Published threat advisories for April 15, 2020

A vulnerability in the web server of Cisco IP Phones allows unauthenticated remote attackers to execute code with root privileges or cause a denial of service. This impacts organizations by potentially compromising voice network devices. Business risk includes unauthorized access and service interruption.

NVD published: April 15, 2020 • CISA KEV

A Windows Kernel vulnerability allows unauthorized privilege escalation, impacting system control and data integrity. Local attackers can execute code with elevated permissions. Organizations should apply vendor updates to mitigate this risk.

NVD published: April 15, 2020 • CISA KEV

A remote code execution vulnerability exists in Microsoft Windows due to improper handling of specially crafted font files. This could allow attackers to execute code on affected systems, posing a risk to system integrity and data.

NVD published: April 15, 2020 • CISA KEV

A vulnerability in Internet Explorer's scripting engine allows remote code execution if a user visits a malicious website. This can lead to data compromise and system disruption for affected organizations.

NVD published: April 15, 2020 • CISA KEV

A vulnerability in the Windows Adobe Type Manager Library allows remote code execution via crafted font files. This poses a risk to system integrity and confidentiality. Affected organizations should identify and remediate systems.

NVD published: April 15, 2020 • CISA KEV

An unauthenticated attacker with network access can compromise Oracle WebLogic Server. Successful attacks can lead to a complete takeover of the server, impacting data confidentiality, integrity, and availability. This poses a significant business risk due to the potential for extensive data breaches and operational di

NVD published: April 15, 2020 • CISA KEV