BACK TO INTEL

Archives

Classification

Application Security
Cloud Infrastructure
Enterprise Infrastructure
Enterprise IT Infrastructure
Enterprise Networking
Enterprise Security
Enterprise Software
ERP
Information Technology
Infrastructure
Infrastructure Security
Microsoft
Network Appliances
Network Infrastructure
Network Security
Networking
Open Source
Operating Systems
Software
Software Development
Software Security
Technology
Virtualization
Vulnerability
Web Hosting
Web Security
Windows Ecosystem

Feed

Verified advisories, vulnerability disclosures, and architectural research.

CVE-2023-24880

CVE-2023-24880: Critical Windows SmartScreen Security Bypass Advisory and Analysis

Microsoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file.

Windows
View Detail
CVE-2019-1388

Deep Analysis: CVE-2019-1388 Microsoft Windows Certificate Dialog Elevation of Privilege Vulnerability

Microsoft Windows Certificate Dialog contains a privilege escalation vulnerability, allowing attackers to run processes in an elevated context.

Windows
View Detail
CVE-2023-28252

CVE-2023-28252: Critical Windows CLFS Driver Privilege Escalation Advisory

Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.

Windows
View Detail
CVE-2021-45046

Critical Security Advisory: Addressing the Apache Log4j2 Incomplete Fix (CVE-2021-45046)

Apache Log4j2 contains a deserialization of untrusted data vulnerability due to the incomplete fix of CVE-2021-44228, where the Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations.

Log4j2
View Detail
CVE-2023-34362

CVE-2023-34362: Critical SQL Injection in Progress MOVEit Transfer Demands Immediate Action

Progress MOVEit Transfer contains a SQL injection vulnerability that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database.

MOVEit Transfer
View Detail
CVE-2023-27997

CVE-2023-27997: Critical Fortinet SSL-VPN Heap Buffer Overflow Remediation Guide

Fortinet FortiOS and FortiProxy SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute code or commands via specifically crafted requests.

FortiOS and FortiProxy SSL-VPN
View Detail
CVE-2023-36884

Critical Advisory: Resolving the CVE-2023-36884 Windows Search Remote Code Execution Vulnerability

Microsoft Windows Search contains an unspecified vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file, leading to remote code execution.

Windows
View Detail
CVE-2023-3519

CVE-2023-3519: Critical Citrix NetScaler ADC and Gateway Code Injection Advisory

Citrix NetScaler ADC and NetScaler Gateway contains a code injection vulnerability that allows for unauthenticated remote code execution.

NetScaler ADC and NetScaler Gateway
View Detail
CVE-2023-38035

CVE-2023-38035: Critical Ivanti Sentry Authentication Bypass Vulnerability Advisory

Ivanti Sentry, formerly known as MobileIron Sentry, contains an authentication bypass vulnerability that may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.

Ivanti Sentry
View Detail
CVE-2023-20269

CVE-2023-20269: Mitigating Unauthorized Access in Cisco ASA and Firepower Threat Defense VPNs

Cisco Adaptive Security Appliance and Firepower Threat Defense contain an unauthorized access vulnerability that could allow an unauthenticated, remote attacker to conduct a brute force attack in an attempt to identify valid username and password combinations or establish a clientless SSL VPN session with an unauthorized user.

Adaptive Security Appliance and Firepower Threat Defense
View Detail
CVE-2023-22515

CVE-2023-22515: Critical Zero-Day Access Control Vulnerability in Atlassian Confluence

Atlassian Confluence Data Center and Server contains a broken access control vulnerability that allows an attacker to create unauthorized Confluence administrator accounts and access Confluence.

Confluence Data Center and Server
View Detail
CVE-2023-4966

CVE-2023-4966: Critical Buffer Overflow Vulnerability in NetScaler ADC and Gateway (Citrix Bleed)

Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for sensitive information disclosure when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.

NetScaler ADC and NetScaler Gateway
View Detail
1234567