#windows

Windows TCP/IP Denial of Service Vulnerability

Windows Named Pipe Filesystem Elevation of Privilege Vulnerability

Windows Runtime C++ Template Library Elevation of Privilege Vulnerability

Windows Setup Files Cleanup Remote Code Execution Vulnerability

Windows Common Log File System Driver Information Disclosure Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Windows 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions, Linux 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions and Mac 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions, 6.2 all versions, may allow a local authenticated attacker with no Administrative privileges to retrieve the list of files or folders excluded from malware scanning.

An issue was discovered in Ethernut Nut/OS 5.1. The code that generates Initial Sequence Numbers (ISNs) for TCP connections derives the ISN from an insufficiently random source. As a result, an attacker may be able to determine the ISN of current and future TCP connections and either hijack existing ones or spoof future ones. While the ISN generator seems to adhere to RFC 793 (where a global 32-bit counter is incremented roughly every 4 microseconds), proper ISN generation should aim to follow at least the specifications outlined in RFC 6528.

Keyloggers have been used for espionage since the days of the typewriter, but today's threats are easier to get and use than ever.

Webedition CMS version 2.9.8.8 suffers from a blind server-side request forgery vulnerability.