The vulnerability of the HTTP.sys driver on Windows operating systems allows a hacker to gain unauthorized access to protected information.

The vulnerability of the HTTP.sys driver in Windows operating systems is related to the disclosure of information in the erroneous data area. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

Microsoft ODBC Driver 安全漏洞

Microsoft ODBC Driver is a driver from Microsoft. It allows applications to access data in a database management system DBMS using SQL as the standard for accessing data. A security vulnerability exists in the Microsoft Windows ODBC Driver. The following products and versions are affected:Windows...

Microsoft Windows 安全漏洞

Microsoft Windows is a suite of operating systems for use on personal devices from the U.S.-based Microsoft Corporation Microsoft. A security vulnerability exists in Microsoft Windows Protected EAP PEAP. The following products and versions are affected:Windows 10 Version 1809 for 32-bit...

Microsoft Windows 安全漏洞

Microsoft Windows is a suite of operating systems for use on personal devices from the U.S.-based Microsoft Corporation Microsoft. A security vulnerability exists in Microsoft Windows Protected EAP PEAP. The following products and versions are affected: Windows 10 Version 1809 for 32-bit...

Path Traversal

vertx-web is vulnerable to Path Traversal. The vulnerability exists in the pathOffset function of Utils.java When running vertx web applications that serve files using the StaticHandler on Windows Operating Systems and Windows File Systems. If the mount point is a wildcard , then an attacker can...

StaticHandler disclosure of classpath resources on Windows when mounted on a wildcard route

Summary When running vertx web applications that serve files using StaticHandler on Windows Operating Systems and Windows File Systems, if the mount point is a wildcard then an attacker can exfiltrate any class path resource. Details When computing the relative path to locate the resource, in cas...

Input validation

Vert.x-Web is a set of building blocks for building web applications in the java programming language. When running vertx web applications that serve files using StaticHandler on Windows Operating Systems and Windows File Systems, if the mount point is a wildcard then an attacker can exfiltrate a...

CVE-2023-24815 Disclosure of classpath resources on Windows when mounted on a wildcard route in vertx-web

Vert.x-Web is a set of building blocks for building web applications in the java programming language. When running vertx web applications that serve files using StaticHandler on Windows Operating Systems and Windows File Systems, if the mount point is a wildcard then an attacker can exfiltrate a...

The vulnerability of the Windows Error Reporting error reporting service on Windows operating systems allows a perpetrator to escalate their privileges.

The vulnerability of the Windows Error Reporting registration service on Windows operating systems is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...

The vulnerability in the implementation of the Lightweight Directory Access Protocol (LDAP) on Microsoft Windows operating systems allows a perpetrator to execute arbitrary code.

The vulnerability of the LDAP protocol implementation on Microsoft Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using specially created data...

PT-2023-1089 · Microsoft · Windows +1

Name of the Vulnerable Software and Affected Versions: Microsoft Message Queuing MSMQ affected versions not specified Description: The issue is related to insufficient access restrictions in Microsoft Message Queuing MSMQ in Microsoft Windows operating systems. Exploitation of this issue may allo...

PT-2023-1134 · Microsoft · Cryptographic Services +1

Name of the Vulnerable Software and Affected Versions: Microsoft Cryptographic Services affected versions not specified Description: The issue is related to insufficient access restrictions in the Microsoft Cryptographic Services for Windows operating systems. It allows an attacker to potentially...

The vulnerability of the Windows Graphics component in Windows operating systems allows attackers to exploit their privileges.

The vulnerability of the Windows Graphics component in Windows operating systems is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...

The vulnerability of the Windows Graphics component in Windows operating systems allows attackers to exploit their privileges.

The vulnerability of the Windows Graphics component in Windows operating systems is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...

The vulnerability of the Active Directory Certificate Services component for Windows operating systems allows attackers to circumvent existing security restrictions.

The vulnerability of the Active Directory Certificate Services component for Windows operating systems is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to circumvent existing security restrictions remotely...

Adversaries strike critical Windows IKE flaw in the “Bleed You” campaign

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary An active "Bleed You" campaign is leveraging a critical RCE CVE-2022-34721 vulnerability in Windows Internet Key Exchange IKE Protocol Extensions to assist subsequent malware and ransomware assaults and...

A new strain of Punisher ransomware

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new variant of the Punisher ransomware is spreading via phishing website that delivers ransomware disguised as a COVID tracking application. Punisher Encryptor is a .NET binary that runs on Windows...

The vulnerability in the implementation of the Point to Point Tunneling Protocol (PPTP) network protocol for Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the Point to Point Tunneling Protocol PPTP implementation in Windows operating systems is related to synchronization errors when using a shared resource “Race Situation”. Exploiting this vulnerability allows an attacker who operates remotely to execute arbitrary code...

The vulnerability in the implementation of the Point to Point Tunneling Protocol (PPTP) network protocol for Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the Point to Point Tunneling Protocol PPTP implementation in Windows operating systems is related to synchronization errors when using a shared resource “Race Situation”. Exploiting this vulnerability allows an attacker who operates remotely to execute arbitrary code...

The vulnerability of the Netlogon Remote Protocol (MS-NRPC) implementation in Windows operating systems allows a hacker to increase their privileges.

The vulnerability of the Netlogon Remote Protocol MS-NRPC implementation in Windows operating systems is related to security configuration errors. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...