4985 matches found
VulnCheck KEV: CVE-2003-0127
The kernel module loader in Linux kernel 2.2.x before 2.2.25, and 2.4.x before 2.4.21, allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel...
VulnCheck KEV: CVE-2001-0236
Buffer overflow in Solaris snmpXdmid SNMP to DMI mapper daemon allows remote attackers to execute arbitrary commands via a long "indication" event...
VulnCheck KEV: CVE-2003-0681
A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets 1 recipient 2, final, or 3 mailer-specific envelope recipients, has unknown consequences...
VulnCheck KEV: CVE-2003-0201
Buffer overflow in the calltrans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code...
VulnCheck KEV: CVE-2017-3623
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite subcomponent: Kernel RPC. For supported versions that are affected see note. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Solaris. While the...
VulnCheck KEV: CVE-2011-4130
Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data transfer...
VulnCheck KEV: CVE-2003-0694
The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c...
VulnCheck KEV: CVE-2006-3439
Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314...
VulnCheck KEV: CVE-2017-8464
Windows Shell in multiple versions of Microsoft Windows allows local users or remote attackers to execute arbitrary code via a crafted .LNK file...
VulnCheck KEV: CVE-2017-8543
Microsoft Windows allows an attacker to take control of the affected system when Windows Search fails to handle objects in memory...
VulnCheck KEV: CVE-2015-5374
A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions V1.03; Firmware variant...
VulnCheck KEV: CVE-2017-0222
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory...
VulnCheck KEV: CVE-2017-0001
The Graphics Device Interface GDI in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges...
VulnCheck KEV: CVE-2017-0262
A remote code execution vulnerability exists in Microsoft Office...
VulnCheck KEV: CVE-2017-0261
Microsoft Office contains a use-after-free vulnerability which can allow for remote code execution...
VulnCheck KEV: CVE-2017-0263
Microsoft Win32k contains a privilege escalation vulnerability due to the Windows kernel-mode driver failing to properly handle objects in memory...
VulnCheck KEV: CVE-2017-20210
Photo Station 5.4.1 & 5.2.7 include the security fix for the vulnerability related to the XMR mining programs identified by internal research...
VulnCheck KEV: CVE-2017-8291
Artifex Ghostscript allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile...
VulnCheck KEV: CVE-2017-0148
The SMBv1 server in Microsoft allows remote attackers to execute arbitrary code via crafted packets...
VulnCheck KEV: CVE-2014-9222
AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway products and other vendors and products, allows remote attackers to gain privileges via a crafted cookie that triggers memory corruption, aka the "Misfortune Cookie" vulnerability...
VulnCheck KEV: CVE-2017-0199
Microsoft Office and WordPad contain an unspecified vulnerability due to the way the applications parse specially crafted files. Successful exploitation allows for remote code execution...
VulnCheck KEV: CVE-2017-0210
A privilege escalation vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to access information...
VulnCheck KEV: CVE-2017-2404
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Quick Look" component. It allows remote attackers to trigger telephone calls to arbitrary numbers via a tel: URL in a PDF document, as exploited in the wild in October 2016...
VulnCheck KEV: CVE-2017-3197
GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 version F6 and GB-BXi7-5775 version F2 platforms does not securely implement BIOSWE, BLE, SMMBWP, and PRx features. As a result, the BIOS is not protected from arbitrary write access and may permit modifications to the SPI flash...
VulnCheck KEV: CVE-2017-3198
GIGABYTE BRIX UEFI firmware does not cryptographically validate images prior to updating the system firmware. Additionally, the firmware updates are served over HTTP. An attacker can make arbitrary modifications to firmware images without being detected...
VulnCheck KEV: CVE-2017-7269
Microsoft Windows Server 2003 R2 contains a buffer overflow vulnerability in Internet Information Services IIS 6.0 which allows remote attackers to execute code via a long header beginning with "If: http://" in a PROPFIND request...
VulnCheck KEV: CVE-2017-1274
IBM Domino 8.5.3, and 9.0 is vulnerable to a stack based overflow in the IMAP service that could allow an authenticated attacker to execute arbitrary code by specifying a large mailbox name. IBM X-Force ID: 124749...
VulnCheck KEV: CVE-2017-3881
A vulnerability in the Cisco Cluster Management Protocol CMP processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges...
VulnCheck KEV: CVE-2017-0145
The SMBv1 server in multiple Microsoft Windows versions allows remote attackers to execute arbitrary code via crafted packets...
VulnCheck KEV: CVE-2017-0022
Microsoft XML Core Services MSXML improperly handles objects in memory, allowing attackers to test for files on disk via a crafted web site...
VulnCheck KEV: CVE-2017-0146
The SMBv1 server in Microsoft Windows allows remote attackers to perform remote code execution...
VulnCheck KEV: CVE-2017-0005
The Graphics Device Interface GDI in Microsoft Windows allows local users to gain privileges via a crafted application...
VulnCheck KEV: CVE-2017-0147
The SMBv1 server in Microsoft Windows allows remote attackers to obtain sensitive information from process memory via a crafted packet...
VulnCheck KEV: CVE-2017-0149
Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause a denial-of-service DoS via a crafted website...
VulnCheck KEV: CVE-2017-0143
Microsoft Windows Server Message Block 1.0 SMBv1 contains an unspecified vulnerability that allows for remote code execution...
VulnCheck KEV: CVE-2017-5638
Apache Struts Jakarta Multipart parser allows for malicious file upload using the Content-Type value, leading to remote code execution...
VulnCheck KEV: CVE-2016-15047
AVTECH devices that include the CloudSetup.cgi management endpoint are vulnerable to authenticated OS command injection. The exefile parameter in CloudSetup.cgi is passed to the underlying system command execution without proper validation or whitelisting. An authenticated attacker who can...
VulnCheck KEV: CVE-2017-10271
Oracle Corporation WebLogic Server contains a vulnerability that allows for remote code execution...
VulnCheck KEV: CVE-2016-7200
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service memory corruption via a crafted web site...
VulnCheck KEV: CVE-2016-7201
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service memory corruption via a crafted web site...
VulnCheck KEV: CVE-2013-1670
The Chrome Object Wrapper COW implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 does not prevent acquisition of chrome privileges during calls to content level constructors, which allows remote...
VulnCheck KEV: CVE-2013-1710
The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allows remote attackers to execute arbitrary JavaScript code or conduct cross-site scripting XSS...
VulnCheck KEV: CVE-2014-8636
The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with a DOM object that has a named getter, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via unspecified vectors...
VulnCheck KEV: CVE-2016-10372
The Eir D1000 modem does not properly restrict the TR-064 protocol, which allows remote attackers to execute arbitrary commands via TCP port 7547, as demonstrated by opening WAN access to TCP port 80, retrieving the login password which defaults to the Wi-Fi password, and using the NewNTPServer...
VulnCheck KEV: CVE-2016-7892
Adobe Flash Player has an exploitable use-after-free vulnerability in the TextField class...
VulnCheck KEV: CVE-2014-0569
Integer overflow in Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allows attackers to execute arbitrary...
VulnCheck KEV: CVE-2016-9079
Mozilla Firefox, Firefox ESR, and Thunderbird contain a use-after-free vulnerability in SVG Animation, targeting Firefox and Tor browser users on Windows...
VulnCheck KEV: CVE-2016-9299
The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server...
VulnCheck KEV: CVE-1999-0502
A Unix account has a default, null, blank, or missing password...
VulnCheck KEV: CVE-2016-7256
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploits this vulnerability could take control of the affected system...