Page 468 of 2398 results (0.010 seconds)

CVSS: 7.2EPSS: 0%CPEs: 10EXPL: 0

CVE-2013-3907

https://notcve.org/view.php?id=CVE-2013-3907

portcls.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application, aka "Port-Class Driver Double Fetch Vulnerability." portcls.sys en los controladores en modo kernel de Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012 y Windows RT permite a usuarios locales conseguir privilegios a través de una aplicación manipulada, también conocido como vulnerabilidad "Port-Class Double Driver Fetch ". • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-101 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.1EPSS: 0%CPEs: 15EXPL: 0

CVE-2013-3876

https://notcve.org/view.php?id=CVE-2013-3876

DirectAccess in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly verify server X.509 certificates, which allows man-in-the-middle attackers to spoof servers and read encrypted domain credentials via a crafted certificate. DirectAccess en Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP1 y SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, y Windows RT Gold y 8.1 no verifica adecuadamente certificados X.509 del servidor, lo que permite a atacantes man-in-the-middle falsificar servidores y leer credenciales de dominio cifradas a través de un certificado manipulado. • http://technet.microsoft.com/security/advisory/2862152 • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 5%CPEs: 14EXPL: 0

CVE-2013-3869

https://notcve.org/view.php?id=CVE-2013-3869

Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to cause a denial of service (daemon hang) via a web-service request containing a crafted X.509 certificate that is not properly handled during validation, aka "Digital Signatures Vulnerability." Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, y Windows RT Gold y 8.1 permite a atacantes remotos provocar una denegación de servicio (cuelgue del demonio) a través de una petición web-service conteniendo un certificado X.509 manipulado que no es manejado adecuadamente durante la validación, también conocida como "Vulnerabilidad de Firmas Digitales". • http://www.us-cert.gov/ncas/alerts/TA13-317A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-095 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19112 • CWE-20: Improper Input Validation •

CVSS: 9.3EPSS: 95%CPEs: 14EXPL: 0

CVE-2013-3940

https://notcve.org/view.php?id=CVE-2013-3940

Integer overflow in the Graphics Device Interface (GDI) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image in a Windows Write (.wri) document, which is not properly handled in WordPad, aka "Graphics Device Interface Integer Overflow Vulnerability." Desbordamiento de entero en la interfaz de dispositivo gráfico (GDI) de Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Oro y R2 y Windows RT oro y 8.1 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de una imagen manipulada en un documento Windows Write (. wRI) , que no es manejada correctamente en WordPad, también conocidos como gráficos "Graphics Device Interface Integer Overflow Vulnerability". • http://www.us-cert.gov/ncas/alerts/TA13-317A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-089 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18722 • CWE-190: Integer Overflow or Wraparound •

CVSS: 9.3EPSS: 96%CPEs: 14EXPL: 1

CVE-2013-3918 – Microsoft Internet Explorer - CardSpaceClaimCollection ActiveX Integer Underflow (MS13-090)

https://notcve.org/view.php?id=CVE-2013-3918

The InformationCardSigninHelper Class ActiveX control in icardie.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted web page that is accessed by Internet Explorer, as exploited in the wild in November 2013, aka "InformationCardSigninHelper Vulnerability." El control InformationCardSigninHelper Class ActiveX en la biblioteca icardie.dll in Microsoft Windows XP SP2 and SP3, Windows Server versión 2003 SP2, Windows Vista versión SP2, Windows Server versión 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows versión 8.1, Windows Server 2012 Gold and R2, y Windows RT Gold y versión 8.1 permiten a los atacantes remotos ejecutar código arbitrario o provocar una Denegación de Servicio (escritura fuera de límites) por medio de una página web creada a la que accede Internet Explorer, explotada de forma inminente en noviembre de 2013, también conocida como "InformationCardSigninHelper Vulnerability." • https://www.exploit-db.com/exploits/29857 http://blogs.technet.com/b/msrc/archive/2013/11/11/activex-control-issue-being-addressed-in-update-tuesday.aspx http://www.darkreading.com/vulnerability/new-ie-vulnerability-found-in-the-wild-s/240163814 http://www.fireeye.com/blog/technical/2013/11/new-ie-zero-day-found-in-watering-hole-attack.html http://www.us-cert.gov/ncas/alerts/TA13-317A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-090 https://isc. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •