Lucene search
K
CertMost viewed

3702 matches found

CERT
CERT
added 2012/11/20 12:0 a.m.69 views

Autonomy Keyview IDOL contains multiple vulnerabilities in file parsers

Overview Autonomy Keyview IDOL contains multiple vulnerabilities in file parsers. These vulnerabilities could allow a remote attacker to execute arbitrary code on an affected system. Description Autonomy Keyview IDOL is a set of libraries that can decode over 1,000 different file formats. The...

9.3CVSS8.2AI score0.08119EPSS
Exploits0References13
CERT
CERT
added 2012/04/24 12:0 a.m.69 views

RuggedCom Rugged Operating System (ROS) contains hard-coded user account with predictable password

Overview RuggedCom Rugged Operating System ROS contains a hard-coded user account with a predictable password. Description RuggedCom Rugged Operating System ROS, used in RuggedCom network infrastructure devices, contains a hard-coded user account named "factory" that cannot be disabled. The...

8.5CVSS6.2AI score0.49114EPSS
Exploits8References10
CERT
CERT
added 2012/02/20 12:0 a.m.69 views

HP StorageWorks P2000 G3 directory traversal vulnerability

Overview HP StorageWorks P2000 G3 contains a directory traversal vulnerability which may allow a remote, unauthenticated attacker to obtain sensitive information. Description HP StorageWorks P2000 G3 contains an embedded webserver which is vulnerable to a directory traversal vulnerability which m...

7.8CVSS5.7AI score0.05262EPSS
Exploits0References5
CERT
CERT
added 2008/01/31 12:0 a.m.69 views

Liferay Portal User Profile Greeting stored XSS

Overview Liferay Portal fails to properly validate the User Profile "Greeting" value, which can allow script to execute when a user logs into the portal. Description Liferay Portal is an enterprise portal solution that uses Java technologies. The User Profile "Greeting" value of Liferay Portal...

4.3CVSS6.1AI score0.01338EPSS
Exploits0References2
CERT
CERT
added 2006/08/15 12:0 a.m.69 views

MIT Kerberos (krb5) ftpd and ksu do not properly validate seteuid() calls

Overview Privilege escalation vulnerabilities in MIT krb5 ftpd and ksu may allow an authenticated attacker to execute arbitrary code. Description The MIT krb 5 ftpd and ksu programs contain multiple privilege escalation vulnerabilities. These vulnerabilities are dependent on the host operating...

9.4AI score
Exploits0References1
CERT
CERT
added 2005/01/12 12:0 a.m.69 views

Microsoft Windows HTML Help ActiveX control does not adequately validate window source

Overview The Microsoft Windows HTML Help ActiveX control contains a cross-domain vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary commands or code with the privileges of the user running the control. The HTML Help control can be instantiated by an HTML...

5CVSS6.7AI score0.44984EPSS
Exploits1References22
CERT
CERT
added 2002/07/30 12:0 a.m.69 views

OpenSSL servers contain a remotely exploitable buffer overflow vulnerability during the SSL3 handshake process

Overview OpenSSL is an open-source implementation of the Secure Sockets Layer SSL protocol. A remotely exploitable vulnerability exists in OpenSSL servers that could lead to the execution of arbitrary code on the system Description Servers running OpenSSL pre-release version 0.9.7 with Kerberos...

9.6AI score
Exploits0References2
CERT
CERT
added 2021/05/24 12:0 a.m.68 views

Devices supporting Bluetooth Core and Mesh Specifications are vulnerable to impersonation attacks and AuthValue disclosure

Overview Devices supporting the Bluetooth Core and Mesh Specifications are vulnerable to impersonation attacks and AuthValue disclosure that could allow an attacker to impersonate a legitimate device during pairing. Description The Bluetooth Core Specification and Mesh Profile Specification are t...

8.8CVSS7.3AI score0.00907EPSS
Exploits1References12
CERT
CERT
added 2020/03/19 12:0 a.m.68 views

Machine learning classifiers trained via gradient descent are vulnerable to arbitrary misclassification attack

Overview Machine learning models trained using gradient descent can be forced to make arbitrary misclassifications by an attacker that can influence the items to be classified. The impact of a misclassification varies widely depending on the ML model's purpose and of what systems it is a part...

6.6AI score
Exploits0References11
CERT
CERT
added 2016/03/17 12:0 a.m.68 views

Solarwinds Dameware Remote Mini Controller Windows service is vulnerable to stack buffer overflow

Overview The Solarwinds Dameware Remote Mini Controller Windows service is vulnerable to stack buffer overflow. Description CWE-121: Stack-based Buffer Overflow - CVE-2016-2345Solarwinds Dameware Remote Mini Controller is a software for assisting in remote desktop connections for helpdesk support...

10CVSS9.8AI score0.51215EPSS
Exploits4References2
CERT
CERT
added 2013/10/17 12:0 a.m.68 views

Oracle Outside In OS/2 Metafile parser stack buffer overflow

Overview Oracle Outside In contains a stack buffer overflow vulnerability in the OS/2 Metafile parser, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Oracle Outside In is a set of libraries that can decode over 500 different file...

1.5CVSS7AI score0.0047EPSS
Exploits1References2
CERT
CERT
added 2005/02/04 12:0 a.m.68 views

Single crafted HTTP request may result in multiple responses

Overview Some HTTP handling devices are vulnerable to a flaw which may allow a specially crafted request to elicit multiple responses, some of which may be controlled by the attacker. These attacks may result in cache poisoning, information leakage, cross-site scripting, and other outcomes...

4.3CVSS3.2AI score0.29784EPSS
Exploits4References4
CERT
CERT
added 2003/03/17 12:0 a.m.68 views

Buffer Overflow in Core Microsoft Windows DLL

Overview A buffer overflow vulnerability exists in the Win32 API libraries shipped with all versions of Microsoft Windows XP, Microsoft Windows 2000, Microsoft Windows NT 4.0, and Microsoft Windows NT 4.0 Terminal Server Edition. This vulnerability, which is being actively exploited on...

7.5CVSS7.2AI score0.86396EPSS
Exploits13References13
CERT
CERT
added 2002/03/11 12:0 a.m.68 views

Double Free Bug in zlib Compression Library Corrupts malloc's Internal Data Structures

Overview There is a bug in the zlib compression library that may manifest itself as a vulnerability in programs that are linked with zlib. This may allow an attacker to conduct a denial-of-service attack, gather information, or execute arbitrary code. It is important to note that the CERT/CC has...

9.8CVSS9.8AI score0.09511EPSS
Exploits0References8
CERT
CERT
added 2024/07/09 12:0 a.m.67 views

RADIUS protocol susceptible to forgery attacks.

Overview A vulnerability in the RADIUS protocol allows an attacker allows an attacker to forge an authentication response in cases where a Message-Authenticator attribute is not required or enforced. This vulnerability results from a cryptographically insecure integrity check when validating...

9CVSS8.2AI score0.14859EPSS
Exploits2References4
CERT
CERT
added 2022/04/28 12:0 a.m.67 views

Tychon is vulnerable to privilege escalation due to OPENSSLDIR location

Overview Tychon contains a privilege escalation vulnerability due to the use of an OPENSSLDIR variable that specifies a location where an unprivileged Windows user may be able to place files. Description Tychon includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory...

8.8CVSS8AI score0.00764EPSS
Exploits0
CERT
CERT
added 2020/05/18 12:0 a.m.67 views

Bluetooth devices supporting BR/EDR are vulnerable to impersonation attacks

Overview Bluetooth Basic Rate / Enhanced Data Rate BR/EDR Core Configurations are used for low-power short-range communications. To establish an encrypted connection, two Bluetooth devices must pair with each other using a link key. It is possible for an unauthenticated, adjacent attacker to...

5.4CVSS6.9AI score0.02386EPSS
Exploits2References7
CERT
CERT
added 2020/01/31 12:0 a.m.67 views

OpenSMTPD vulnerable to local privilege escalation and remote code execution

Overview Qualys Research Labs found that the smtpmailaddr function in OpenSMTPD version 6.6 does not properly sanitize user input, which could allow a local attacker to escalate their privileges, and allow either a local or remote attacker to execute arbitrary code as root. Description OpenSMTPD ...

10CVSS9.6AI score0.98946EPSS
Exploits27References9
CERT
CERT
added 2016/12/06 12:0 a.m.67 views

BSD libc contains a buffer overflow vulnerability in link_ntoa()

Overview The BSD libc library's linkntoa function may be vulnerable to a classic buffer overflow. It is currently unclear if this issue is exploitable. Description CWE-120: Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' - CVE-2016-6559Improper bounds checking of the obuf...

9.8CVSS8.8AI score0.03699EPSS
Exploits1References4
CERT
CERT
added 2016/07/19 12:0 a.m.67 views

Misys FusionCapital Opics Plus contains multiple vulnerabilities

Overview Misys FusionCapital Opics Plus is used by regional and local financial institutions to manage treasuries. FusionCapital Opics Plus contains several vulnerabilities. Description CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' -...

8.5CVSS7.1AI score0.01555EPSS
Exploits0References4
CERT
CERT
added 2015/08/11 12:0 a.m.67 views

Mobile Devices C4 ODB2 dongle contains multiple vulnerabilities

Overview Mobile Devices C4 OBD2 dongle, and potentially other rebranded devices, contains multiple vulnerabilities Description The Mobile Devices C4 OBD2 dongle is the base model for several rebranded consumer devices, such as the Metromile pay-by-mile insurance dongle. These devices are plugged...

9CVSS8.1AI score0.02563EPSS
Exploits0References4
CERT
CERT
added 2014/02/14 12:0 a.m.67 views

Internet Explorer CMarkup use-after-free vulnerability

Overview Microsoft Internet Explorer contains a use-after-free vulnerability in the MSHTML CMarkup component, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Internet Explorer contains a use-after-free vulnerability in the...

9.3CVSS8.9AI score0.85239EPSS
Exploits23References8
CERT
CERT
added 2006/03/29 12:0 a.m.67 views

Symantec VERITAS NetBackup Catalog daemon buffer overflow

Overview The NetBackup Catalog daemon contains a stack-based buffer overflow that could allow a remote attacker to execute arbitrary code on a NetBackup master server. Description VERITAS NetBackup Netbackup is a data backup and recovery solution with support for "over the network" backup...

9CVSS7.8AI score0.07927EPSS
Exploits0References4
CERT
CERT
added 2004/08/27 12:0 a.m.67 views

tcpdump contains buffer overflow vulnerability in ISAKMP "Delete Payload" handling

Overview A vulnerability in tcpdump could allow a remote attacker to cause a denial of service on an affected system. Description The tcpdump tool allows for the inspection of network packets and contains decoders for many standard protocols, including the Internet Security Association and Key...

5CVSS7.8AI score0.05622EPSS
Exploits0References3
CERT
CERT
added 2004/03/17 12:0 a.m.67 views

OpenSSL contains null-pointer assignment in do_change_cipher_spec() function

Overview OpenSSL contains a null-pointer assignment in the dochangecipherspec function which could allow a remote, unauthenticated attacker to cause OpenSSL to crash. Description OpenSSL implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols and includes a general...

7.4AI score
Exploits0References3
CERT
CERT
added 2003/09/30 12:0 a.m.67 views

OpenSSL contains integer overflow handling ASN.1 tags (2)

Overview A vulnerability in the way OpenSSL handles ASN.1 tags could allow a remote attacker to cause a denial of service. Description OpenSSL implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols and includes a general purpose cryptographic library. SSL and TLS are...

5CVSS9.5AI score0.06173EPSS
Exploits0References6
CERT
CERT
added 2002/06/28 12:0 a.m.67 views

Sendmail vulnerable to buffer overflow when DNS map is specified using TXT records

Overview A remotely exploitable buffer overflow exists in Sendmail, versions 8.12.0 through 8.12.4. This vulnerability only exhibits itself if you have modified the configuration file to look up TXT records in DNS. Description The buffer overflow occurs in the portion of code that process respons...

7.9AI score
Exploits0References4
CERT
CERT
added 2001/12/20 12:0 a.m.67 views

CrushFTP Server does not adequately filter user input thereby permitting directory traversal

Overview CrushFTP allows access to files outside the FTP root directory through directory traversal. Description CrushFTP is a Java-based FTP server available for Linux, Mac OS, and Windows. CrushFTP can be configured to limit access to files under a designated FTP root directory. However, CrushF...

6AI score
Exploits0References3
CERT
CERT
added 2001/03/31 12:0 a.m.67 views

Certain MIME types can cause Internet Explorer to execute arbitrary code when rendering HTML

Overview A vulnerability exists in Microsoft Internet Explorer that allows a malicious agent to execute arbitrary code when parsing MIME parts in a document. Any user or program that uses vulnerable versions of Internet Explorer to render HTML in a document for example, when browsing a filesystem...

7.5CVSS6.5AI score0.11207EPSS
Exploits0References11
CERT
CERT
added 2016/01/20 12:0 a.m.66 views

ffmpeg and Libav cross-domain information disclosure vulnerability

Overview ffmpeg is a "cross-platform solution to record, convert and stream audio and video". ffmpeg is vulnerable to local file disclosure due to improper enforcement of domain restrictions when processing playlist files. Description CWE-201: Information Exposure Through Sent Data- CVE-2016-1897...

5.5CVSS5.5AI score0.14621EPSS
Exploits3References2
CERT
CERT
added 2014/05/20 12:0 a.m.66 views

Hanvon facial recognition (Face ID) devices do not authenticate commands

Overview Hanvon facial recognition Face ID devices possibly running software versions prior to 1.007.110 could allow an unauthenticated attacker to modify user and access control information. Description CWE-306: Missing Authentication for Critical FunctionIt has been reported that Hanvon biometr...

8.3CVSS6.5AI score0.01601EPSS
Exploits0References3
CERT
CERT
added 2013/02/01 12:0 a.m.66 views

Oracle Java contains multiple vulnerabilities

Overview Java 7 Update 11, Java 6 Update 38, and earlier versions of Java contain vulnerabilities that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Oracle Java Runtime Environment JRE allows users to run Java applications in a...

10CVSS8.8AI score0.08103EPSS
Exploits2References5
CERT
CERT
added 2009/07/28 12:0 a.m.66 views

ActiveX controls built with Microsoft ATL fail to properly handle initialization data

Overview ActiveX controls that are built using a Microsoft ATL template may fail to properly handle initialization data, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Active Template Library ATL is a set of C++ classes...

8.3AI score
Exploits0References23
CERT
CERT
added 2007/03/05 12:0 a.m.66 views

Asterisk null pointer dereference remote pre-authentication DoS vulnerability

Overview Asterisk contains a null pointer dereference vulnerability that may allow a remote, unauthenticated attacker to cause a denial-of-service condition on a vulnerable system. Description Asterisk is a popular PBX application with VoIP support. Asterisk contains a null pointer dereference...

7.8CVSS5.9AI score0.20274EPSS
Exploits0References7
CERT
CERT
added 2004/03/24 12:0 a.m.66 views

Apache HTTP Server vulnerable to DoS race condition in the handling of short-lived connections

Overview A race condition exists in Apache 2 HTTP Server that may cause a denial-of-service condition on some platforms. Description Apache HTTP Server versions 2.0.48 and prior contain a race condition in the handling of short-lived connections. According to the Apache anouncement, when using...

7.5CVSS7.3AI score0.11549EPSS
Exploits0References2
CERT
CERT
added 2004/02/03 12:0 a.m.66 views

Apache mod_alias vulnerable to buffer overflow via crafted regular expression

Overview A vulnerability in a supplementary module to the Apache HTTP server could allow an attacker to execute arbitrary code on an affected web server under certain circumstances. Description The Apache HTTP server distribution includes a number of supplemental modules that provide additional...

8.1AI score
Exploits0References9
CERT
CERT
added 2003/12/01 12:0 a.m.66 views

ISC BIND 8 vulnerable to cache poisoning via negative responses

Overview The BIND 8 name server contains a cache poisoning vulnerability that allows attackers to conduct denial-of-service attacks on specific target domains. Description Several versions of the BIND 8 name server are vulnerable to cache poisoning via negative responses. To exploit this...

7.3AI score
Exploits0References4
CERT
CERT
added 2001/08/09 12:0 a.m.66 views

Microsoft Windows NT and 2000 Domain Name Servers allow non-authoritative RRs to be cached by default

Overview Microsoft Domain Name Servers hosted on Windows NT or Windows 2000 Server systems run with permissive DNS cache defaults. This may allow unauthorized remote intruders to redirect sites that rely on the vulnerable DNS servers for legitimate information. Description The Domain Name System,...

5CVSS6.8AI score0.04935EPSS
Exploits0References8
CERT
CERT
added 2016/04/22 12:0 a.m.65 views

HP Data Protector does not perform authentication and contains an embedded SSL private key

Overview The HP Data Protector does not perform user authentication, even when Encrypted Control Communications is enabled, and contains an embedded SSL private key that is shared among all installations. Description CWE-306: Missing Authentication for Critical Function - CVE-2016-2004Data...

9.8CVSS9.6AI score0.94297EPSS
Exploits14References1
CERT
CERT
added 2015/11/20 12:0 a.m.65 views

ARRIS cable modems generate passwords deterministically and contain XSS and CSRF vulnerabilities

Overview Multiple models of ARRIS cable modems contain multiple, deterministically generated backdoor passwords, as well as multiple cross-site scripting XSS and cross-site request forgery CSRF vulnerabilities. Description CWE-255: Credentials Management - CVE-2009-5149The 'password of the day'...

9.3CVSS7.4AI score0.02479EPSS
Exploits1References13
CERT
CERT
added 2014/08/07 12:0 a.m.65 views

UEFI EDK2 Capsule Update vulnerabilities

Overview The EDK2 UEFI reference implementation contains multiple vulnerabilities in the Capsule Update mechanism. Description The open source EDK2 project provides a reference implementation of the Unified Extensible Firmware Interface UEFI. Researchers at The MITRE Corporation have discovered...

7.2CVSS7.5AI score0.00587EPSS
Exploits0References3
CERT
CERT
added 2013/06/18 12:0 a.m.65 views

Oracle Javadoc HTML frame injection vulnerability

Overview Javadoc HTML pages that were created by Javadoc 7 Update 21 and before, 6 Update 45 and before, 5.0 Update 45 and before, JavaFX 2.2.21 and before contain a frame injection vulnerability that could allow an attacker to replace a Javadoc web page frame with a malicious page. Description...

4.3CVSS7.7AI score0.66817EPSS
Exploits1References5
CERT
CERT
added 2003/01/06 12:0 a.m.65 views

Network device drivers reuse old frame buffer data to pad packets

Overview Many network device drivers reuse old frame buffer data to pad packets, resulting in an information leakage vulnerability that may allow remote attackers to harvest sensitive information from affected devices. Description The Ethernet standard IEEE 802.3 specifies a minimum data field si...

5CVSS5AI score0.73006EPSS
Exploits15References4
CERT
CERT
added 2002/04/10 12:0 a.m.65 views

Microsoft Internet Information Server (IIS) vulnerable to DoS when URL request exceeds maximum allowed length

Overview Intruders may be able to cause the IIS service to fail by sending a particular kind of overly-long URL. Description ISAPI is a programming interface to IIS that can be used to modify or extend the behavior of IIS. Programs written using ISAPI are known as either filters or extension,...

5CVSS5.7AI score0.5329EPSS
Exploits1References1
CERT
CERT
added 2002/03/04 12:0 a.m.65 views

Multiple implementations of the RADIUS protocol do not adequately validate the vendor-length of the vendor-specific attributes

Overview Various RADIUS servers and clients permit the passing of vendor-specific and user-specific attributes. Several implementations of RADIUS fail to check the Vendor-Length of the Vendor-Specific attribute. It's possible to cause a denial of service against RADIUS servers with a malformed...

5CVSS7.3AI score0.05425EPSS
Exploits0References2
CERT
CERT
added 2002/03/01 12:0 a.m.65 views

Linux kernel netfilter IRC DCC helper module creates overly permissive firewall rules

Overview The "netfilter" firewall subsystem included with Linux kernel versions 2.4.x contains a vulnerability that may allow remote attackers to reach hosts that should be protected. Description The "netfilter" subsystem included with Linux kernel versions 2.4.x provides a framework for services...

7.5CVSS6.2AI score0.04894EPSS
Exploits0References4
CERT
CERT
added 2001/09/26 12:0 a.m.65 views

IBM AIX nslookup fails to drop root privileges

Overview The nslookup command fails to drop privileges, allowing local attackers to gain root privileges. Description The nslookup program fails to drop the privileges it gains from being setuid. This access appears to be needed to read the "/etc/resolv.conf" file. This problem was described in I...

7.2CVSS6.2AI score0.00418EPSS
Exploits0References2
CERT
CERT
added 2019/10/23 12:0 a.m.64 views

Multiple D-Link routers vulnerable to remote command execution

Overview Multiple D-Link routers are vulnerable to unauthenticated remote command execution. Description Several D-Link routers contain CGI capability that is exposed to users as /applysec.cgi, and dispatched on the device by the binary /www/cgi/ssi. This CGI code contains two flaws: 1. The...

10CVSS9.6AI score0.99996EPSS
Exploits5References3
CERT
CERT
added 2016/12/13 12:0 a.m.64 views

McAfee VirusScan Enterprise for Windows scriptproxy COM object memory corruption vulnerability

Overview McAfee VirusScan Enterprise for Windows scriptproxy COM object contains a memory corruption vulnerability. Description According to the reporter, McAfee VirusScan Enterprise for Windows version 8.7i through at least 8.8 patch 7 contains a scriptproxy COM object that is vulnerable to the...

6.8AI score
Exploits0References1
CERT
CERT
added 2015/11/03 12:0 a.m.64 views

Commvault Edge Server deserializes cookie data insecurely

Overview Commvault Edge Server, version 10 R2, deserializes untrusted, user-provided cookie data, resulting in arbitrary OS command execution with the web server's privileges. Description CWE-502: Deserialization of Untrusted Data - CVE-2015-7253Commvault Edge Server, version 10 R2, deserializes...

10CVSS7.7AI score0.04319EPSS
Exploits0References3
Total number of security vulnerabilities3702