| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| U-Boot environment is read from unauthenticated partition. |
| Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ACPM component, A-315191818. |
| Android before 2024-10-05 on Google Pixel devices allows privilege escalation in the ABL component, A-329163861. |
| Windows Kernel Elevation of Privilege Vulnerability |
| Windows Print Spooler Elevation of Privilege Vulnerability |
| Windows Kerberos Elevation of Privilege Vulnerability |
| Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability |
| Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability |
| Windows Fax Compose Form Remote Code Execution Vulnerability |
| Cluster Client Failover (CCF) Elevation of Privilege Vulnerability |
| Windows AppX Package Manager Elevation of Privilege Vulnerability |
| Windows Desktop Bridge Elevation of Privilege Vulnerability |
| Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
| Windows Fax Compose Form Remote Code Execution Vulnerability |
| Azure Site Recovery Remote Code Execution Vulnerability |
| Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage. |
| There exists a denial of service through Data corruption in gRPC-C++ - gRPC-C++ servers with transmit zero copy enabled through the channel arg GRPC_ARG_TCP_TX_ZEROCOPY_ENABLED can experience data corruption issues. The data sent by the application may be corrupted before transmission over the network thus leading the receiver to receive an incorrect set of bytes causing RPC requests to fail. We recommend upgrading past commit e9046b2bbebc0cb7f5dc42008f807f6c7e98e791 |
| There exists a stack buffer overflow in libjxl. A specifically-crafted file can cause the JPEG XL decoder to use large amounts of stack space (up to 256mb is possible, maybe 512mb), potentially exhausting the stack. An attacker can craft a file that will cause excessive memory usage. We recommend upgrading past commit 65fbec56bc578b6b6ee02a527be70787bbd053b0. |
| An improper input validation flaw was found in the eBPF subsystem in the Linux kernel. The issue occurs due to a lack of proper validation of dynamic pointers within user-supplied eBPF programs prior to executing them. This may allow an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code in the context of the kernel. |
| A vulnerability in the management API of Cisco DNA Center could allow an authenticated, remote attacker to elevate privileges in the context of the web-based management interface on an affected device. This vulnerability is due to the unintended exposure of sensitive information. An attacker could exploit this vulnerability by inspecting the responses from the API. Under certain circumstances, a successful exploit could allow the attacker to access the API with the privileges of a higher-level user account. To successfully exploit this vulnerability, the attacker would need at least valid Observer credentials. |
