| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Various Vembu products allow an attacker to execute a (non-blind) http-only Cross Site Request Forgery (Other products or versions of products in this family may be affected too.) |
| In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 the http API located at /sgwebservice_o.php action logFilePath allows an attacker to write arbitrary files in the context of the web server process. These files can then be executed remotely by calling the file via the web server. |
| In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 installed on Windows, the http API located at /consumerweb/secure/download.php. Using this command argument an unauthenticated attacker can execute arbitrary OS commands with SYSTEM privileges. |
| In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1, the http API located at /sgwebservice_o.php accepts a command argument. Using this command argument an unauthenticated attacker can execute arbitrary shell commands. |
| Apache Nuttx Versions prior to 10.1.0 are vulnerable to integer wrap-around in functions malloc, realloc and memalign. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution. |
| Azure RTOS Information Disclosure Vulnerability |
| Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability |
| Windows HTTP.sys Elevation of Privilege Vulnerability |
| Storage Spaces Controller Elevation of Privilege Vulnerability |
| Microsoft Edge for Android Information Disclosure Vulnerability |
| Visual Studio Code Spoofing Vulnerability |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
| Windows Scripting Engine Memory Corruption Vulnerability |
| Visual Studio Elevation of Privilege Vulnerability |
| Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability |
| Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability |
| Windows Recovery Environment Agent Elevation of Privilege Vulnerability |
| Azure Sphere Denial of Service Vulnerability |
| Azure Sphere Elevation of Privilege Vulnerability |
| Azure Sphere Information Disclosure Vulnerability |
