A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.
A vulnerability has been identified in Siveillance VMS 2017 R2 (All versions < V11.2a), Siveillance VMS 2018 R1 (All versions < V12.1a), Siveillance VMS 2018 R2 (All versions < V12.2a), Siveillance. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.
A vulnerability has been identified in SIMATIC MV400 family (All Versions < V7.0.6). Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. Rated high severity (CVSS 7.0).
An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. Rated high severity (CVSS 7.0).
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. Rated high severity (CVSS 7.0).
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. Rated high severity (CVSS 7.0).
An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. Rated high severity (CVSS 7.0).
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. Rated high severity (CVSS 7.0).
An authenticated attacker in SAP E-Commerce (Business-to-Consumer application), versions 7.3, 7.31, 7.32, 7.33, 7.54, can change the price of the product to zero and also checkout, by injecting an. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity.
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity.
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity.
A denial of service vulnerability exists when Windows improperly handles objects in memory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
A spoofing vulnerability exists in Azure DevOps Server when it improperly handles requests to authorize applications, resulting in a cross-site request forgery. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
Diagnostics Agent in Solution Manager, version 7.2, stores several credentials such as SLD user connection as well as Solman user communication in the SAP Secure Storage file which is not encrypted. Rated low severity (CVSS 2.4), this vulnerability is low attack complexity. No vendor patch available.
A remote code execution vulnerability exists in the way that comctl32.dll handles objects in memory. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable.
An elevation of privilege vulnerability exists when the Windows Shell fails to validate folder shortcuts. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity.
An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. Rated medium severity (CVSS 6.3).
Automotive Dealer Portal in SAP R/3 Enterprise Application (versions: 600, 602, 603, 604, 605, 606, 616, 617) does not sufficiently encode user-controlled inputs, this makes it possible for an. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A denial of service vulnerability exists in Skype for Business. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.
It was found that OpenShift Container Platform versions 3.6.x - 4.6.0 does not perform SSH Host Key checking when using ssh key authentication during builds. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
SAP Work Manager, versions: 6.3, 6.4, 6.5 and SAP Inventory Manager, version 4.3, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A vulnerability has been identified in SCALANCE X-200 switch family (incl. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
It was found that Keycloak's Node.js adapter before version 4.8.3 did not properly verify the web token received from the server in its backchannel logout . Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to 2.2.5, 2.1 prior to 2.1.5, and 2.0 prior to 2.0.18, as well as older unsupported versions could be susceptible to an open redirector. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
It was found that a SAMLRequest containing a script could be processed by Picketlink versions shipped in Jboss Application Platform 7.2.x and 7.1.x. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Several web pages provided SAP NetWeaver Process Integration (versions: SAP_XIESR: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 and SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50) are not password. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability has been identified in SIMATIC MV400 family (All Versions < V7.0.6). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
A security feature bypass vulnerability exists when Windows Secure Kernel Mode fails to properly handle objects in memory. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity.
A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required.
A security feature bypass vulnerability exists in Edge that allows for bypassing Mark of the Web Tagging (MOTW). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, no authentication required.
A vulnerability was found in keycloak before 6.0.2. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required.
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. Rated medium severity (CVSS 4.7). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. Rated medium severity (CVSS 4.7). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. Rated medium severity (CVSS 4.7). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. Rated medium severity (CVSS 4.7). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. Rated medium severity (CVSS 4.7). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. Rated medium severity (CVSS 4.7). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. Rated medium severity (CVSS 4.7). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.