| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The software allows the attacker to upload or transfer files of dangerous types to the WebHMI portal, that may be automatically processed within the product's environment or lead to arbitrary code execution. |
| The impacted products, when configured to use SSO, are affected by an improper authentication vulnerability. This vulnerability allows the application to accept manual entry of any active directory (AD) account provisioned in the application without supplying a password, resulting in access to the application as the supplied AD account, with all associated privileges. |
| The authentication algorithm of the WebHMI portal is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error. |
| Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in mail sending and receiving component in Synology Mail Station before 20211105-10315 allows remote authenticated users to execute arbitrary commands via unspecified vectors. |
| Visual Studio Code Spoofing Vulnerability |
| Visual Studio Code WSL Extension Remote Code Execution Vulnerability |
| Microsoft 4K Wireless Display Adapter Remote Code Execution Vulnerability |
| Microsoft PowerShell Spoofing Vulnerability |
| Windows Encrypting File System (EFS) Elevation of Privilege Vulnerability |
| Microsoft BizTalk ESB Toolkit Spoofing Vulnerability |
| Visual Studio Code Remote Code Execution Vulnerability |
| Microsoft Defender for IoT Remote Code Execution Vulnerability |
| Microsoft Defender for IoT Information Disclosure Vulnerability |
| Windows Installer Elevation of Privilege Vulnerability |
| Microsoft Defender for IoT Remote Code Execution Vulnerability |
| Windows Mobile Device Management Elevation of Privilege Vulnerability |
| ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability |
| Microsoft SharePoint Elevation of Privilege Vulnerability |
| jQuery Terminal Emulator is a plugin for creating command line interpreters in your applications. Versions prior to 2.31.1 contain a low impact and limited cross-site scripting (XSS) vulnerability. The code for XSS payload is always visible, but an attacker can use other techniques to hide the code the victim sees. If the application uses the `execHash` option and executes code from URL, the attacker can use this URL to execute their code. The scope is limited because the javascript attribute used is added to span tag, so no automatic execution like with `onerror` on images is possible. This issue is fixed in version 2.31.1. As a workaround, the user can use formatting that wrap whole user input and its no op. The code for this workaround is available in the GitHub Security Advisory. The fix will only work when user of the library is not using different formatters (e.g. to highlight code in different way). |
| Mermaid is a Javascript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. Prior to version 8.13.8, malicious diagrams can run javascript code at diagram readers' machines. Users should upgrade to version 8.13.8 to receive a patch. There are no known workarounds aside from upgrading. |