| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Privilege escalation vulnerability in the saTECH BCU firmware version 2.1.3. An attacker with access to the CLI of the device could make use of the nice command to bypass all restrictions and elevate privileges as a superuser. |
| SaTECH BCU, in its firmware version 2.1.3, performs weak password encryption. This allows an attacker with access to the device's system or website to obtain the credentials, as the storage methods used are not strong enough in terms of encryption. |
| Insecure Permission vulnerability in student-manage 1 allows a local attacker to escalate privileges via the Unsafe permission verification. |
| A vulnerability classified as critical was found in lenve VBlog up to 1.0.0. Affected by this vulnerability is the function configure of the file blogserver/src/main/java/org/sang/config/WebSecurityConfig.java. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. |
| Weak authentication in Windows Installer allows an authorized attacker to elevate privileges locally. |
| The ui performs the wrong action in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. |
| Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. |
| Improper access control in Azure Virtual Machines allows an authorized attacker to perform spoofing locally. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Storage allows an unauthorized attacker to execute code over a network. |
| Improper verification of cryptographic signature in Windows Certificates allows an unauthorized attacker to perform spoofing over a network. |
| User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. |
| Microsoft 365 Copilot BizChat Information Disclosure Vulnerability |
| Microsoft 365 Copilot BizChat Information Disclosure Vulnerability |
| Azure OpenAI Elevation of Privilege Vulnerability |
| Azure Portal Elevation of Privilege Vulnerability |
| Improper restriction of communication channel to intended endpoints in Windows Hyper-V allows an authorized attacker to execute code locally. |
| Improper authentication in Azure Stack allows an unauthorized attacker to disclose information over a network. |
| Missing authentication for critical function in Windows StateRepository API allows an authorized attacker to elevate privileges locally. |
| Time-of-check time-of-use (toctou) race condition in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally. |
| Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. |
