| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass content filters that are configured on an affected device.
The vulnerability is due to improper handling of password-protected zip files. An attacker could exploit this vulnerability by sending a malicious file inside a crafted zip-compressed file to an affected device. A successful exploit could allow the attacker to bypass configured content filters that would normally drop the email. |
| Improper input validation in OpenSSH for Windows allows an authorized attacker to elevate privileges locally. |
| A vulnerability has been found in Gosuncn Technology Group Audio-Visual Integrated Management Platform 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /sysmgr/user/listByPage. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. |
| A vulnerability, which was classified as problematic, was found in Gosuncn Technology Group Audio-Visual Integrated Management Platform 4.0. Affected is an unknown function of the file /config/config.properties of the component Configuration File Handler. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. |
| A vulnerability, which was classified as critical, has been found in Upsonic up to 0.55.6. This issue affects the function cloudpickle.loads of the file /tools/add_tool of the component Pickle Handler. The manipulation leads to deserialization. The exploit has been disclosed to the public and may be used. |
| Timing difference in password reset in Ergon Informatik AG's Airlock IAM 7.7.9, 8.0.8, 8.1.7, 8.2.4 and 8.3.1 allows unauthenticated attackers to enumerate usernames. |
| Microsoft Word Security Feature Bypass Vulnerability |
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a unauthenticated attacker to view sensitive information through network attack vector |
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| Windows Mobile Broadband Driver Denial of Service Vulnerability |
| Windows Mobile Broadband Driver Denial of Service Vulnerability |
| Windows Mobile Broadband Driver Denial of Service Vulnerability |
| Windows Cryptographic Information Disclosure Vulnerability |
| Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
| Windows Hyper-V Remote Code Execution Vulnerability |
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| Windows Hyper-V Security Feature Bypass Vulnerability |
| Microsoft Office Spoofing Vulnerability |
