| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Xbox Gaming Services Elevation of Privilege Vulnerability |
| Windows Update Stack Elevation of Privilege Vulnerability |
| Microsoft Office Elevation of Privilege Vulnerability |
| NTFS Elevation of Privilege Vulnerability |
| Azure Monitor Agent Elevation of Privilege Vulnerability |
| Microsoft Brokering File System Elevation of Privilege Vulnerability |
| Windows File Server Resource Management Service Elevation of Privilege Vulnerability |
| Windows Telephony Server Elevation of Privilege Vulnerability |
| Windows Update Stack Elevation of Privilege Vulnerability |
| Microsoft Install Service Elevation of Privilege Vulnerability |
| Windows Authentication Elevation of Privilege Vulnerability |
| Windows Search Service Elevation of Privilege Vulnerability |
| Microsoft PLUGScheduler Scheduled Task Elevation of Privilege Vulnerability |
| Azure Monitor Agent Elevation of Privilege Vulnerability |
| Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform arbitrary read/write via a malicious file. (Chromium security severity: Critical) |
| : Use of GET Request Method With Sensitive Query Strings vulnerability in ABB ANC, ABB ANC-L, ABB ANC-mini.This issue affects ANC: through 1.1.4; ANC-L: through 1.1.4; ANC-mini: through 1.1.4. |
| Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107. |
| Weblate is a web based localization tool. Prior to version 5.11, when creating a new component from an existing component that has a source code repository URL specified in settings, this URL is included in the client's URL parameters during the creation process. If, for example, the source code repository URL contains GitHub credentials, the confidential PAT and username are shown in plaintext and get saved into browser history. Moreover, if the request URL is logged, the credentials are written to logs in plaintext. If using Weblate official Docker image, nginx logs the URL and the token in plaintext. This issue is patched in version 5.11. |
| Windows Authentication Elevation of Privilege Vulnerability |
| Windows Authentication Denial of Service Vulnerability |
