Vulnerability & Exploit Database

Displaying entries 71 - 80 of 135952 in total

Microsoft CVE-2018-8366: Microsoft Edge Information Disclosure Vulnerability Vulnerability

  • Severity: 4
  • Published: September 11, 2018

An information disclosure vulnerability exists when the Microsoft Edge Fetch API incorrectly handles a filtered response type. An attacker could use the vulnerability to read the URL of a cross-origin request. Websites that that do not securely populate the URL with confidential information could allow information to be disclosed to an a...

Microsoft CVE-2018-8354: Scripting Engine Memory Corruption Vulnerability Vulnerability

  • Severity: 4
  • Published: September 11, 2018

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same ...

Microsoft CVE-2018-8337: Windows Subsystem for Linux Security Feature Bypass Vulnerability Vulnerability

  • Severity: 4
  • Published: September 11, 2018

A security feature bypass vulnerability exists when Windows Subsystem for Linux improperly handles case sensitivity. An attacker who successfully exploited this vulnerability could replace or delete arbitrary files as a low privilege user. A attacker could exploit this vulnerability by running a specially crafted application. The update ...

Microsoft CVE-2018-8336: Windows Kernel Information Disclosure Vulnerability Vulnerability

  • Severity: 4
  • Published: September 11, 2018

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially ...

Microsoft CVE-2018-8335: Windows SMB Denial of Service Vulnerability Vulnerability

  • Severity: 4
  • Published: September 11, 2018

A denial of service vulnerability exists in the Microsoft Server Block Message (SMB) when an attacker sends specially crafted requests to the server. An attacker who exploited this vulnerability could cause the affected system to crash. To attempt to exploit this issue, an attacker would need to send specially crafted SMB requests to the...

Microsoft CVE-2018-8332: Win32k Graphics Remote Code Execution Vulnerability Vulnerability

  • Severity: 4
  • Published: September 11, 2018

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user r...

Microsoft CVE-2018-8315: Microsoft Scripting Engine Information Disclosure Vulnerability Vulnerability

  • Severity: 4
  • Published: September 11, 2018

An information disclosure vulnerability exists when the browser scripting engine improperly handle object types. An attacker who has successfully exploited this vulnerability might be able to read privileged data across trust boundaries. In browsing scenarios, an attacker could convince a user to visit a malicious site and leverage the v...

Microsoft CVE-2018-8271: Windows Information Disclosure Vulnerability Vulnerability

  • Severity: 4
  • Published: September 11, 2018

An information disclosure vulnerability exists in Windows when the Windows bowser.sys kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could potentially disclose contents of System memory. To exploit this vulnerability, an attacker would have to log on to the system f...

Microsoft CVE-2018-5391: Windows Denial of Service Vulnerability Vulnerability

  • Severity: 4
  • Published: September 11, 2018

Microsoft is aware of a denial of service vulnerability (named "FragmentSmack" CVE-2018-5391) affecting Windows systems. An attacker could send many 8-byte sized IP fragments with random starting offsets, but withhold the last fragment and exploit the worst-case complexity of linked lists in reassembling IP fragments. A system under atta...

Microsoft CVE-2018-15967: Security updates available for Adobe Flash Player Vulnerability

  • Severity: 4
  • Published: September 11, 2018
Adobe has released security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS. These updates address an important vulnerability in Adobe Flash Player 30.0.0.154 and earlier versions.  Successful exploitation could lead to information disclosure.