| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network. |
| Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. |
| HCL DRYiCE AEX product is impacted by Missing
Root Detection vulnerability in the mobile application. The mobile app can be installed in the rooted
device due to which malicious users can gain unauthorized access to the rooted
devices, compromising security and potentially leading to data breaches or
other malicious activities. |
| Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network. |
| External control of file name or path in Windows Security App allows an authorized attacker to perform spoofing locally. |
| Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network. |
| Exposure of private personal information to an unauthorized actor in Azure Stack allows an authorized attacker to disclose information locally. |
| Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. |
| Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
| Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. |
| Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
| Buffer over-read in Microsoft Office Word allows an unauthorized attacker to disclose information locally. |
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
| Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally. |
| Incorrect conversion between numeric types in Microsoft Office Word allows an unauthorized attacker to execute code locally. |
| Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. |
| Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. |
| Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network. |
| Exposure of sensitive information to an unauthorized actor in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to disclose information over a network. |
| Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. |
