All Vulnerabilities

A remote code vulnerability exists when Windows fails to validate the authenticity of a module before loading it in run-time. An attacker who successfully exploited the vulnerability could execute arbitrary code in the context of the user running the affected application.
Tomcat JSP Source Code Exposure Vulnerability (CVE-2002-1148)
 Severity:    
 Date Published:  21 Dec 2016
The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
Microsoft Office OLE DLL Side Loading Vulnerability (CVE-2016-7275)
 Severity:    
 Date Published:  21 Dec 2016
A remote code execution vulnerability exists when Microsoft Office fails to validate the authenticity of a module before loading it at run-time. An attacker who successfully exploited the vulnerability could execute arbitrary code in the context of the user running the affected application.
Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2016-7256)
 Severity:    
 Date Published:  21 Dec 2016
A remote code vulnerability exists when Microsoft Windows fails to properly parse OpenType fonts. An attacker who successfully exploited this vulnerability could take control of the affected system.
Internet Explorer Memory Corruption Vulnerability (CVE-2013-3143)
 Severity:    
 Date Published:  21 Dec 2016
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3161.
There exists a remote code execution vulnerability in the way that Internet Explorer accesses an object in memory that has been deleted. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Use After Free Vulnerability (CVE-2013-1309)
 Severity:    
 Date Published:  21 Dec 2016
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-2551.
Internet Explorer Memory Corruption Vulnerability (CVE-2013-3111)
 Severity:    
 Date Published:  21 Dec 2016
Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3123.
Joomla Core Remote Privilege Escalation Vulnerability (CVE-2016-8869)
 Severity:    
 Date Published:  21 Dec 2016
Joomla Core is prone to multiple security-bypass vulnerabilities. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks.
Microsoft Windows Elevation Of Privilege Vulnerability (CVE-2016-7255)
 Severity:    
 Date Published:  21 Dec 2016
An elevation of privilege vulnerability exists when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Featured Stories