrary code. Description As described in RFC 2131, "The Dynamic Host Configuration Protocol DHCP provide...

10CVSS6.5AI score0.07968EPSS
Exploits0References4
CERT
CERT
•added 2005/02/25 12:0 a.m.•30 views

AWStats fails to validate input supplied to pluginmode parameter

Overview AWStats performs inadequate validation on user-controlled data that is supplied to the pluginmode parameter. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary commands. Description AWStats is a Perl CGI script that collects and graphically displays...

7.5CVSS7.1AI score0.01954EPSS
Exploits0References5
CERT
CERT
•added 2005/02/09 12:0 a.m.•30 views

Microsoft Office XP contains buffer overflow vulnerability

Overview A buffer overflow in Microsoft Office XP may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft Office XP is vulnerable to a buffer overflow. According to MS05-005, the buffer overflow exists in the process that passes URL file locations to...

7.5CVSS7.4AI score0.27489EPSS
Exploits0References1
CERT
CERT
•added 2005/02/08 12:0 a.m.•30 views

Microsoft OLE buffer overflow

Overview A vulnerability in a way that various programs handle OLE objects could allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft OLE is a technology that allows applications to create and edit compound documents. Compound documents are those...

7.5CVSS7.4AI score0.33206EPSS
Exploits0References1
CERT
CERT
•added 2005/01/14 12:0 a.m.•30 views

Apple iTunes fails to properly handle overly long URLs in playlists

Overview A buffer overflow vulnerability in iTunes could allow a remote attacker to execute arbitrary code. Description Apple iTunes is a digital media player available for the Microsoft Windows and Mac OS X operating systems. It supports a variety of playlist formats including .m3u and .pls. A...

7.5CVSS7.5AI score0.69005EPSS
Exploits4References3
CERT
CERT
•added 2004/11/12 12:0 a.m.•30 views

Archive::Zip may not properly parse the file sizes of Zip archives

Overview Archive::Zip does not properly parse Zip files and may incorrectly interpret malformed zip archives to contain zero length/size files. As a a result, anti-virus software using Archive::Zip may fail to detect malicious content within a Zip archive. Description The Archive::Zip module allo...

7.9AI score
Exploits0References3
CERT
CERT
•added 2004/09/16 12:0 a.m.•30 views

cdrecord fails to set proper permissions on programs specified in RSH environment variable

Overview Cdrecord can call external programs specified by the RSH environment variable. This may permit a malicious local user to gain elevated privileges. Description Cdrecord is an application used to create data or audio compact discs. Cdrecord permits the use of CD recorders on remote machine...

7.2CVSS6.8AI score0.01725EPSS
Exploits1References3
CERT
CERT
•added 2004/05/03 12:0 a.m.•30 views

Apple QuickTime contains an integer overflow in the "QuickTime.qts" extension

Overview Apple QuickTime contains an integer overflow vulnerability in the "QuickTime.qts" extension, which could result in arbitrary code execution. Description Apple's QuickTime Player is a player that allow users to view local and remote audio/video content. Other applications, such as web...

5.1CVSS7.3AI score0.03243EPSS
Exploits0References5
CERT
CERT
•added 2004/04/14 12:0 a.m.•30 views

Microsoft Windows H.323 implementation fails to handle malformed requests

Overview A vulnerabilities in Microsoft Windows' implementation of the multimedia telephony protocol H.323 could lead to the ability to remotely execute arbitrary code on the system. Description Microsoft Windows' implementation of the H.323 protocol contains a buffer overflow in the handling of...

7.5CVSS7.9AI score0.26377EPSS
Exploits0References1
CERT
CERT
•added 2004/04/14 12:0 a.m.•30 views

Microsoft Windows creates COM object identifiers incorrectly

Overview A vulnerability exists in Microsoft's COM object component. Explotiation of this vulnerability may lead to information disclosure and the ability for an attacker to open services on network communication ports. Description Microsoft's COM object component creates object identifiers in a...

2.6CVSS5.8AI score0.21337EPSS
Exploits0References1
CERT
CERT
•added 2003/10/30 12:0 a.m.•30 views

Avaya Argent Office vulnerable to denial of service via malformed DNS packets

Overview The Avaya Argent Office reboots in response to certain malformed DNS packets, resulting in a denial of service condition. Description The Avaya Argent Office reboots when a packet with an empty payload is sent to UDP port 53 DNS on its internal interface. By sending repeated packets to...

6.9AI score
Exploits0
CERT
CERT
•added 2003/10/29 12:0 a.m.•30 views

ProFTPD fails to properly handle newline characters when transferring files in ASCII mode

Overview ProFTPD is a popular free File Transfer Protocol FTP server package. A vulnerability in its handling of files transferred in ASCII mode can allow an attacker to compromise the system running the server. Description The File Transfer Protocol FTP described in RFC959 defines operations for...

9CVSS7.6AI score0.55119EPSS
Exploits0References2
CERT
CERT
•added 2003/10/03 12:0 a.m.•30 views

SSH Communications Secure Shell vulnerable to DoS via malformed BER/DER packet

Overview SSH Communications' Secure Shell contains vulnerabilities in ASN.1 libraries that may allow remote attackers to cause a denial-of-service situation, or potentially execute arbitrary code on the server. Description SSH Communications' Secure Shell contains a vulnerability in the decoding ...

8.9AI score
Exploits0References2
CERT
CERT
•added 2003/09/15 12:0 a.m.•30 views

Microsoft Visual Basic for Applications (VBA) does not adequately validate document properties

Overview Microsoft Visual Basic for Applications VBA contains a buffer overflow when validating document properties. This vulnerability could allow an attacker to execute arbitrary code with the privileges of the user running VBA. Description From Microsoft Security Bulletin MS03-037:Microsoft VB...

10CVSS7.3AI score0.54873EPSS
Exploits1References5
CERT
CERT
•added 2003/09/15 12:0 a.m.•30 views

MySQL fails to validate length of password field

Overview A vulnerability in MySQL could permit a malicious user to execute arbitrary code on the system. Description MySQL is a database system. MySQL contains a buffer overflow vulnerability in the processing of the password field of the MySQL database, specifically "SET PASSWORD". A malicious...

9CVSS7.2AI score0.74577EPSS
Exploits1References2
CERT
CERT
•added 2003/08/25 12:0 a.m.•30 views

Microsoft Internet Explorer does not properly evaluate "application/hta" MIME type referenced by DATA attribute of OBJECT element

Overview Microsoft Internet Explorer IE will execute an HTML Application HTA referenced by the DATA attribute of an OBJECT element if the Content-Type header returned by the web server is set to "application/hta". An attacker could exploit this vulnerability to execute arbitrary code with the...

7.3AI score
Exploits0References26
CERT
CERT
•added 2003/06/04 12:0 a.m.•30 views

Sun Ray Smartcard reader may leave desktop session open when card is quickly removed

Overview The Sun Ray Smartcard reader fails to properly detect a "quick removal, reinsertion and removal of a Smartcard." Description The Sun Ray is a thin client computing device designed to process user input and output, and provide access to computing services hosted by a server. Authenticatio...

6.9AI score
Exploits0References3
CERT
CERT
•added 2003/05/20 12:0 a.m.•30 views

GnuPG contains flaw in key validation code

Overview A vulnerability in GnuPG may cause keys with multiple user ID's to give other user IDs on the key a false amount of validity. Description From the GnuPG homepage:GnuPG stands for GNU Privacy Guard and is GNU's tool for secure communication and data storage. It can be used to encrypt data...

10CVSS5.9AI score0.06558EPSS
Exploits0References4
CERT
CERT
•added 2003/05/04 12:0 a.m.•30 views

pam_xauth may insecurely forward "X MIT-Magic-Cookies" to new sessions

Overview A vulnerability exists in pamxauth that may allow a local attacker to gain access to an administrator's X session. Description pamxauth is used to forward xauth keys or cookies between users. From the pamxauth man page:Without pamxauth, when xauth is enabled and a user uses the su comman...

7.2CVSS6AI score0.00431EPSS
Exploits0References3
CERT
CERT
•added 2003/04/24 12:0 a.m.•30 views

Buffer Overflow in URLMON.DLL

Overview A buffer overflow in URLMON.DDL may allow an intruder to execute arbitrary code. Description URLMON.DLL is a library used by Microsoft Internet Explorer. It contains a buffer overflow that could allow an intruder to execute arbitrary code if the intruder can convince the victim to visit ...

7.5CVSS8AI score0.39367EPSS
Exploits0References2
CERT
CERT
•added 2003/04/01 12:0 a.m.•30 views

Apple QuickTime Player for Windows contains buffer overflow in processing of overly long QuickTime URLs

Overview Apple's QuickTime Player is a player for files and streaming media in the QuickTime format. Versions of the player are available for both the Microsoft Windows and Apple MacOS platforms. A flaw in the version for Windows could allow a remote attacker to execute arbitrary code on a...

7.5CVSS7.2AI score0.09281EPSS
Exploits1References1
CERT
CERT
•added 2002/12/11 12:0 a.m.•30 views

Cobalt RaQ Server Appliances contains vulnerability allowing remote root compromise

Overview A remotely exploitable vulnerability exists in Cobalt RaQ Server Appliances with the Security Hardening Package SHP installed. Description The Cobalt RaQ is a Sun Server Appliance. Sun describes the Cobalt RaQ as follows:The Cobalt RaQTM4 is a server appliance that provides a dedicated...

10CVSS7.6AI score0.11873EPSS
Exploits0References9
CERT
CERT
•added 2002/11/20 12:0 a.m.•30 views

Microsoft Windows Data Access Components contains heap overflow in Data Stubs when parsing a malformed HTTP request

Overview A vulnerability in the Microsoft Data Access Components MDAC could lead to remote execution of code with the privileges of the current process, or user. Description Microsoft Data Access Components MDAC is a collection of utilities and routines to process requests between databases and...

7.5CVSS7.4AI score0.76004EPSS
Exploits5References4
CERT
CERT
•added 2002/10/11 12:0 a.m.•30 views

Microsoft Java implementation allows execution of malicious code

Overview A class in Microsoft's Java virtual machine VM does not properly validate trusted applets, allowing untrusted applets to exploit native methods and execute arbitrary code. Description Microsoft's Java VM is installed on Windows 98, NT, 2000, and xp. It is used by Internet Explorer and...

7.5CVSS7.1AI score0.19841EPSS
Exploits0References2
CERT
CERT
•added 2002/09/27 12:0 a.m.•30 views

Microsoft Word does not adequately validate macros embedded within malformed Word documents

Overview There is a vulnerability caused by a failure to detect macros embedded in Microsoft Word documents. This vulnerability may allow the author of a malicious document to execute arbitrary commands as the user who opens the document. Description Microsoft Word versions including Word 2002,...

4.6CVSS7.1AI score0.01668EPSS
Exploits0References1
CERT
CERT
•added 2002/06/25 12:0 a.m.•30 views

Microsoft SQLXML HTTP components vulnerable to cross-site scripting via root parameter

Overview A cross-site scripting vulnerability exists in the Microsoft SQLXML HTTP components. This vulnerability could allow an attacker to execute script on a victim's system with the victim's privileges. Description Microsoft SQL Server 2000 includes a feature called SQLXML that allows the serv...

7.5CVSS6.1AI score0.13893EPSS
Exploits0References4
CERT
CERT
•added 2002/06/07 12:0 a.m.•30 views

tcpdump vulnerable to buffer overflow via improper decoding of AFS RPC (Rx) packets

Overview A vulnerability exists in tcpdump that could allow an attacker to execute arbitrary code with the privileges of tcpdump, typically root. Description tcpdump is a widely-used network sniffer that is capable of decoding AFS traffic. A buffer overflow vulnerability has been discovered in...

7.5CVSS7.9AI score0.04784EPSS
Exploits0References4
CERT
CERT
•added 2002/05/16 12:0 a.m.•30 views

Nortel Networks CVX 1800 discloses privileged information

Overview The Nortel Networks CVX 1800 Multi-Service Access Switch discloses privileged information. Description The CVX 1800 Multi-Service Access Switch is a large modem bank typically used by large carriers and ISP's. When the CVX 1800 is queried with a specially crafted snmpwalk, it will respon...

7.5CVSS6.3AI score0.19903EPSS
Exploits1References3
CERT
CERT
•added 2002/04/10 12:0 a.m.•30 views

Microsoft Internet Information Server (IIS) contains cross-site scripting vulnerability in redirect response messages

Overview Visitors to web sites that use Microsoft IIS and also issue redirect response messages are vulnerable to cross-site scripting attacks. Description Cross-site scripting is a form of attack in which an intruder leverages the trust between a victim and a web-site the victim trusts. Quoting...

7.5CVSS6AI score0.31027EPSS
Exploits0References2
CERT
CERT
•added 2002/01/31 12:0 a.m.•30 views

Novell Groupwise contains protocol implementation vulnerability allowing email to be viewed by unauthorized user

Overview Novell GroupWise is an email storage program. Email is encrypted when stored. Usernames and passwords can be acquired by sniffing communications between the client and server. Description In Novell GroupWise email is stored as encrypted data. Clients and servers operating in Live Remote ...

5CVSS5.9AI score0.01869EPSS
Exploits0References3
CERT
CERT
•added 2001/12/04 12:0 a.m.•30 views

OpenSSH UseLogin directive permits privilege escalation

Overview OpenSSH is an implementation of the Secure Shell protocol. When OpenSSH is configured with the UseLogin directive equal to "yes", an intruder can execute arbitrary code with the privileges of OpenSSH, usually root. Description OpenSSH contains a vulnerability that permits an intruder to...

7.5AI score
Exploits0References3
CERT
CERT
•added 2001/11/29 12:0 a.m.•30 views

WU-FTPD configured to use RFC 931 authentication running in debug mode contains format string vulnerability

Overview WU-FTPD contains a format string vulnerability that manifests when WU-FTPD is configured to use RFC 931 authentication and is run in debug mode. A crafted identd response could be used to execute arbitrary code on a vulnerable server. Description A format string vulnerability exists in t...

10CVSS7.4AI score0.05669EPSS
Exploits1References3
CERT
CERT
•added 2001/11/19 12:0 a.m.•30 views

Compaq web-enabled management software buffer overflow vulnerability

Overview The Compaq web-enabled management software contains a buffer overflow. Remote intruders may be able to execute arbitrary code with privileges on affected systems. Many Compaq products are affected, from personal computers to commercial UNIX operating systems. Description The Compaq...

4.6CVSS7.3AI score0.00405EPSS
Exploits0References4
CERT
CERT
•added 2001/11/15 12:0 a.m.•30 views

BIND memcpy not bounded in case T_SIG of rrextract()

Overview Version 8.2.2 of BIND current circa November 1999 contained a buffer overflow in the routine that converts records from network format to database format. Description Version 8.2.2 of BIND includes some checks for the correct format of a signature record in DNSSEC that previous versions...

10CVSS6.8AI score0.01456EPSS
Exploits0References3
CERT
CERT
•added 2001/11/15 12:0 a.m.•30 views

HP Tru64 UNIX "msgchk" contains buffer overflow (SSRT2275)

Overview msgchk, a part of the MH mail system, reportedly suffers from a buffer overflow with respect to the name of the inbox to be checked for new mail. This overflow would allow the user of msgchk to execute arbitrary code. Description msgchk is the portion of the MH mail system that checks fo...

7.2CVSS7.8AI score0.01306EPSS
Exploits1References1
CERT
CERT
•added 2001/10/26 12:0 a.m.•30 views

OpenSSL PRNG contains design flaw that allows a user to determine internal state and predict future output

Overview The pseudorandom number generator PRNG in OpenSSL has a weakness that allows an attacker to determine its internal state and subsequently determine its future output values. Description OpenSSL's PRNG hashes an internal state to produce output values, which are supposed to be pseudorando...

5CVSS6AI score0.04988EPSS
Exploits0References2
CERT
CERT
•added 2001/10/16 12:0 a.m.•30 views

lpd allows options to be passed to sendmail

Overview The line printer daemon enables various clients to share printers over a network. There exists a vulnerability in this daemon that permits an intruder to send options to sendmail. Description The line printer daemon enables various clients to share printers over a network. There exists a...

7.2CVSS6.1AI score0.00368EPSS
Exploits0References3
CERT
CERT
•added 2001/10/09 12:0 a.m.•30 views

SCO OpenServer/UnixWare vi creates temporary files insecurely

Overview The implementation of vi, a text editor, provided with SCO Openunix creates insecure temporary files with predictable names. Using a symbolic link attack, an intruder can overwrite any file writable by the user of vi. Description vi is a screen-oriented text editor. The implementation...

3.7CVSS6.3AI score0.00424EPSS
Exploits1References2
CERT
CERT
•added 2001/09/20 12:0 a.m.•30 views

Cisco 6400 Access Concentrator Node Route Processor 2 (NRP2) module permits telnet access when no password has been set

Overview The Cisco 6400 Access Concentrator Node Route Processor 2 NRP2 module permits unauthenticated telnet access when no password has been set. Description The Access Concentrator Node Route Processor is a router blade for the Cisco 6400. It's purpose is to aggregate and terminate incoming...

7.5CVSS7.3AI score0.02514EPSS
Exploits1References3
CERT
CERT
•added 2001/08/27 12:0 a.m.•30 views

Cayman gateways vulnerable to a denial of service via oversized ICMP echo (ping) requests.

Overview Cayman gateways vulnerable to a denial of service via oversized ICMP echo ping requests. Installing the newest version of the vendor software will resolve this vulnerability. Description Cayman gateways running versions 5.5 Build R0, 5.3 Build R2, 5.3 Build R1 are vulnerable to an...

5CVSS6.4AI score0.02526EPSS
Exploits0References1
CERT
CERT
•added 2001/06/01 12:0 a.m.•30 views

Hewlett-Packard MPE/iX NM Debug does not always handle breakpoints correctly

Overview There is a problem in the NM Debug facility of MPE/iX that allows users to gain unauthorized privileges. Description The problem affects HP3000 systems running MPE/iX versions 5.5 through 6.5. HP has published a security bulletin describing the solution to this vulnerability...

7.2CVSS6.2AI score0.00509EPSS
Exploits0
Total number of security vulnerabilities3702