Vulnerability & Exploit Database

Displaying entries 31 - 40 of 132609 in total

Debian: CVE-2018-0495: libgcrypt20 -- security update Vulnerability

  • Severity: 4
  • Published: June 13, 2018

Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker ...

Microsoft CVE-2018-8267: Scripting Engine Memory Corruption Vulnerability Vulnerability

  • Severity: 4
  • Published: June 12, 2018

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the sa...

Microsoft CVE-2018-8254: Microsoft SharePoint Elevation of Privilege Vulnerability Vulnerability

  • Severity: 4
  • Published: June 12, 2018

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who successfully explo...

Microsoft CVE-2018-8252: Microsoft SharePoint Elevation of Privilege Vulnerability Vulnerability

  • Severity: 4
  • Published: June 12, 2018

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who successfully explo...

Microsoft CVE-2018-8251: Media Foundation Memory Corruption Vulnerability Vulnerability

  • Severity: 8
  • Published: June 12, 2018

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such...

Microsoft CVE-2018-8249: Internet Explorer Memory Corruption Vulnerability Vulnerability

  • Severity: 4
  • Published: June 12, 2018

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the c...

Microsoft CVE-2018-8248: Microsoft Excel Remote Code Execution Vulnerability Vulnerability

  • Severity: 4
  • Published: June 12, 2018

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could ta...

Microsoft CVE-2018-8247: Microsoft Office Elevation of Privilege Vulnerability Vulnerability

  • Severity: 4
  • Published: June 12, 2018

An elevation of privilege vulnerability exists when Office Web Apps Server 2013 and Office Online Server fail to properly handle web requests. An attacker who successfully exploited this vulnerability could perform script/content injection attacks and attempt to trick the user into disclosing sensitive information. To exploit the vulnera...

Microsoft CVE-2018-8246: Microsoft Excel Information Disclosure Vulnerability Vulnerability

  • Severity: 4
  • Published: June 12, 2018

An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data. To exploit the vulnerability, an attacker could craft a special document file and then convince the user to o...

Microsoft CVE-2018-8245: Microsoft Office Elevation of Privilege Vulnerability Vulnerability

  • Severity: 4
  • Published: June 12, 2018

An elevation of privilege vulnerability exists when Microsoft Publisher fails to utilize features that lock down the Local Machine zone when instantiating OLE objects. An attacker who successfully exploited the vulnerability could force arbitrary code to be executed in the Local Machine zone. To exploit the vulnerability, the attacker co...