microsoft vulnerabilities and exploits

NA
CVE-2019-1167

Microsoft has released new versions of PowerShell Core to fix a vulnerability that allows a local attacker to bypass Windows Defender Application Control (WDAC) enforcements.  This could allow the attacker to execute untrusted programs even with WDAC enabled. Windows...

3.3
CVSSv2
CVE-2019-13052

Logitech Unifying devices allow live decryption if the pairing of a keyboard to a receiver is sniffed....

LogitechUnifying Receiver Firmware
3.3
CVSSv2
CVE-2019-13054

The Logitech R500 presentation clicker allows attackers to determine the AES key, leading to keystroke injection. On Windows, any text may be injected by using ALT+NUMPAD input to bypass the restriction on the characters A through Z....

LogitechR500 Firmware
3.3
CVSSv2
CVE-2019-13055

Certain Logitech Unifying devices allow attackers to dump AES keys and addresses, leading to the capability of live decryption of Radio Frequency transmissions, as demonstrated by an attack against a Logitech K360 keyboard....

LogitechK360 FirmwareUnifying Receiver Firmware
3.3
CVSSv2
CVE-2019-13053

Logitech Unifying devices allow keystroke injection, bypassing encryption. The attacker must press a "magic" key combination while sniffing cryptographic data from a Radio Frequency transmission. NOTE: this issue exists because of an incomplete fix for CVE-2016-10761....

LogitechUnifying Receiver Firmware
4.9
CVSSv2
CVE-2018-10876

A flaw was found in Linux kernel in the ext4 filesystem code. A use-after-free is possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image....

7.2
CVSSv2
CVE-2015-2387

ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges...

NA
CVE-2019-10915

A vulnerability has been identified in TIA Administrator (All versions < V1.0 SP1 Upd1). The integrated configuration web application (TIA Administrator) allows to execute certain application commands without proper authentication. The vulnerability could be exploited by an...

6.2
CVSSv2
CVE-2018-15664

In Docker through 18.06.1-ce-rc2, the API endpoints behind the 'docker cp' command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges, because daemon/archive.go...

Docker
NA
CVE-2019-0865

A denial of service vulnerability exists when SymCrypt improperly handles a specially crafted digital signature.An attacker could exploit the vulnerability by creating a specially crafted connection or message.The security update addresses the vulnerability by correcting the way...