| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Windows Graphics Component Remote Code Execution Vulnerability |
| IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. The obsolete API call was removed in Faspex 4.4.2 PL2. IBM X-Force ID: 243512. |
| Windows SmartScreen Security Feature Bypass Vulnerability |
| Windows CNG Key Isolation Service Elevation of Privilege Vulnerability |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| Win32k Elevation of Privilege Vulnerability |
| Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| Microsoft Streaming Service Elevation of Privilege Vulnerability |
| Windows MSHTML Platform Elevation of Privilege Vulnerability |
| Windows SmartScreen Security Feature Bypass Vulnerability |
| Windows Error Reporting Service Elevation of Privilege Vulnerability |
| Windows Search Remote Code Execution Vulnerability |
| Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability |
| Acrobat Reader versions 23.003.20284 (and earlier), 20.005.30516 (and earlier) and 20.005.30514 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
| A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation.
Note that an attacker must first obtain administrative console access on the target system in order to exploit this vulnerability. |
| The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. |
| Windows Mark of the Web Security Feature Bypass Vulnerability |
| Microsoft WordPad Information Disclosure Vulnerability |
| Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
| Windows DWM Core Library Elevation of Privilege Vulnerability |
