Lucene search
K

3704 matches found

CERT
CERT
added 2006/10/09 12:0 a.m.24 views

AOL YGP Pic Downloader Plugin ActiveX control buffer overflow

Overview The AOL YGP Pic Downloader ActiveX control contains a buffer overflow vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The AOL YGP You've Got Pictures Pic Downloader ActiveX control is a component that comes...

7.5CVSS7.3AI score0.05857EPSS
Exploits0References6
CERT
CERT
added 2006/10/09 12:0 a.m.27 views

AOL YGP Screensaver ActiveX control buffer overflow

Overview The AOL YGP Screensaver ActiveX control contains a buffer overflow vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The AOL YGP You've Got Pictures Screensaver ActiveX control is a component that comes with AO...

7.5CVSS7.4AI score0.04523EPSS
Exploits0References2
CERT
CERT
added 2006/10/06 12:0 a.m.29 views

Skype for Mac contains a format string error in the handling of URI arguments

Overview Skype for Mac contains a format string vulnerability in the handling of URIs, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Skype software provides telephone service over IP networks. There is a format string vulnerabilit...

7.5CVSS7AI score0.15737EPSS
Exploits0References3
CERT
CERT
added 2006/10/05 12:0 a.m.21 views

Linksys WRT54G routers do not properly validate user credentials

Overview Linksys WRT54G routers do not properly validate user credentials before allowing configuration changes. Description The Linksys WRTG54G is a broadband router that has an integrated wireless access point and ethernet switch. The WRT54G router's configuration settings are controlled by a w...

7.1AI score
Exploits0References2
CERT
CERT
added 2006/10/05 12:0 a.m.28 views

McAfee HTTP Server vulnerable to buffer overflow

Overview A stack-based buffer overflow exists in the McAfee HTTP server that may allow a remote, unauthenticated attacker to execute arbitrary code. Description The McAfee HTTP server NAISERV.exe is used in McAfee products, such as McAfee ePolicy Orchestrator and Protection Pilot. The McAfee HTTP...

8.1AI score
Exploits0References2
CERT
CERT
added 2006/10/04 12:0 a.m.53 views

OpenSSH fails to properly handle multiple identical blocks in a SSH packet

Overview OpenSSH fails to properly handle multiple identical blocks in a SSH packet. This vulnerability may cause a denial-of-service condition. Description OpenSSH is an open source client and server implementation of the Secure Shell SSH protocol. OpenSSH includes a cyclic redundancy check CRC...

7.8CVSS7.8AI score0.34666EPSS
Exploits1References15
CERT
CERT
added 2006/10/04 12:0 a.m.73 views

OpenSSH contains a race condition vulnerability

Overview A race condition vulnerability exists in the OpenSSH daemon. Successful exploitation of this vulnerability may result in a denial-of-service condition. Description OpenSSH is an open source client and server implementation of the Secure Shell SSH protocol.The OpenSSH server includes the...

9.3CVSS8.6AI score0.44963EPSS
Exploits7References12
CERT
CERT
added 2006/10/02 12:0 a.m.26 views

Apple Mac OS X JPEG2000 image handling buffer overflow

Overview Apple Mac OS X fails to properly handle JPEG2000 files. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Description Apple ImageIO is an image processing framework that was introduced in OS X 10.4 Tiger...

5.1CVSS7.6AI score0.06117EPSS
Exploits0References2
CERT
CERT
added 2006/10/02 12:0 a.m.38 views

Apple Workgroup Manager fails to properly enable ShadowHash passwords

Overview Apple Workgroup Manager fails to properly enable ShadowHash passwords in a NetInfo parent. Workgroup Manager may appear to use ShadowHash passwords when crypt is used. Description Workgroup Manager is a system adimistration tool in Apple Mac OS X Server that manages users, groups, and...

2.1CVSS6.1AI score0.00975EPSS
Exploits0References2
CERT
CERT
added 2006/10/02 12:0 a.m.27 views

Apple Mac OS X may allow network accounts to bypass service access controls

Overview Apple Mac OS X may allow network accounts to bypass service access controls. This vulnerability may allow remote users with a valid network account to bypass LoginWindow service access controls. Description Remote access to a system can be restricted by service access controls via...

7.5CVSS6.1AI score0.03354EPSS
Exploits0References2
CERT
CERT
added 2006/10/02 12:0 a.m.38 views

Apple QuickDraw Manager fails to properly handle malicious PICT images

Overview A vulnerability exists in how Apple OS X handles PICT images. If successfully exploited, this vulnerability may allow a remote attacker to execute arbitrary code, or create a denial-of-service condition. Description From Apple,Certain applications invoke an unsupported QuickDraw operatio...

5.1CVSS7.3AI score0.02794EPSS
Exploits0References3
CERT
CERT
added 2006/10/02 12:0 a.m.37 views

Apple kernel exception handling vulnerability

Overview Apple Mac OS X may be vulnerable to privilege escalation via the Mach exception ports in the kernel. This vulnerability may allow a local user to execute arbitrary code with elevated privileges. Description Mach 3.0 is an open source microkernel used by Mac OS X that provides memory...

7.2CVSS6.8AI score0.01534EPSS
Exploits5References3
CERT
CERT
added 2006/09/29 12:0 a.m.32 views

FileCOPA FTP server vulnerable to buffer overflow

Overview There is a buffer overflow vulnerability in the FileCOPA FTP server which may allow an attacker to execute arbitrary code. Description FileCOPA is an FTP server for Microsoft Windows that supports anonymous file transfers.There is a buffer overflow vulnerability in the FileCOPA FTP servi...

6.4CVSS7.8AI score0.05251EPSS
Exploits0References3
CERT
CERT
added 2006/09/28 12:0 a.m.43 views

Cisco IOS fails to properly handle summary packets in the VLAN Trunking Protocol

Overview Cisco IOS fails to properly handle summary packets in the VLAN Trunking Protocol. This vulnerability may allow a remote, unauthenticated attacker to cause a denial-of-service condition. Description Cisco's VLAN Trunking Protocol VTP provides the ability to manage the addition, deletion,...

7.8CVSS6.1AI score0.04752EPSS
Exploits0References4
CERT
CERT
added 2006/09/28 12:0 a.m.93 views

OpenSSL SSL_get_shared_ciphers() vulnerable to buffer overflow

Overview A buffer overflow vulnerability in an OpenSSL library function could allow a remote attacker to execute code on an affected system. Description The OpenSSL toolkit implements the Secure Sockets Layer SSL versions 2 and 3 and Transport Layer Security TLS version 1 protocols as well as a...

4CVSS8.1AI score0.02145EPSS
Exploits0References33
CERT
CERT
added 2006/09/28 12:0 a.m.60 views

OpenSSL SSLv2 client code fails to properly check for NULL

Overview A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Description The OpenSSL toolkit implements the Secure Sockets Layer SSL versions 2 and 3 and Transport Layer Security TLS version 1 protocols as well as a general purpose...

10CVSS8.4AI score0.05706EPSS
Exploits0References6
CERT
CERT
added 2006/09/28 12:0 a.m.40 views

OpenSSL may fail to properly parse invalid ASN.1 structures

Overview A vulnerability in OpenSSL may allow an attacker to create a denial-of-service condition. Description OpenSSL is an Open Source toolkit that implements the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 protocols.When parsing certain invalid ASN.1 structures, OpenSSL...

7.8CVSS8.5AI score0.10629EPSS
Exploits1References15
CERT
CERT
added 2006/09/28 12:0 a.m.51 views

X.509 certificate verification may be vulnerable to resource exhaustion

Overview Some applications that perform X.509 certificate verification may be vulnerable to signature processing problems that lead to resource exhaustion. This vulnerability may cause a denial of service. Description Included in X.509 certificates are public keys used for digital signature...

8.5AI score
Exploits0References12
CERT
CERT
added 2006/09/27 12:0 a.m.28 views

Roller Weblogger contains a cross-site scripting vulnerability

Overview A cross-site scripting vulnerability in Roller Weblogger may allow an attacker to read or modify data in web pages and cookies. Description There is a cross-site scripting vulnerability in the way that Roller handles data supplied in the comments section of a web page running the Roller...

4.3CVSS5.4AI score0.02467EPSS
Exploits0References2
CERT
CERT
added 2006/09/27 12:0 a.m.34 views

Cisco IOS contains buffer overflow in VTP VLAN name handling

Overview Cisco IOS fails to properly handle specially crafted VTP summary advertisement with overly long VLAN name. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Description Cisco's VLAN Trunking Protocol VTP...

7.5CVSS7.6AI score0.07365EPSS
Exploits0References4
CERT
CERT
added 2006/09/27 12:0 a.m.40 views

Microsoft PowerPoint fails to properly handle malformed records

Overview Microsoft PowerPoint contains a vulnerability in the handling of malformed records, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft PowerPoint contains a vulnerability that could be exploited when PowerPoint opens...

9.3CVSS6.8AI score0.12458EPSS
Exploits4References3
CERT
CERT
added 2006/09/27 12:0 a.m.35 views

Microsoft Windows WebViewFolderIcon ActiveX integer overflow

Overview The Microsoft Windows WebViewFolderIcon ActiveX control contains an integer overflow vulnerability. This may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Microsoft WebViewFolderIcon object is an ActiveX control that comes with...

9.3CVSS6.9AI score0.63817EPSS
Exploits9References11
CERT
CERT
added 2006/09/27 12:0 a.m.33 views

Cisco IOS fails to properly verify the VTP configuration revision number

Overview Cisco IOS fails to properly verify the VTP configuration revision number. This vulnerability may allow a remote, unauthenticated attacker to prevent changes to the VLAN database from being properly propagated throughout the VTP domain. Description Cisco's VLAN Trunking Protocol VTP...

7.8CVSS6AI score0.04752EPSS
Exploits0References5
CERT
CERT
added 2006/09/22 12:0 a.m.18 views

Cisco Intrusion Prevention System administration interface fails to properly handle Secure Socket Layer packets

Overview The web administration interface of Cisco Intrusion Prevention System and Intrusion Detection System devices fails to properly handle certain Secure Socket Layer packets. This vulnerability may cause a denial of service. Description According to Cisco Security Advisory...

5CVSS6.7AI score0.03511EPSS
Exploits0References6
CERT
CERT
added 2006/09/22 12:0 a.m.29 views

Apple AirPort wireless drivers fails to properly handle scan cache updates

Overview An heap buffer overflow exists in the Apple AirPort wireless driver. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code, or cause a denial-of-service condition. Description Apple AirPort drivers contain a heap buffer overflow in the code that...

7.2CVSS7.5AI score0.00562EPSS
Exploits0References2
CERT
CERT
added 2006/09/22 12:0 a.m.31 views

Apple AirPort wireless vulnerable to buffer overflow

Overview Two buffer overflow vulnerabilities exist in Apple AirPort wireless drivers. If exploited, this vulnerability may allow an attacker to execute arbitrary code. Description According to Apple:Two separate stack buffer overflows exist in the AirPort wireless driver's handling of malformed...

7.2CVSS7.5AI score0.01453EPSS
Exploits0References2
CERT
CERT
added 2006/09/22 12:0 a.m.38 views

Apple AirPort wireless drivers vulnerable to integer overflow

Overview An integer overflow exists in the Apple AirPort wireless drivers. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code, or create a denial-of-service condition. Description According to Apple,An integer overflow exists in the AirPort wireless...

7.2CVSS7.7AI score0.00497EPSS
Exploits0References2
CERT
CERT
added 2006/09/20 12:0 a.m.17 views

Cisco IPS fails to properly check fragmented IP packets

Overview Cisco IPS systems may fail to check specially-crafted IP packets that are fragmented. Description Some Cisco intrusion prevention system IPS products can be configured as passive intrusion detection systems IDS or active IPS systems. Cisco refers to the IPS mode as "inline" and the IDS...

7.5CVSS6.2AI score0.04195EPSS
Exploits0References2
CERT
CERT
added 2006/09/20 12:0 a.m.16 views

Mozilla products fail to properly handle JavaScript regular expressions

Overview Mozilla products fail to properly handle certain JavaScript regular expressions. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Description According to Mozilla Foundation Security Advisory 2006-57: ...a...

7.7AI score
Exploits0References2
CERT
CERT
added 2006/09/20 12:0 a.m.59 views

Adobe Flash Player allowScriptAccess protection bypass vulnerability

Overview A vulnerability in Adobe Flash Player may allow a remote attacker to bypass allowScriptAccess protection. Description Adobe Flash Player is a player for the Flash media format and enables frame-based animations with sound to be viewed within a web browser. According to Adobe: The...

6.8CVSS5.7AI score0.09899EPSS
Exploits0References5
CERT
CERT
added 2006/09/20 12:0 a.m.41 views

SISCO OSI stack fails to properly validate packets

Overview A vulnerability exists in the SISCO OSI stack for Windows. If successfully exploited, an attacker could cause a denial-of-service condition. Description Inter-control Center Communications Protocol ICCP The Inter-control Center Communications Protocol ICCP is a protocol that is used to...

7.8CVSS6.5AI score0.0377EPSS
Exploits0References3
CERT
CERT
added 2006/09/19 12:0 a.m.262 views

Microsoft Internet Explorer VML stack buffer overflow

Overview Microsoft Internet Explorer IE fails to properly handle Vector Markup Language tags. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft IE version 5.0 and higher supports the Vector Markup Language VML,...

9.3CVSS6.6AI score0.62149EPSS
Exploits7References4
CERT
CERT
added 2006/09/19 12:0 a.m.33 views

gzip contains a buffer underflow

Overview The gzip program contains a buffer underflow vulnerability that may allow an attacker to execute arbitrary code, or create a denial-of-service condition. Description The gzip program is used to compress and decompress archived files.A buffer underflow vulnerability exists in gzip. An...

7.5CVSS7AI score0.0551EPSS
Exploits1References2
CERT
CERT
added 2006/09/19 12:0 a.m.38 views

gzip NULL dereference in huft_build()

Overview The gzip program contains a null dereference vulnerability that may allow an attacker to execute arbitrary code or create a denial-of-service condition. Description The gzip program is used to compress and decompress archived files. A null dereference vulnerability exists in gzip. An...

5CVSS6.8AI score0.03895EPSS
Exploits1References2
CERT
CERT
added 2006/09/19 12:0 a.m.41 views

gzip contains an infinite loop vulnerability in its LZH handling

Overview The gzip program contains a infinite loop vulnerability that may allow an attacker to create a denial-of-service condition. Description The gzip program is used to compress and decompress archived files. A infinite loop vulnerability exists in the way gzip handles certain files. An...

5CVSS6.3AI score0.03607EPSS
Exploits1References2
CERT
CERT
added 2006/09/19 12:0 a.m.43 views

gzip contains a .bss buffer overflow in its LZH handling

Overview The gzip program contains a buffer overflow vulnerability that may allow an attacker to execute arbitrary code or create a denial-of-service condition. Description The gzip program is used to compress and decompress archived files. Some implementations of gzip include support for the LZH...

7.5CVSS7.4AI score0.05641EPSS
Exploits1References2
CERT
CERT
added 2006/09/19 12:0 a.m.33 views

gzip contains an array out-of-bounds vulnerability in make_table()

Overview The gzip program contains a stack modification vulnerability that may allow an attacker to execute arbitrary code, or create a denial-of-service condition.. Description The gzip program is used to compress and decompress archived files.A stack modification vulnerability exists in gzip. A...

7.5CVSS6.8AI score0.05478EPSS
Exploits1References2
CERT
CERT
added 2006/09/18 12:0 a.m.71 views

Adobe Flash Player long string buffer overflow

Overview Adobe Flash Player fails to properly handle malformed strings. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. Description Adobe Flash Player is a player for the Flash media format and enables frame-based animations with sound to be viewed withi...

5.1CVSS7.1AI score0.16606EPSS
Exploits1References6
CERT
CERT
added 2006/09/15 12:0 a.m.35 views

Microsoft DirectAnimation Path ActiveX control fails to validate input

Overview The Microsoft DirectAnimation Path ActiveX control fails to properly validate input. This may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Microsoft DirectAnimation Path object is an ActiveX control that is used to move object...

7.6CVSS6.5AI score0.78755EPSS
Exploits3References5
CERT
CERT
added 2006/09/14 12:0 a.m.36 views

Apple QuickTime fails to properly handle FLC movies

Overview Apple QuickTime fails to properly handle FLC movies. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Description Apple QuickTime is multimedia software that allows users to view local and remote audio, vide...

5.1CVSS7.9AI score0.15248EPSS
Exploits1References4
CERT
CERT
added 2006/09/13 12:0 a.m.32 views

Apple QuickTime vulnerable to denial of service via specially crafted FlashPix file

Overview A buffer overflow vulnerability in the way Apple QuickTime handles FlashPix files could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. Description A buffer overflow vulnerability in QuickTime for Windows and Mac OS X may allow an attacker to...

5.1CVSS7.6AI score0.05526EPSS
Exploits0References4
CERT
CERT
added 2006/09/13 12:0 a.m.36 views

Apple QuickTime Player H.264 Codec contains an integer overflow

Overview Apple QuickTime fails to properly handle H.264 movies. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Description Apple QuickTime Player is multimedia software that allows users to view local and remote...

5.1CVSS7.9AI score0.05851EPSS
Exploits0References6
CERT
CERT
added 2006/09/13 12:0 a.m.28 views

Apple QuickTime fails to properly handle FlashPix files

Overview Apple QuickTime fails to properly handle FlashPix files. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service condition. Description Apple's QuickTime Player is multimedia software that allows users to view local and remot...

5.1CVSS7.5AI score0.07253EPSS
Exploits1References4
CERT
CERT
added 2006/09/13 12:0 a.m.29 views

Apple QuickTime movie buffer overflow vulnerability

Overview A buffer overflow vulnerability in the way Apple QuickTime handles movie files could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. Description A buffer overflow vulnerability in QuickTime for Windows and Mac OS X may allow an attacker to execut...

5.1CVSS7.5AI score0.06636EPSS
Exploits0References3
CERT
CERT
added 2006/09/13 12:0 a.m.36 views

Apple QuickTime fails to properly handle SGI images

Overview Apple QuickTime fails to properly handle SGI images. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Description Apple QuickTime is multimedia software that allows users to view local and remote audio, vide...

5.1CVSS7.5AI score0.06268EPSS
Exploits0References4
CERT
CERT
added 2006/09/12 12:0 a.m.37 views

Microsoft Publisher does not adequately validate Publisher documents

Overview Microsoft Publisher does not adequately validate Publisher documents. This results in a buffer overflow vulnerability that could allow an attacker to execute arbitrary code with the privileges of the user running Publisher. Description Microsoft Publisher does not adequately validate...

9.3CVSS7.4AI score0.40018EPSS
Exploits1References6
CERT
CERT
added 2006/09/12 12:0 a.m.25 views

Microsoft PGM vulnerable to remote code execution

Overview A buffer overflow vulnerability in Microsoft's Pragmatic General Multicast PGM protocol implementation may allow an attacker to execute arbitrary code. Description The Pragmatic General Multicast PGM protocol is an experimental protocol defined in RFC 3208. Microsoft's implementation of...

7.6CVSS7.6AI score0.26246EPSS
Exploits0References5
CERT
CERT
added 2006/09/12 12:0 a.m.22 views

Microsoft Indexing Services vulnerable to cross-site scripting

Overview Microsoft's Indexing Service does not properly validate queries. This vulnerability may allow an attacker to run client-side scripts on behalf of a user. Description Microsoft's Indexing Service allows users to quickly search computers and networks. This service can be used in combinatio...

4.3CVSS5.4AI score0.33221EPSS
Exploits0References3
CERT
CERT
added 2006/09/11 12:0 a.m.22 views

AOL ICQ Pro fails to properly handle incoming message lengths

Overview A buffer overflow vulnerability in ICQ may allow a remote attacker to execute arbitrary code or create a denial-of-service condition. Description ICQ is a instant messaging application that is maintained by AOL. A buffer overflow vulnerability in ICQ Pro 2003b may allow a remote,...

8.5AI score
Exploits0References3
CERT
CERT
added 2006/09/11 12:0 a.m.37 views

Multiple RSA implementations fail to properly handle signatures

Overview Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. Description RSA signatures are used to authenticate the source of a message. To prevent RSA signatures from being forged, messages are padded with data t...

4.3CVSS7.6AI score0.04894EPSS
Exploits1References7
Total number of security vulnerabilities3704