3702 matches found
Autonomy Keyview IDOL contains multiple vulnerabilities in file parsers
Overview Autonomy Keyview IDOL contains multiple vulnerabilities in file parsers. These vulnerabilities could allow a remote attacker to execute arbitrary code on an affected system. Description Autonomy Keyview IDOL is a set of libraries that can decode over 1,000 different file formats. The...
RuggedCom Rugged Operating System (ROS) contains hard-coded user account with predictable password
Overview RuggedCom Rugged Operating System ROS contains a hard-coded user account with a predictable password. Description RuggedCom Rugged Operating System ROS, used in RuggedCom network infrastructure devices, contains a hard-coded user account named "factory" that cannot be disabled. The...
HP StorageWorks P2000 G3 directory traversal vulnerability
Overview HP StorageWorks P2000 G3 contains a directory traversal vulnerability which may allow a remote, unauthenticated attacker to obtain sensitive information. Description HP StorageWorks P2000 G3 contains an embedded webserver which is vulnerable to a directory traversal vulnerability which m...
Liferay Portal User Profile Greeting stored XSS
Overview Liferay Portal fails to properly validate the User Profile "Greeting" value, which can allow script to execute when a user logs into the portal. Description Liferay Portal is an enterprise portal solution that uses Java technologies. The User Profile "Greeting" value of Liferay Portal...
MIT Kerberos (krb5) ftpd and ksu do not properly validate seteuid() calls
Overview Privilege escalation vulnerabilities in MIT krb5 ftpd and ksu may allow an authenticated attacker to execute arbitrary code. Description The MIT krb 5 ftpd and ksu programs contain multiple privilege escalation vulnerabilities. These vulnerabilities are dependent on the host operating...
Microsoft Windows HTML Help ActiveX control does not adequately validate window source
Overview The Microsoft Windows HTML Help ActiveX control contains a cross-domain vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary commands or code with the privileges of the user running the control. The HTML Help control can be instantiated by an HTML...
OpenSSL servers contain a remotely exploitable buffer overflow vulnerability during the SSL3 handshake process
Overview OpenSSL is an open-source implementation of the Secure Sockets Layer SSL protocol. A remotely exploitable vulnerability exists in OpenSSL servers that could lead to the execution of arbitrary code on the system Description Servers running OpenSSL pre-release version 0.9.7 with Kerberos...
Devices supporting Bluetooth Core and Mesh Specifications are vulnerable to impersonation attacks and AuthValue disclosure
Overview Devices supporting the Bluetooth Core and Mesh Specifications are vulnerable to impersonation attacks and AuthValue disclosure that could allow an attacker to impersonate a legitimate device during pairing. Description The Bluetooth Core Specification and Mesh Profile Specification are t...
Machine learning classifiers trained via gradient descent are vulnerable to arbitrary misclassification attack
Overview Machine learning models trained using gradient descent can be forced to make arbitrary misclassifications by an attacker that can influence the items to be classified. The impact of a misclassification varies widely depending on the ML model's purpose and of what systems it is a part...
Solarwinds Dameware Remote Mini Controller Windows service is vulnerable to stack buffer overflow
Overview The Solarwinds Dameware Remote Mini Controller Windows service is vulnerable to stack buffer overflow. Description CWE-121: Stack-based Buffer Overflow - CVE-2016-2345Solarwinds Dameware Remote Mini Controller is a software for assisting in remote desktop connections for helpdesk support...
Oracle Outside In OS/2 Metafile parser stack buffer overflow
Overview Oracle Outside In contains a stack buffer overflow vulnerability in the OS/2 Metafile parser, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Oracle Outside In is a set of libraries that can decode over 500 different file...
Single crafted HTTP request may result in multiple responses
Overview Some HTTP handling devices are vulnerable to a flaw which may allow a specially crafted request to elicit multiple responses, some of which may be controlled by the attacker. These attacks may result in cache poisoning, information leakage, cross-site scripting, and other outcomes...
Buffer Overflow in Core Microsoft Windows DLL
Overview A buffer overflow vulnerability exists in the Win32 API libraries shipped with all versions of Microsoft Windows XP, Microsoft Windows 2000, Microsoft Windows NT 4.0, and Microsoft Windows NT 4.0 Terminal Server Edition. This vulnerability, which is being actively exploited on...
Double Free Bug in zlib Compression Library Corrupts malloc's Internal Data Structures
Overview There is a bug in the zlib compression library that may manifest itself as a vulnerability in programs that are linked with zlib. This may allow an attacker to conduct a denial-of-service attack, gather information, or execute arbitrary code. It is important to note that the CERT/CC has...
RADIUS protocol susceptible to forgery attacks.
Overview A vulnerability in the RADIUS protocol allows an attacker allows an attacker to forge an authentication response in cases where a Message-Authenticator attribute is not required or enforced. This vulnerability results from a cryptographically insecure integrity check when validating...
Tychon is vulnerable to privilege escalation due to OPENSSLDIR location
Overview Tychon contains a privilege escalation vulnerability due to the use of an OPENSSLDIR variable that specifies a location where an unprivileged Windows user may be able to place files. Description Tychon includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory...
Bluetooth devices supporting BR/EDR are vulnerable to impersonation attacks
Overview Bluetooth Basic Rate / Enhanced Data Rate BR/EDR Core Configurations are used for low-power short-range communications. To establish an encrypted connection, two Bluetooth devices must pair with each other using a link key. It is possible for an unauthenticated, adjacent attacker to...
OpenSMTPD vulnerable to local privilege escalation and remote code execution
Overview Qualys Research Labs found that the smtpmailaddr function in OpenSMTPD version 6.6 does not properly sanitize user input, which could allow a local attacker to escalate their privileges, and allow either a local or remote attacker to execute arbitrary code as root. Description OpenSMTPD ...
BSD libc contains a buffer overflow vulnerability in link_ntoa()
Overview The BSD libc library's linkntoa function may be vulnerable to a classic buffer overflow. It is currently unclear if this issue is exploitable. Description CWE-120: Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' - CVE-2016-6559Improper bounds checking of the obuf...
Misys FusionCapital Opics Plus contains multiple vulnerabilities
Overview Misys FusionCapital Opics Plus is used by regional and local financial institutions to manage treasuries. FusionCapital Opics Plus contains several vulnerabilities. Description CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' -...
Mobile Devices C4 ODB2 dongle contains multiple vulnerabilities
Overview Mobile Devices C4 OBD2 dongle, and potentially other rebranded devices, contains multiple vulnerabilities Description The Mobile Devices C4 OBD2 dongle is the base model for several rebranded consumer devices, such as the Metromile pay-by-mile insurance dongle. These devices are plugged...
Internet Explorer CMarkup use-after-free vulnerability
Overview Microsoft Internet Explorer contains a use-after-free vulnerability in the MSHTML CMarkup component, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Internet Explorer contains a use-after-free vulnerability in the...
Symantec VERITAS NetBackup Catalog daemon buffer overflow
Overview The NetBackup Catalog daemon contains a stack-based buffer overflow that could allow a remote attacker to execute arbitrary code on a NetBackup master server. Description VERITAS NetBackup Netbackup is a data backup and recovery solution with support for "over the network" backup...
tcpdump contains buffer overflow vulnerability in ISAKMP "Delete Payload" handling
Overview A vulnerability in tcpdump could allow a remote attacker to cause a denial of service on an affected system. Description The tcpdump tool allows for the inspection of network packets and contains decoders for many standard protocols, including the Internet Security Association and Key...
OpenSSL contains null-pointer assignment in do_change_cipher_spec() function
Overview OpenSSL contains a null-pointer assignment in the dochangecipherspec function which could allow a remote, unauthenticated attacker to cause OpenSSL to crash. Description OpenSSL implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols and includes a general...
OpenSSL contains integer overflow handling ASN.1 tags (2)
Overview A vulnerability in the way OpenSSL handles ASN.1 tags could allow a remote attacker to cause a denial of service. Description OpenSSL implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols and includes a general purpose cryptographic library. SSL and TLS are...
Sendmail vulnerable to buffer overflow when DNS map is specified using TXT records
Overview A remotely exploitable buffer overflow exists in Sendmail, versions 8.12.0 through 8.12.4. This vulnerability only exhibits itself if you have modified the configuration file to look up TXT records in DNS. Description The buffer overflow occurs in the portion of code that process respons...
CrushFTP Server does not adequately filter user input thereby permitting directory traversal
Overview CrushFTP allows access to files outside the FTP root directory through directory traversal. Description CrushFTP is a Java-based FTP server available for Linux, Mac OS, and Windows. CrushFTP can be configured to limit access to files under a designated FTP root directory. However, CrushF...
Certain MIME types can cause Internet Explorer to execute arbitrary code when rendering HTML
Overview A vulnerability exists in Microsoft Internet Explorer that allows a malicious agent to execute arbitrary code when parsing MIME parts in a document. Any user or program that uses vulnerable versions of Internet Explorer to render HTML in a document for example, when browsing a filesystem...
ffmpeg and Libav cross-domain information disclosure vulnerability
Overview ffmpeg is a "cross-platform solution to record, convert and stream audio and video". ffmpeg is vulnerable to local file disclosure due to improper enforcement of domain restrictions when processing playlist files. Description CWE-201: Information Exposure Through Sent Data- CVE-2016-1897...
Hanvon facial recognition (Face ID) devices do not authenticate commands
Overview Hanvon facial recognition Face ID devices possibly running software versions prior to 1.007.110 could allow an unauthenticated attacker to modify user and access control information. Description CWE-306: Missing Authentication for Critical FunctionIt has been reported that Hanvon biometr...
Oracle Java contains multiple vulnerabilities
Overview Java 7 Update 11, Java 6 Update 38, and earlier versions of Java contain vulnerabilities that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Oracle Java Runtime Environment JRE allows users to run Java applications in a...
ActiveX controls built with Microsoft ATL fail to properly handle initialization data
Overview ActiveX controls that are built using a Microsoft ATL template may fail to properly handle initialization data, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Active Template Library ATL is a set of C++ classes...
Asterisk null pointer dereference remote pre-authentication DoS vulnerability
Overview Asterisk contains a null pointer dereference vulnerability that may allow a remote, unauthenticated attacker to cause a denial-of-service condition on a vulnerable system. Description Asterisk is a popular PBX application with VoIP support. Asterisk contains a null pointer dereference...
Apache HTTP Server vulnerable to DoS race condition in the handling of short-lived connections
Overview A race condition exists in Apache 2 HTTP Server that may cause a denial-of-service condition on some platforms. Description Apache HTTP Server versions 2.0.48 and prior contain a race condition in the handling of short-lived connections. According to the Apache anouncement, when using...
Apache mod_alias vulnerable to buffer overflow via crafted regular expression
Overview A vulnerability in a supplementary module to the Apache HTTP server could allow an attacker to execute arbitrary code on an affected web server under certain circumstances. Description The Apache HTTP server distribution includes a number of supplemental modules that provide additional...
ISC BIND 8 vulnerable to cache poisoning via negative responses
Overview The BIND 8 name server contains a cache poisoning vulnerability that allows attackers to conduct denial-of-service attacks on specific target domains. Description Several versions of the BIND 8 name server are vulnerable to cache poisoning via negative responses. To exploit this...
Microsoft Windows NT and 2000 Domain Name Servers allow non-authoritative RRs to be cached by default
Overview Microsoft Domain Name Servers hosted on Windows NT or Windows 2000 Server systems run with permissive DNS cache defaults. This may allow unauthorized remote intruders to redirect sites that rely on the vulnerable DNS servers for legitimate information. Description The Domain Name System,...
HP Data Protector does not perform authentication and contains an embedded SSL private key
Overview The HP Data Protector does not perform user authentication, even when Encrypted Control Communications is enabled, and contains an embedded SSL private key that is shared among all installations. Description CWE-306: Missing Authentication for Critical Function - CVE-2016-2004Data...
ARRIS cable modems generate passwords deterministically and contain XSS and CSRF vulnerabilities
Overview Multiple models of ARRIS cable modems contain multiple, deterministically generated backdoor passwords, as well as multiple cross-site scripting XSS and cross-site request forgery CSRF vulnerabilities. Description CWE-255: Credentials Management - CVE-2009-5149The 'password of the day'...
UEFI EDK2 Capsule Update vulnerabilities
Overview The EDK2 UEFI reference implementation contains multiple vulnerabilities in the Capsule Update mechanism. Description The open source EDK2 project provides a reference implementation of the Unified Extensible Firmware Interface UEFI. Researchers at The MITRE Corporation have discovered...
Oracle Javadoc HTML frame injection vulnerability
Overview Javadoc HTML pages that were created by Javadoc 7 Update 21 and before, 6 Update 45 and before, 5.0 Update 45 and before, JavaFX 2.2.21 and before contain a frame injection vulnerability that could allow an attacker to replace a Javadoc web page frame with a malicious page. Description...
Network device drivers reuse old frame buffer data to pad packets
Overview Many network device drivers reuse old frame buffer data to pad packets, resulting in an information leakage vulnerability that may allow remote attackers to harvest sensitive information from affected devices. Description The Ethernet standard IEEE 802.3 specifies a minimum data field si...
Microsoft Internet Information Server (IIS) vulnerable to DoS when URL request exceeds maximum allowed length
Overview Intruders may be able to cause the IIS service to fail by sending a particular kind of overly-long URL. Description ISAPI is a programming interface to IIS that can be used to modify or extend the behavior of IIS. Programs written using ISAPI are known as either filters or extension,...
Multiple implementations of the RADIUS protocol do not adequately validate the vendor-length of the vendor-specific attributes
Overview Various RADIUS servers and clients permit the passing of vendor-specific and user-specific attributes. Several implementations of RADIUS fail to check the Vendor-Length of the Vendor-Specific attribute. It's possible to cause a denial of service against RADIUS servers with a malformed...
Linux kernel netfilter IRC DCC helper module creates overly permissive firewall rules
Overview The "netfilter" firewall subsystem included with Linux kernel versions 2.4.x contains a vulnerability that may allow remote attackers to reach hosts that should be protected. Description The "netfilter" subsystem included with Linux kernel versions 2.4.x provides a framework for services...
IBM AIX nslookup fails to drop root privileges
Overview The nslookup command fails to drop privileges, allowing local attackers to gain root privileges. Description The nslookup program fails to drop the privileges it gains from being setuid. This access appears to be needed to read the "/etc/resolv.conf" file. This problem was described in I...
Multiple D-Link routers vulnerable to remote command execution
Overview Multiple D-Link routers are vulnerable to unauthenticated remote command execution. Description Several D-Link routers contain CGI capability that is exposed to users as /applysec.cgi, and dispatched on the device by the binary /www/cgi/ssi. This CGI code contains two flaws: 1. The...
McAfee VirusScan Enterprise for Windows scriptproxy COM object memory corruption vulnerability
Overview McAfee VirusScan Enterprise for Windows scriptproxy COM object contains a memory corruption vulnerability. Description According to the reporter, McAfee VirusScan Enterprise for Windows version 8.7i through at least 8.8 patch 7 contains a scriptproxy COM object that is vulnerable to the...
Commvault Edge Server deserializes cookie data insecurely
Overview Commvault Edge Server, version 10 R2, deserializes untrusted, user-provided cookie data, resulting in arbitrary OS command execution with the web server's privileges. Description CWE-502: Deserialization of Untrusted Data - CVE-2015-7253Commvault Edge Server, version 10 R2, deserializes...