Active threat advisories and known exploited vulnerabilities.

Critical CVE-2011-1889 Microsoft · Forefront Threat Management Gateway (TMG) Added Mar 3, 2022

Microsoft Forefront TMG Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the Forefront Threat Management Gateway (TMG) Firewall Client Winsock provider that could allow code execution in the security context of the client application.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2011-0611 Adobe · Flash Player Added Mar 3, 2022

Adobe Flash Player Remote Code Execution Vulnerability

Adobe Flash Player contains a vulnerability that allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2010-3333 Microsoft · Office Added Mar 3, 2022

Microsoft Office Stack-based Buffer Overflow Vulnerability

A stack-based buffer overflow vulnerability exists in the parsing of RTF data in Microsoft Office and earlier allows an attacker to perform remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2010-0232 Microsoft · Windows Added Mar 3, 2022

Microsoft Windows Kernel Exception Handler Vulnerability

The kernel in Microsoft Windows, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2010-0188 Adobe · Reader and Acrobat Added Mar 3, 2022

Adobe Reader and Acrobat Arbitrary Code Execution Vulnerability

Unspecified vulnerability in Adobe Reader and Acrobat allows attackers to cause a denial of service or possibly execute arbitrary code.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2009-3129 Microsoft · Excel Added Mar 3, 2022

Microsoft Excel Featheader Record Memory Corruption Vulnerability

Microsoft Office Excel allows remote attackers to execute arbitrary code via a spreadsheet with a FEATHEADER record containing an invalid cbHdrData size element that affects a pointer offset.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2009-1123 Microsoft · Windows Added Mar 3, 2022

Microsoft Windows Improper Input Validation Vulnerability

The kernel in Microsoft Windows does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2008-3431 Oracle · VirtualBox Added Mar 3, 2022

Oracle VirtualBox Insufficient Input Validation Vulnerability

An input validation vulnerability exists in the VBoxDrv.sys driver of Sun xVM VirtualBox which allows attackers to locally execute arbitrary code.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2008-2992 Adobe · Acrobat and Reader Added Mar 3, 2022

Adobe Reader and Acrobat Input Validation Vulnerability

Adobe Acrobat and Reader contain an input validation issue in a JavaScript method that could potentially lead to remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2004-0210 Microsoft · Windows Added Mar 3, 2022

Microsoft Windows Privilege Escalation Vulnerability

A privilege elevation vulnerability exists in the POSIX subsystem. This vulnerability could allow a logged on user to take complete control of the system.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2002-0367 Microsoft · Windows Added Mar 3, 2022

Microsoft Windows Privilege Escalation Vulnerability

smss.exe debugging subsystem in Microsoft Windows does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2022-24682 Synacor · Zimbra Collaborate Suite (ZCS) Added Feb 25, 2022

Synacor Zimbra Collaborate Suite (ZCS) Cross-Site Scripting Vulnerability

Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting (XSS) vulnerability in the Calendar feature that allows an attacker to execute arbitrary code.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2017-8570 Microsoft · Office Added Feb 25, 2022

Microsoft Office Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2017-0222 Microsoft · Internet Explorer Added Feb 25, 2022

Microsoft Internet Explorer Remote Code Execution Vulnerability

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2014-6352 Microsoft · Windows Added Feb 25, 2022

Microsoft Windows Code Injection Vulnerability

Microsoft Windows allow remote attackers to execute arbitrary code via a crafted OLE object.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2022-23131 Zabbix · Frontend Added Feb 22, 2022

Zabbix Frontend Authentication Bypass Vulnerability

Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2022-23134 Zabbix · Frontend Added Feb 22, 2022

Zabbix Frontend Improper Access Control Vulnerability

Malicious actors can pass step checks and potentially change the configuration of Zabbix Frontend.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2022-24086 Adobe · Commerce and Magento Open Source Added Feb 15, 2022

Adobe Commerce and Magento Open Source Improper Input Validation Vulnerability

Adobe Commerce and Magento Open Source contain an improper input validation vulnerability which can allow for arbitrary code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2022-0609 Google · Chromium Animation Added Feb 15, 2022

Google Chromium Animation Use-After-Free Vulnerability

Google Chromium Animation contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2019-0752 Microsoft · Internet Explorer Added Feb 15, 2022

Microsoft Internet Explorer Type Confusion Vulnerability

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2018-8174 Microsoft · Windows Added Feb 15, 2022

Microsoft Windows VBScript Engine Out-of-Bounds Write Vulnerability

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution"

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2018-20250 RARLAB · WinRAR Added Feb 15, 2022

WinRAR Absolute Path Traversal Vulnerability

WinRAR Absolute Path Traversal vulnerability leads to Remote Code Execution

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2018-15982 Adobe · Flash Player Added Feb 15, 2022

Adobe Flash Player Use-After-Free Vulnerability

Adobe Flash Player com.adobe.tvsdk.mediacore.metadata Use After Free Vulnerability

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2017-9841 PHPUnit · PHPUnit Added Feb 15, 2022

PHPUnit Command Injection Vulnerability

PHPUnit allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2014-1761 Microsoft · Word Added Feb 15, 2022

Microsoft Word Memory Corruption Vulnerability

Microsoft Word contains a memory corruption vulnerability which when exploited could allow for remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed