Page 43 of 1982 results (0.020 seconds)

CVSS: 8.8EPSS: 1%CPEs: 23EXPL: 0

Microsoft Jet Red Database Engine and Access Connectivity Engine Remote Code Execution Vulnerability Una vulnerabilidad de Ejecución de Código Remota de Microsoft Jet Red Database Engine y Access Connectivity Engine • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28455 •

CVSS: 7.6EPSS: 92%CPEs: 19EXPL: 1

Scripting Engine Memory Corruption Vulnerability Una vulnerabilidad de Corrupción de la Memoria del Motor de Scripting There is a vulnerability in jscript9 that could be potentially used by an attacker to execute arbitrary code when viewing an attacker-controlled website in Internet Explorer. The vulnerability has been confirmed on Windows 10 64-bit with the latest security patches applied. • http://packetstormsecurity.com/files/162570/Internet-Explorer-jscript9.dll-Memory-Corruption.html https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26419 • CWE-787: Out-of-bounds Write •

CVSS: 4.3EPSS: 0%CPEs: 385EXPL: 1

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets. El estándar 802.11 que sustenta a Wi-Fi Protected Access (WPA, WPA2, y WPA3) y Wired Equivalent Privacy (WEP) no requiere que el flag A-MSDU en el campo de encabezado QoS de texto plano esté autenticada. Contra dispositivos que admiten la recepción de tramas A-MSDU que no son SSP (que es obligatorio como parte de 802.11n), un adversario puede abusar de esto para inyectar paquetes de red arbitrarios A flaw was found in the Linux kernels wifi implementation. An attacker within wireless broadcast range can inject custom data into the wireless communication circumventing checks on the data. • http://www.openwall.com/lists/oss-security/2021/05/11/12 https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html https://lists.debian.org/debian-lts-announce/2023/04/msg00002.html https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu https: • CWE-20: Improper Input Validation CWE-327: Use of a Broken or Risky Cryptographic Algorithm •

CVSS: 4.4EPSS: 0%CPEs: 17EXPL: 1

Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability Una vulnerabilidad de Omisión de la Característica de Seguridad de Early Launch Antimalware Driver de Windows. Este ID de CVE es diferente de CVE-2021-27094 • https://bi-zone.medium.com/measured-boot-and-malware-signatures-exploring-two-vulnerabilities-found-in-the-windows-loader-5a4fcc3c4b66 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28447 •

CVSS: 7.1EPSS: 0%CPEs: 19EXPL: 0

Windows Portmapping Information Disclosure Vulnerability Una vulnerabilidad de Divulgación de Información de Windows Portmapping • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28446 •