| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A vulnerability was found in OpenClinica Community Edition up to 3.12.2/3.13. This affects an unknown part of the file /ImportCRFData?action=confirm of the component CRF Data Import. Performing manipulation of the argument xml_file results in path traversal. The attack can be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. |
| NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the v1.0.2 tag. A specially crafted packet sent by an attacker could cause a denial-of-service (DoS) condition. |
| A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file.
By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user. |
| The ui performs the wrong action in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. |
| Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. |
| Improper access control in Azure Virtual Machines allows an authorized attacker to perform spoofing locally. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Storage allows an unauthorized attacker to execute code over a network. |
| Improper verification of cryptographic signature in Windows Certificates allows an unauthorized attacker to perform spoofing over a network. |
| User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. |
| Microsoft 365 Copilot BizChat Information Disclosure Vulnerability |
| Microsoft 365 Copilot BizChat Information Disclosure Vulnerability |
| Azure OpenAI Elevation of Privilege Vulnerability |
| Azure Portal Elevation of Privilege Vulnerability |
| Improper restriction of communication channel to intended endpoints in Windows Hyper-V allows an authorized attacker to execute code locally. |
| Improper authentication in Azure Stack allows an unauthorized attacker to disclose information over a network. |
| Missing authentication for critical function in Windows StateRepository API allows an authorized attacker to elevate privileges locally. |
| Time-of-check time-of-use (toctou) race condition in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally. |
| Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. |
| Heap-based buffer overflow in Microsoft Teams allows an unauthorized attacker to execute code over a network. |
| Relative path traversal in Windows Kerberos allows an authorized attacker to elevate privileges over a network. |
