| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Windows Graphics Component Remote Code Execution Vulnerability |
| Microsoft DWM Core Library Elevation of Privilege Vulnerability |
| Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability |
| Active Directory Security Feature Bypass Vulnerability |
| Windows Kernel Information Disclosure Vulnerability |
| Windows Kernel Elevation of Privilege Vulnerability |
| Windows Desktop Bridge Elevation of Privilege Vulnerability |
| Windows Print Spooler Elevation of Privilege Vulnerability |
| Windows Print Spooler Information Disclosure Vulnerability |
| Windows Media Audio Decoder Remote Code Execution Vulnerability |
| Microsoft Windows Media Foundation Remote Code Execution Vulnerability |
| Datalust Seq before 2021.2.6259 allows users (with view filters applied to their accounts) to see query results not constrained by their view filter. This information exposure, caused by an internal cache key collision, occurs when the user's view filter includes an array or IN clause, and when another user has recently executed an identical query differing only by the array elements. |
| In MISP before 2.4.148, app/Lib/Export/OpendataExport.php mishandles parameter data that is used in a shell_exec call. |
| Broken access control for user creation in Pydio Cells 2.2.9 allows remote anonymous users to create standard users via the profile parameter. (In addition, such users can be granted several admin permissions via the Roles parameter.) |
| Directory traversal in the Copy, Move, and Delete features in Pydio Cells 2.2.9 allows remote authenticated users to enumerate personal files (or Cells files belonging to any user) via the nodes parameter (for Copy and Move) or via the Path parameter (for Delete). |
| Directory traversal in the Compress feature in Pydio Cells 2.2.9 allows remote authenticated users to overwrite personal files, or Cells files belonging to any user, via the format parameter. |
| Poly VVX 400/410 5.3.1 allows low-privileged users to change the Admin password by modifying a POST parameter to 120 during the password reset process. |
| In Progress WhatsUp Gold prior to version 21.1.0, an application endpoint failed to adequately sanitize malicious input. which could allow an unauthenticated attacker to execute arbitrary code in a victim's browser. |
| XSS Hunter Express before 2021-09-17 does not properly enforce authentication requirements for paths. |
| The Device42 Main Appliance before 17.05.01 does not sanitize user input in its Nmap Discovery utility. An attacker (with permissions to add or edit jobs run by this utility) can inject an extra argument to overwrite arbitrary files as the root user on the Remote Collector. |