VIR Vulnerability Intelligence Relay

Search

Found 4,306 results in 469ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2017-8895 critical 9.8 10.0 EXP veritas 9y ago In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before build 14.2.1180.3160, and 16 before FP1, there is a use-after-free vulnerability in multiple agents that can lead to a denial of ser…
CVE-2017-8295 medium 5.9 6.9 EXPFIX debian debian wordpress 9y ago WordPress through 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which makes it easier for remote attackers to reset arbitrary passwords by making a crafted wp-login.php?ac…
CVE-2016-5810 medium 4.9 5.9 EXP advantech 9y ago upAdminPg.asp in Advantech WebAccess before 8.1_20160519 allows remote authenticated administrators to obtain sensitive password information via unspecified vectors.
CVE-2016-5063 medium 5.3 6.3 EXP bmc 9y ago The RSCD agent in BMC Server Automation before 8.6 SP1 Patch 2 and 8.7 before Patch 3 on Windows might allow remote attackers to bypass authorization checks and make an RPC call via unspecified vecto…
CVE-2017-5631 medium 6.1 7.1 EXP kmc_information_systems 9y ago An issue was discovered in KMCIS CaseAware. Reflected cross site scripting is present in the user parameter (i.e., "usr") that is transmitted in the login.php query string.
CVE-2017-6553 critical 9.8 10.0 EXP quest 9y ago Buffer Overflow in Quest One Identity Privilege Manager for Unix before 6.0.0.061 allows remote attackers to obtain full access to the policy server via an ACT_ALERT_EVENT request that causes memory …
CVE-2017-5135 critical 9.1 10.0 EXP 9y ago Certain Technicolor devices have an SNMP access-control bypass, possibly involving an ISP customization in some cases. The Technicolor (formerly Cisco) DPC3928SL with firmware D3928SL-P15-13-A386-c34…
CVE-2017-8225 critical 9.8 10.0 EXP 9y ago On Wireless IP Camera (P2P) WIFICAM devices, access to .ini files (containing credentials) is not correctly checked. An attacker can bypass authentication by providing an empty loginuse parameter and…
CVE-2017-8224 critical 9.8 10.0 EXP 9y ago Wireless IP Camera (P2P) WIFICAM devices have a backdoor root account that can be accessed with TELNET.
CVE-2017-3623 critical 10.0 10.0 EXP 9y ago Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel RPC). For supported versions that are affected see note. Easily "exploitable" vulnerability allows un…
CVE-2017-3549 critical 9.1 10.0 EXP oracle 9y ago Vulnerability in the Oracle Scripting component of Oracle E-Business Suite (subcomponent: Scripting Administration). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 1…
CVE-2017-3548 medium 6.5 7.5 EXP oracle 9y ago Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.54 and 8.55. Easily "expl…
CVE-2017-3546 medium 6.5 7.5 EXP oracle 9y ago Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: MultiChannel Framework). Supported versions that are affected are 8.54 and 8.55. Easily "…
CVE-2017-3528 medium 5.4 6.4 EXP oracle 9y ago Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: Popup windows (lists of values, datepicker, etc.)). Supported versions that are affected are 12.…
CVE-2015-7568 critical 9.8 10.0 EXP yeager 9y ago SQL injection vulnerability in the password recovery feature in Yeager CMS 1.2.1 allows remote attackers to change the account credentials of known users via the "userEmail" parameter.
CVE-2015-7247 critical 9.8 10.0 EXP 9y ago D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 discloses usernames, passwords, keys, values, and web account hashes (super and admin) in plaintext when running a configuration…
CVE-2015-7246 critical 9.8 10.0 EXP 9y ago D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 has a default password of root for the root account and tw for the tw account, which makes it easier for remote attackers to obt…
CVE-2015-0107 medium 6.5 7.5 EXP ibm 9y ago IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Sol…
CVE-2016-1560 critical 9.8 10.0 EXP 9y ago ExaGrid appliances with firmware before 4.8 P26 have a default password of (1) inflection for the root shell account and (2) support for the support account in the web interface, which allows remote …
CVE-2017-8051 critical 9.8 10.0 EXP tenable 9y ago Tenable Appliance 3.5 - 4.4.0, and possibly prior versions, contains a flaw in the simpleupload.py script in the Web UI. Through the manipulation of the tns_appliance_session_user parameter, a remote…
CVE-2017-7938 medium 6.6 7.6 EXPFIX debian debian mor-pah.net 9y ago Stack-based buffer overflow in DMitry (Deepmagic Information Gathering Tool) version 1.3a (Unix) allows attackers to cause a denial of service (application crash) or possibly have unspecified other i…
CVE-2017-7896 medium 6.1 7.1 EXP trendmicro 9y ago Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 before CP 1644 has XSS.
CVE-2015-8256 medium 6.1 7.1 EXP 9y ago Multiple cross-site scripting (XSS) vulnerabilities in Axis network cameras.
CVE-2016-5312 medium 6.5 7.5 EXP symantec 9y ago Directory traversal vulnerability in the charting component in Symantec Messaging Gateway before 10.6.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the sn paramete…
CVE-2016-5310 medium 5.5 6.5 EXP broadcomsymantec 9y ago The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec …
CVE-2016-5309 medium 5.5 6.5 EXP broadcomsymantec 9y ago The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec …
CVE-2017-7457 medium 5.0 6.0 EXP moxa 9y ago XML External Entity via ".AOP" files used by Moxa MX-AOPC Server 1.5 result in remote file disclosure.
CVE-2017-7725 medium 6.1 7.1 EXP concretecms 9y ago Concrete CMS vulnerable to cross-site scripting (XSS)
CVE-2016-2555 critical 9.8 10.0 EXP atutor 9y ago SQL injection vulnerability in include/lib/mysql_connect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbitrary SQL commands via the searchFriends function to friends.inc.php.
CVE-2016-1915 medium 6.1 7.1 EXP blackberry 9y ago Multiple cross-site scripting (XSS) vulnerabilities in BlackBerry Enterprise Server 12 (BES12) Self-Service before 12.4 allow remote attackers to inject arbitrary web script or HTML via the locale pa…
CVE-2015-8283 medium 6.5 7.5 EXP seawell_networks 9y ago Directory traversal vulnerability in configure_manage.php in SeaWell Networks Spectrum SDC 02.05.00.
CVE-2015-8282 critical 9.8 10.0 EXP seawell_networks 9y ago SeaWell Networks Spectrum SDC 02.05.00 has a default password of "admin" for the "admin" account.
CVE-2016-4337 critical 9.8 10.0 EXP ktools 9y ago SQL injection vulnerability in the mgr.login.php file in Ktools.net Photostore before 4.7.5 allows remote attackers to execute arbitrary SQL commands via the email parameter in a recover_login action.
CVE-2015-7564 critical 9.8 10.0 EXP teampass 9y ago TeamPass vulnerable to SQL Injection
CVE-2015-7562 medium 6.1 7.1 EXP teampass 9y ago TeamPass vulnerable to Cross-site Scripting
CVE-2017-7722 critical 10.0 10.0 EXP solarwinds 9y ago In SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with "cmc" and "password" (the default username and password). By exploiti…
CVE-2017-3061 critical 9.8 10.0 EXP linux-kernelwindows windowsmacos macos adobe 9y ago Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability in the SWF parser. Successful exploitation could lead to arbitrary code execution.
CVE-2017-0211 medium 5.5 6.5 EXP windows windows 9y ago An elevation of privilege vulnerability exists in Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 versions of Microsoft Windows OLE when …
CVE-2017-0167 medium 5.5 6.5 EXP windows windows 9y ago An information disclosure vulnerability exists in Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 when the Windows kernel improperly handles objects in memory…
CVE-2017-0058 medium 4.7 5.7 EXP windows windows 9y ago A Win32k information disclosure vulnerability exists in Microsoft Windows when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability co…
CVE-2017-7588 critical 9.8 10.0 EXP 9y ago On certain Brother devices, authorization is mishandled by including a valid AuthCookie cookie in the HTTP response to a failed login attempt. Affected models are: MFC-J6973CDW MFC-J4420DW MFC-8710DW…
CVE-2016-7552 critical 9.8 10.0 EXP trendmicro 9y ago On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated attacker to delete arbitrary files as root. This can…
CVE-2016-7547 critical 9.8 10.0 EXP trendmicro 9y ago A command execution flaw on the Trend Micro Threat Discovery Appliance 2.6.1062r1 exists with the timezone parameter in the admin_sys_time.cgi interface.
CVE-2017-7462 critical 9.8 10.0 EXP 9y ago Intellinet NFC-30ir IP Camera has a vendor backdoor that can allow a remote attacker access to a vendor-supplied CGI script in the web directory.
CVE-2017-7461 medium 4.9 5.9 EXP 9y ago Directory traversal vulnerability in the web-based management site on the Intellinet NFC-30ir IP Camera with firmware LM.1.6.16.05 allows remote attackers to read arbitrary files via a request to a v…
CVE-2017-5607 low 3.5 4.5 EXP splunk 9y ago Splunk Enterprise 5.0.x before 5.0.18, 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.13.1, 6.3.x before 6.3.10, 6.4.x before 6.4.6, and 6.5.x before 6.5.3 and Splunk Light before 6.5.2 a…
CVE-2017-0561 critical 9.8 10.0 EXPFIX debian debian linux-kernel 9y ago A remote code execution vulnerability in the Broadcom Wi-Fi firmware could enable a remote attacker to execute arbitrary code within the context of the Wi-Fi SoC. This issue is rated as Critical due …
CVE-2017-7581 critical 9.8 10.0 EXP news_system_project 9y ago SQL injection vulnerability in NewsController.php in the News module 5.3.2 and earlier for TYPO3 allows unauthenticated users to execute arbitrary SQL commands via vectors involving overwriteDemand f…
CVE-2017-7237 critical 9.8 10.0 EXP spiceworks 9y ago The Spiceworks TFTP Server, as distributed with Spiceworks Inventory 7.5, allows remote attackers to access the Spiceworks data\configurations directory by leveraging the unauthenticated nature of th…
CVE-2017-6340 medium 5.4 6.4 EXP trendmicro 9y ago Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 does not sanitize a rest/commonlog/report/template name field, which allows a 'Reports Only' user to inject malicious J…
CVE-2017-6339 medium 6.5 7.5 EXP trendmicro 9y ago Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 mismanages certain key and certificate data. Per IWSVA documentation, by default, IWSVA acts as a private Certificate A…
CVE-2017-6338 medium 6.5 7.5 EXP trendmicro 9y ago Multiple Access Control issues in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 allow an authenticated, remote user with low privileges like 'Reports Only' or 'Audit…
CVE-2017-2671 medium 5.5 6.5 EXPFIX slesdebian debian linux-kernel 9y ago The ping_unhash function in net/ipv4/ping.c in the Linux kernel through 4.10.8 is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which al…
CVE-2017-7402 critical 9.8 10.0 EXP lucidcrew 9y ago Pixie 1.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via the POST data in an admin/index.php?s=publish&x=filemanager request for a filename with a double extension, …
CVE-2016-8769 medium 6.7 7.7 EXP 9y ago Huawei UTPS earlier than UTPS-V200R003B015D16SPC00C983 has an unquoted service path vulnerability which can lead to the truncation of UTPS service query paths. An attacker may put an executable file …
CVE-2017-2489 medium 5.5 6.5 EXP macos macos 9y ago An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to obtain sensitive information from…
CVE-2017-2480 medium 6.5 7.5 EXP macos macos apple 9y ago An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tv…
CVE-2017-2479 medium 6.5 7.5 EXPFIX macos macos apple 9y ago An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tv…
CVE-2017-2445 medium 6.1 7.1 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo…
CVE-2017-2442 medium 6.5 7.5 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit JavaScript Bindings" component. It allows remote attacke…
CVE-2017-2388 medium 5.5 6.5 EXP macos macos 9y ago An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "IOFireWireFamily" component. It allows attackers to cause a denial of service (NULL pointe…
CVE-2017-2367 medium 6.5 7.5 EXP macos macos apple 9y ago An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo…
CVE-2017-6182 critical 9.8 10.0 EXP sophos 9y ago In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304.
CVE-2017-6542 critical 9.8 10.0 EXPFIX suse susedebian debian putty 9y ago The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect…
CVE-2015-8309 medium 4.3 5.3 EXP fomori 9y ago Directory traversal vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to read arbitrary files via the "value" parameter to "download."
CVE-2017-2641 critical 9.8 10.0 EXP moodle 9y ago Moodle SQL injection via user preferences
CVE-2015-8556 critical 10.0 10.0 EXPFIX slesdebian debian qemu 9y ago Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1.
CVE-2014-7279 critical 9.8 10.0 EXP 9y ago The Konke Smart Plug K does not require authentication for TELNET sessions, which allows remote attackers to obtain "equipment management authority" via TCP traffic to port 23.
CVE-2017-6361 critical 9.8 10.0 EXP 9y ago QNAP QTS before 4.2.4 Build 20170313 allows attackers to execute arbitrary commands via unspecified vectors.
CVE-2017-6360 critical 9.8 10.0 EXP 9y ago QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and obtain sensitive information via unspecified vectors.
CVE-2017-6359 critical 9.8 10.0 EXP 9y ago QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and execute arbitrary commands via unspecified vectors.
CVE-2017-6972 critical 9.8 10.0 EXP alienvaultnfsen 9y ago AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 have an error in privilege dropping and unnecessarily execute the NfSen Perl code as root, aka AlienVault ID ENG-104945, a different vulne…
CVE-2017-7230 critical 9.8 10.0 EXP disksorter 9y ago A buffer overflow vulnerability in Disk Sorter Enterprise 9.5.12 and earlier allows remote attackers to execute arbitrary code via a GET request.
CVE-2017-6805 medium 5.3 6.3 EXP mobatek 9y ago Directory traversal vulnerability in the TFTP server in MobaXterm Personal Edition 9.4 allows remote attackers to read arbitrary files via a .. (dot dot) in a GET command.
CVE-2017-6550 critical 9.8 10.0 EXP kinsey 9y ago Multiple SQL injection vulnerabilities in Kinsey Infor-Lawson (formerly ESBUS) allow remote attackers to execute arbitrary SQL commands via the (1) TABLE parameter to esbus/servlet/GetSQLData or (2) …
CVE-2017-5930 low 2.7 3.7 EXPFIX suse susedebian debian postfixadmin_project 9y ago The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission ch…
CVE-2016-8855 medium 6.1 7.1 EXP sitecore 9y ago Cross-Site Scripting (XSS) in "/sitecore/client/Applications/List Manager/Taskpages/Contact list" in Sitecore Experience Platform 8.1 rev. 160519 (8.1 Update-3) allows remote attacks via the Name or …
CVE-2017-6880 critical 9.8 10.0 EXP cerberus 9y ago Buffer overflow in Cerberus FTP Server 8.0.10.3 allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long MLST command.
CVE-2017-0128 medium 4.3 5.3 EXP windows windows 9y ago Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka…
CVE-2017-0127 medium 4.3 5.3 EXP windows windows 9y ago Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka…
CVE-2017-0126 medium 4.3 5.3 EXP windows windows 9y ago Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka…
CVE-2017-0125 medium 4.3 5.3 EXP windows windows 9y ago Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka…
CVE-2017-0124 medium 4.3 5.3 EXP windows windows 9y ago Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka…
CVE-2017-0123 medium 4.3 5.3 EXP windows windows 9y ago Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka…
CVE-2017-0122 medium 4.3 5.3 EXP windows windows 9y ago Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka…
CVE-2017-0121 medium 4.3 5.3 EXP windows windows 9y ago Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows…
CVE-2017-0120 medium 4.3 5.3 EXP windows windows 9y ago Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka…
CVE-2017-0119 medium 4.3 5.3 EXP windows windows 9y ago Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka…
CVE-2017-0118 medium 4.3 5.3 EXP windows windows 9y ago Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows…
CVE-2017-0117 medium 4.3 5.3 EXP windows windows 9y ago Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka…
CVE-2017-0116 medium 4.3 5.3 EXP windows windows 9y ago Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka…
CVE-2017-0115 medium 4.3 5.3 EXP windows windows 9y ago Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka…
CVE-2017-0114 medium 4.3 5.3 EXP windows windows 9y ago Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka…
CVE-2017-0113 medium 4.3 5.3 EXP windows windows 9y ago Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka…
CVE-2017-0112 medium 4.3 5.3 EXP windows windows 9y ago Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka…
CVE-2017-0111 medium 4.3 5.3 EXP windows windows 9y ago Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka…
CVE-2017-0092 medium 4.3 5.3 EXP windows windows 9y ago Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka…
CVE-2017-0091 medium 4.3 5.3 EXP windows windows 9y ago Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka…
CVE-2017-0085 medium 4.3 5.3 EXP windows windows 9y ago Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka…
CVE-2017-0063 medium 6.5 7.5 EXP windows windows 9y ago The Color Management Module (ICM32.dll) memory handling functionality in Windows Vista SP2; Windows Server 2008 SP2 and R2; and Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT…