BACK TO INTEL

Archives

Classification

Application Security
Cloud Infrastructure
Enterprise Infrastructure
Enterprise IT Infrastructure
Enterprise Networking
Enterprise Security
Enterprise Software
ERP
Information Technology
Infrastructure
Infrastructure Security
Microsoft
Network Appliances
Network Infrastructure
Network Security
Networking
Open Source
Operating Systems
Software
Software Development
Software Security
Technology
Virtualization
Vulnerability
Web Hosting
Web Security
Windows Ecosystem

Feed

Verified advisories, vulnerability disclosures, and architectural research.

CVE-2008-4250

Unpacking CVE-2008-4250: Technical Analysis and Mitigation of the Critical Windows Server Service Buffer Overflow Vulnerability

Microsoft Windows contains a buffer overflow vulnerability in the Windows Server Service that allows remote attackers to execute arbitrary code via a crafted RPC request that triggers an overflow during path canonicalization.

Windows
View Detail
CVE-2016-3351

Securing Legacy Environments: A Technical Analysis of CVE-2016-3351 in Internet Explorer and Edge

An information disclosure vulnerability exists in the way that certain functions in Internet Explorer and Edge handle objects in memory. The vulnerability could allow an attacker to detect specific files on the user's computer.

Internet Explorer and Edge
View Detail
CVE-2017-0147

Unmasking CVE-2017-0147: Technical Analysis of the Windows SMBv1 Information Disclosure Vulnerability

The SMBv1 server in Microsoft Windows allows remote attackers to obtain sensitive information from process memory via a crafted packet.

SMBv1 server
View Detail
CVE-2012-1710

Deep Dive: Mitigating CVE-2012-1710 in Oracle Fusion Middleware

Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors related to Designer.

Fusion Middleware
View Detail
CVE-2013-0074

Critical Advisory: Resolving CVE-2013-0074 and the Risks of Legacy Microsoft Silverlight Deployments

Microsoft Silverlight does not properly validate pointers during HTML object rendering, which allows remote attackers to execute code via a crafted Silverlight application.

Silverlight
View Detail
CVE-2013-0431

CVE-2013-0431: Analyzing the Oracle Java JRE Sandbox Bypass and Its Active Ransomware Exploitation

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle allows remote attackers to bypass the Java security sandbox.

Java Runtime Environment (JRE)
View Detail
CVE-2016-0034

CVE-2016-0034: Critical Microsoft Silverlight RCE Vulnerability Technical Advisory

Microsoft Silverlight mishandles negative offsets during decoding, which allows attackers to execute remote code or cause a denial-of-service (DoS).

Silverlight
View Detail
CVE-2022-26134

Critical RCE Alert: Managing the CVE-2022-26134 Atlassian Confluence Vulnerability

Atlassian Confluence Server and Data Center contain a remote code execution vulnerability that allows for an unauthenticated attacker to perform remote code execution.

Confluence Server/Data Center
View Detail
CVE-2022-30190

CVE-2022-30190: High-Severity MSDT Remote Code Execution (Follina) Technical Advisory

A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run code with the privileges of the calling application.

Windows
View Detail
CVE-2018-13374

Critical Security Advisory: Addressing CVE-2018-13374 Improper Access Control in Fortinet FortiOS and FortiADC

Fortinet FortiOS and FortiADC contain an improper access control vulnerability that allows attackers to obtain the LDAP server login credentials configured in FortiGate by pointing a LDAP server connectivity test request to a rogue LDAP server.

FortiOS and FortiADC
View Detail
CVE-2022-41040

CVE-2022-41040: Microsoft Exchange Server SSRF Vulnerability (ProxyNotShell) Deep Dive and Remediation

Microsoft Exchange Server allows for server-side request forgery. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41082 which allows for remote code execution.

Exchange Server
View Detail
CVE-2022-41082

CVE-2022-41082: Defending Against the ProxyNotShell Deserialization RCE in Microsoft Exchange

Microsoft Exchange Server contains an unspecified vulnerability that allows for authenticated remote code execution. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41040 which allows for the remote code execution.

Exchange Server
View Detail
1234567