Vulmon Recent Vulnerabilities Discussions Trends Blog About Contact

microsoft vulnerabilities and exploits

NA
CVE-2019-1167

Microsoft has released new versions of PowerShell Core to fix a vulnerability that allows a local attacker to bypass Windows Defender Application Control (WDAC) enforcements.  This could allow the attacker to execute untrusted programs even with WDAC enabled. Windows...

3.3
CVSSv2
CVE-2019-13052

Logitech Unifying devices allow live decryption if the pairing of a keyboard to a receiver is sniffed....

LogitechUnifying Receiver Firmware
3.3
CVSSv2
CVE-2019-13054

The Logitech R500 presentation clicker allows attackers to determine the AES key, leading to keystroke injection. On Windows, any text may be injected by using ALT+NUMPAD input to bypass the restriction on the characters A through Z....

LogitechR500 Firmware
3.3
CVSSv2
CVE-2019-13055

Certain Logitech Unifying devices allow attackers to dump AES keys and addresses, leading to the capability of live decryption of Radio Frequency transmissions, as demonstrated by an attack against a Logitech K360 keyboard....

LogitechK360 FirmwareUnifying Receiver Firmware
3.3
CVSSv2
CVE-2019-13053

Logitech Unifying devices allow keystroke injection, bypassing encryption. The attacker must press a "magic" key combination while sniffing cryptographic data from a Radio Frequency transmission. NOTE: this issue exists because of an incomplete fix for CVE-2016-10761....

LogitechUnifying Receiver Firmware
4.9
CVSSv2
CVE-2018-10876

A flaw was found in Linux kernel in the ext4 filesystem code. A use-after-free is possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image....

CanonicalUbuntu LinuxDebianDebian LinuxLinuxLinux Kernel
7.2
CVSSv2
CVE-2015-2387

ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges...

MicrosoftWindows 2003 ServerWindows 7Windows 8Windows 8.1Windows RtWindows Rt 8.1Windows Server 2008Windows Server 2012Windows Vista
NA
CVE-2019-10915

A vulnerability has been identified in TIA Administrator (All versions < V1.0 SP1 Upd1). The integrated configuration web application (TIA Administrator) allows to execute certain application commands without proper authentication. The vulnerability could be exploited by an...

6.2
CVSSv2
CVE-2018-15664

In Docker through 18.06.1-ce-rc2, the API endpoints behind the 'docker cp' command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges, because daemon/archive.go...

Docker
NA
CVE-2019-0865

A denial of service vulnerability exists when SymCrypt improperly handles a specially crafted digital signature.An attacker could exploit the vulnerability by creating a specially crafted connection or message.The security update addresses the vulnerability by correcting the way...

CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
remote code executionCVE-2019-0234CVE-2019-1010048CVE-2019-0708microsoftwindows 10CVE-2019-1099CVE-2019-1575arbitrary CVE-2019-11580memory leak