Lucene search
K

216 matches found

Microsoft CVE
Microsoft CVE
added 2017/08/08 7:0 a.m.35 views

Microsoft Edge based on Edge HTML Information Disclosure Vulnerability

An information disclosure vulnerability exists when Microsoft Edge based on Edge HTML improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, in a web-based attac...

4.3CVSS0.7AI score0.15118EPSS
Exploits3
Symantec
Symantec
added 2017/08/08 12:0 a.m.24 views

Microsoft Edge CVE-2017-8634 Scripting Engine Remote Memory Corruption Vulnerability

Description Microsoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Faile...

7.6CVSS0.7AI score0.7028EPSS
Exploits3References1Affected Software1
Packet Storm
Packet Storm
added 2017/08/03 12:0 a.m.54 views

Hashicorp vagrant-vmware-fusion 4.0.23 Local Root Privilege Escalation

CVE-2017-11741 Local root privesc in Hashicorp vagrant-vmware-fusion = 4.0.23 2 Aug 2017 06:49 A couple of weeks ago I disclosed a local root privesc in Hashicorp's vagrant-vmware-fusion plugin: https://m4.rkw.io/blog/cve20177642-local-root-privesc-in-hashicorp-vagrantvmwarefusion--4020.html The...

1AI score0.01109EPSS
Exploits3
Malwarebytes
Malwarebytes
added 2017/06/28 3:0 p.m.15 views

Solution Corner: Malwarebytes Endpoint Protection

We’ve been busy here at Malwarebytes with several product announcements recently. Malwarebytes Incident Response was released in late April, providing threat detection and remediation via our new cloud-based platform. Right on its heels, leveraging the same platform is Malwarebytes Endpoint...

7.4AI score
Exploits0
0day.today
0day.today
added 2017/06/28 12:0 a.m.117 views

Microsoft Windows - nt!NtQueryInformationProcess (ProcessVmCounters) Kernel Stack Memory Disclosure

Exploit for windows platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1190&desc=2 We have discovered that the nt!NtQueryInformationProcess system call called with the ProcessVmCounters information class discloses portions of uninitialized kernel...

1.9CVSS6.1AI score0.03423EPSS
Exploits3
exploitpack
exploitpack
added 2017/06/23 12:0 a.m.17 views

Microsoft Windows - nt!NtQueryInformationResourceManager (information class 0) Kernel Stack Memory Disclosure

Microsoft Windows - nt!NtQueryInformationResourceManager information class 0 Kernel Stack Memory Disclosure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1207 We have discovered that the nt!NtQueryInformationResourceManager system call called with the 0 information class...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/06/22 12:0 a.m.23 views

Microsoft Windows - 'win32k!NtGdiExtGetObjectW' Kernel Stack Memory Disclosure

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1178 We have discovered that it is possible to disclose portions of uninitialized kernel stack memory in Windows 7-10 through the win32k!NtGdiExtGetObjectW system call accessible via a documented GetObject API function to user-mo...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2017/06/22 12:0 a.m.16 views

Microsoft Windows - win32k!NtGdiMakeFontDir Kernel Stack Memory Disclosure

Microsoft Windows - win32k!NtGdiMakeFontDir Kernel Stack Memory Disclosure Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1191 We have discovered that the win32k!NtGdiMakeFontDir system call discloses large portions of uninitialized kernel stack memory to user-mode clients. The...

7.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2017/06/15 3:0 p.m.26 views

Announcing Malwarebytes Endpoint Protection, a next-generation antivirus replacement for businesses

Six months ago, we announced Malwarebytes 3.0, a next-generation antivirus replacement for home users. Today, I am happy to announce Malwarebytes Endpoint Protection, its equivalent for businesses. Malwarebytes Endpoint Protection includes an easy to deploy, scalable cloud platform that allows yo...

6.7AI score
Exploits0
Packet Storm
Packet Storm
added 2017/05/11 12:0 a.m.547 views

Microsoft IIS WebDav ScStoragePathFromUrl Overflow

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule ' Microsoft IIS WebDav ScStoragePathFromUrl Overflow', 'Description' = %q Buffer overflow in the ScStoragePathFromUrl function in the WebDAV servic...

10CVSS9.6AI score0.99823EPSS
Exploits39
The Hacker News
The Hacker News
added 2017/04/09 1:16 a.m.7 views

Beware of an Unpatched Microsoft Word 0-Day Flaw being Exploited in the Wild

It's 2017, and opening a simple MS Word file could compromise your system. Security researchers are warning of a new in-the-wild attack that silently installs malware on fully-patched computers by exploiting a serious — and yet unpatched — zero-day vulnerability in all current versions of Microso...

7.2AI score
Exploits0
Positive Technologies
Positive Technologies
added 2017/03/14 12:0 a.m.3 views

PT-2017-1936 · Microsoft · Windows Server 2012 +9

Name of the Vulnerable Software and Affected Versions: Microsoft Windows versions prior to Windows 10 and Windows Server 2016, including Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1 Description: The vulnerabilit...

7.5CVSS6.7AI score0.99693EPSS
Exploits22References31
NVD
NVD
added 2017/03/08 1:59 a.m.20 views

CVE-2017-0528

An elevation of privilege vulnerability in the kernel security subsystem could enable a local malicious application to to execute code in the context of a privileged process. This issue is rated as High because it is a general bypass for a kernel level defense in depth or exploit mitigation...

9.3CVSS7.1AI score0.01823EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2017/03/08 1:59 a.m.45 views

CVE-2017-0528

An elevation of privilege vulnerability in the kernel security subsystem could enable a local malicious application to to execute code in the context of a privileged process. This issue is rated as High because it is a general bypass for a kernel level defense in depth or exploit mitigation...

9.3CVSS7.2AI score0.01823EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2017/03/08 1:59 a.m.24 views

CVE-2017-0455

An information disclosure vulnerability in the Qualcomm bootloader could help to enable a local malicious application to to execute arbitrary code within the context of the bootloader. This issue is rated as High because it is a general bypass for a bootloader level defense in depth or exploit...

9.3CVSS7.3AI score0.0167EPSS
Exploits0References3
Prion
Prion
added 2017/03/08 1:59 a.m.23 views

Privilege escalation

An elevation of privilege vulnerability in the kernel security subsystem could enable a local malicious application to to execute code in the context of a privileged process. This issue is rated as High because it is a general bypass for a kernel level defense in depth or exploit mitigation...

9.3CVSS7.1AI score0.01823EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2017/02/08 3:59 p.m.20 views

Information disclosure

An information disclosure vulnerability in AOSP Messaging could enable a remote attacker using a special crafted file to access data outside of its permission levels. This issue is rated as Moderate because it is a general bypass for a user level defense in depth or exploit mitigation technology ...

4.3CVSS5AI score0.00802EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2017/02/08 3:0 p.m.74 views

CVE-2017-0424

CVE-2017-0424 affects AOSP Messaging in Android (versions 6.0–7.1.1). It is an information disclosure vulnerability that could allow a local malicious app to bypass OS protections and access data outside its permitted scope when processing a specially crafted file. The issue is described as a mod...

5.5CVSS5.2AI score0.00802EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2017/02/08 3:0 p.m.26 views

CVE-2017-0424

An information disclosure vulnerability in AOSP Messaging could enable a remote attacker using a special crafted file to access data outside of its permission levels. This issue is rated as Moderate because it is a general bypass for a user level defense in depth or exploit mitigation technology ...

5.3AI score0.00802EPSS
Exploits0References3
ThreatPost
ThreatPost
added 2016/12/13 3:27 p.m.78 views

Microsoft Patches Publicly Disclosed IE, Edge Vulnerabilities

Microsoft today patched a half-dozen critical browser vulnerabilities that have been publicly disclosed, but apparently not used in attacks as of yet. The critical Internet Explorer and Microsoft Edge bulletins are among six released today, along with six others with a severity rating of importan...

9.3CVSS0.2AI score0.99945EPSS
Exploits37References12
Rows per page
Query Builder