Clop Starts MOVEit Extortion as New Bug is Discovered
Progress Software scrambles to release a new security update Read More
ZDI-23-881: Microsoft Exchange Command Class Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. Read More
ZDI-23-882: (Pwn2Own) Microsoft SharePoint ValidateTokenIssuer Improper Verification of Cryptographic Signature Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on affected installations of Microsoft SharePoint. Authentication is not required to exploit this vulnerability. Read More
ZDI-23-883: (Pwn2Own) Microsoft SharePoint GenerateProxyAssembly Code Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint. Although authentication is required to exploit this vulnerability, the existing...
ZDI-23-884: (Pwn2Own) Microsoft SharePoint userphoto Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft SharePoint. Although authentication is required to exploit this vulnerability, the existing...
ZDI-23-885: (Pwn2Own) Microsoft Windows mskssrv Driver Untrusted Pointer Dereference Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code...
ZDI-23-886: (Pwn2Own) Microsoft Windows cldflt Use-After-Free Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code...
ZDI-23-887: Microsoft Windows PGM Invalid Transmission Group Size Denial-of-Service Vulnerability
This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Microsoft Windows. Authentication is not required to exploit this vulnerability. Read...
ZDI-23-888: Adobe Substance 3D Designer SBS File Parsing Uninitialized Variable Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Designer. User interaction is required to exploit this vulnerability...
ZDI-23-889: Schneider Electric IGSS DashFiles Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. User interaction is required to exploit this vulnerability in...