CERT/CC Vulnerability Note VU#506989
Microsoft Windows 10 gives unprivileged user access to system32\config files Vulnerability Note VU#506989 Original Release Date: 2021-07-20 | Last Revised: 2021-07-29 Overview Multiple versions of Windows 10 grant non-administrative users read access to files in the %windir%\system32\config directory. This can allow for local privilege escalation (LPE). Description With multiple versions of Window
CERT/CC Vulnerability Note VU#243144
Linux kernel memory subsystem copy on write mechanism contains a race condition vulnerability Vulnerability Note VU#243144 Original Release Date: 2016-10-21 | Last Revised: 2016-11-17 The Linux kernel since version 2.6.22 contains a race condition in the way the copy on write mechanism is handled by the memory subsystem, which may be leveraged locally to gain root privileges. CWE-362: Concurrent E
CERT/CC Vulnerability Note VU#561288
Adobe Flash ActionScript 3 ByteArray use-after-free vulnerability Vulnerability Note VU#561288 Original Release Date: 2015-07-07 | Last Revised: 2015-07-11 Adobe Flash Player contains a vulnerability in the ActionScript 3 ByteArray class, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
CERT/CC Vulnerability Note VU#852879
NTP Project Network Time Protocol daemon (ntpd) contains multiple vulnerabilities (Updated) Vulnerability Note VU#852879 Original Release Date: 2014-12-19 | Last Revised: 2015-10-27 The NTP Project ntpd version 4.2.7 and pervious versions contain several vulnerabilities. ntp-keygen prior to version 4.2.7p230 also uses a non-cryptographic random number generator when generating symmetric keys. Thes
CERT/CC Vulnerability Note VU#922681
Portable SDK for UPnP Devices (libupnp) contains multiple buffer overflows in SSDP Vulnerability Note VU#922681 Original Release Date: 2013-01-29 | Last Revised: 2014-07-30 The Portable SDK for UPnP Devices libupnp library contains multiple buffer overflow vulnerabilities. Devices that use libupnp may also accept UPnP queries over the WAN interface, therefore exposing the vulnerabilities to the in
CERT/CC Vulnerability Note VU#546769
Vulnerability Note VU#546769 Original Release Date: 2012-12-17 | Last Revised: 2014-07-24 Adobe Shockwave Player may automatically install a legacy version of the runtime, which can increase the attack surface of systems that have Shockwave installed. Adobe Macromedia Shockwave Player is software that plays active web content developed in Macromedia and Adobe Director. According to the Director 11
CERT/CC Vulnerability Note VU#519137
Vulnerability Note VU#519137 Original Release Date: 2012-12-17 | Last Revised: 2014-07-24 Adobe Shockwave Player installs Xtras that are signed by Adobe or Macromedia without prompting, which can allow an attacker to target vulnerabilities in older Xtras. Adobe Macromedia Shockwave Player is software that plays active web content developed in Macromedia and Adobe Director. Shockwave Player is avai
CERT/CC Vulnerability Note VU#323161
Vulnerability Note VU#323161 Original Release Date: 2012-12-17 | Last Revised: 2014-05-15 Adobe Shockwave Player 12.1.1.151 and earlier versions on the Windows and Macintosh operating systems provide a vulnerable version of the Flash runtime. Adobe Macromedia Shockwave Player is software that plays active web content developed in Macromedia and Adobe Director. Shockwave Player is available as an A
CERT/CC Vulnerability Note VU#357851
Some Internet router devices incorrectly accept UPnP requests over the WAN interface. Universal Plug and Play (UPnP) is a networking protocol mostly used for personal computing devices to discover and communicate with each other and the Internet. Some UPnP enabled router devices incorrectly accept UPnP requests over the WAN interface. "AddPortMapping" and "DeletePortMapping" actions are accepted o
1
リリース、障害情報などのサービスのお知らせ
最新の人気エントリーの配信
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
CERT/CC Vulnerability Note VU#304725