| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Windows Local Session Manager (LSM) Denial of Service Vulnerability |
| Microsoft Windows Defender Elevation of Privilege Vulnerability |
| Windows DWM Core Library Elevation of Privilege Vulnerability |
| Microsoft has identified a vulnerability affecting the cluster connect feature of Azure Arc-enabled Kubernetes clusters. This vulnerability could allow an unauthenticated user to elevate their privileges and potentially gain administrative control over the Kubernetes cluster. Additionally, because Azure Stack Edge allows customers to deploy Kubernetes workloads on their devices via Azure Arc, Azure Stack Edge devices are also vulnerable to this vulnerability. |
| Windows Kerberos Elevation of Privilege Vulnerability |
| Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability |
| Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability |
| Service Fabric Explorer Spoofing Vulnerability |
| Windows NTLM Spoofing Vulnerability |
| Windows CryptoAPI Spoofing Vulnerability |
| Windows TCP/IP Driver Denial of Service Vulnerability |
| Windows GDI+ Remote Code Execution Vulnerability |
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability |
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability |
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability |
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability |
| LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Versions prior to 24.4.0 are vulnerable to SQL injection. The `order` parameter is obtained from `$request`. After performing a string check, the value is directly incorporated into an SQL statement and concatenated, resulting in a SQL injection vulnerability. An attacker may extract a whole database this way. Version 24.4.0 fixes the issue. |
| LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Prior to version 24.4.0, there is improper sanitization on the `Service` template name, which can lead to stored Cross-site Scripting. Version 24.4.0 fixes this vulnerability. |
| Visual Studio Remote Code Execution Vulnerability |
| Windows Scripting Languages Remote Code Execution Vulnerability |
