| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability |
| Microsoft Windows Update Client Elevation of Privilege Vulnerability |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| BitLocker Security Feature Bypass Vulnerability |
| Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability |
| Windows Event Tracing Elevation of Privilege Vulnerability |
| Windows Ancillary Function Driver for WinSock Information Disclosure Vulnerability |
| Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
| Windows Kernel Elevation of Privilege Vulnerability |
| Windows Kernel Elevation of Privilege Vulnerability |
| Windows Key Storage Provider Security Feature Bypass Vulnerability |
| The deferred_image_processing (aka Deferred image processing) extension before 1.0.2 for TYPO3 allows Denial of Service via the FAL API because of /var/transient disk consumption. |
| The remove API in v1/controller/cloudStorage/alibabaCloud/remove/index.ts in netless Agora Flat Server before 2021-07-30 mishandles file ownership. |
| openBaraza HCM 3.1.6 does not properly neutralize user-controllable input: an unauthenticated remote attacker can conduct a stored cross-site scripting (XSS) attack against an administrative user from hr/subscription.jsp and hr/application.jsp and and hr/index.jsp (with view=). |
| Polipo through 1.1.1, when NDEBUG is used, allows a heap-based buffer overflow during parsing of a Range header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer |
| The assets/index.php Image Upload feature of the NASCENT RemKon Device Manager 4.0.0.0 allows attackers to upload any code to the target system and achieve remote code execution. |
| In NASCENT RemKon Device Manager 4.0.0.0, a Directory Traversal vulnerability in a log-reading function in maintenance/readLog.php allows an attacker to read any file via a specialized URL. |
| A command-injection vulnerability in the Image Upload function of the NASCENT RemKon Device Manager 4.0.0.0 allows attackers to execute arbitrary commands, as root, via shell metacharacters in the filename parameter to assets/index.php. |
| Incorrect Access Control in Tranquil WAPT Enterprise - before 1.8.2.7373 and before 2.0.0.9450 allows guest OS users to escalate privileges via WAPT Agent. |
| Crocoblock JetEngine before 2.6.1 allows XSS by remote authenticated users via a custom form input. |