<p>A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) when the server fails to properly sanitize web requests to an affected Dynamics server. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.
In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
<p>A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.
<p>An elevation of privilege vulnerability exists when the Connected User Experiences and Telemetry Service improperly handles file operations. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity.
<p>An elevation of privilege vulnerability exists in the way that the StartTileData.dll handles file creation in protected locations. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity.
<p>An elevation of privilege vulnerability exists when the Microsoft Store Runtime improperly handles memory.</p> <p>To exploit this vulnerability, an attacker would first have to gain execution on. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity.
<p>An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles data operations. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity.
<p>An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
<p>An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
<p>A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system.</p> <p>To exploit the. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.
<p>A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system.</p> <p>To exploit the. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.
<p>An information disclosure vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
<p>An information disclosure vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
In Patient Information Center iX (PICiX) Versions C.02, C.03, the software parses a formatted message or structure but does not handle or incorrectly handles a length field that is inconsistent with. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In IntelliVue patient monitors MX100, MX400-550, MX600, MX700, MX750, MX800, MX850, MP2-MP90, and IntelliVue X2 and X3 Versions N and prior, the product receives input or data but does not validate. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in InspIRCd 2 before 2.0.29 and 3 before 3.6.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
In Patient Information Center iX (PICiX) Versions C.02 and C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX550, MX750, MX850, and IntelliVue X3 Versions N. Rated medium severity (CVSS 6.4), this vulnerability is low attack complexity. No vendor patch available.
<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
<p>A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
<p>An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.
<p>An elevation of privilege vulnerability exists in the way that the Wininit.dll handles objects in memory. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.
In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Devices supporting Bluetooth before 5.1 may allow man-in-the-middle attacks, aka BLURtooth. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
<p>An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys. Rated medium severity (CVSS 5.8).
A flaw was found in the Ansible Engine when using module_args. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
<p>An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
<p>An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
<p>An information disclosure vulnerability exists when the win32k component improperly provides kernel information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
<p>An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
<p>An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles file operations. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
<p>An elevation of privilege vulnerability exists when the Windows Language Pack Installer improperly handles file operations. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
<p>An information disclosure vulnerability exists when StartTileData.dll improperly handles objects in memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
<p>An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
<p>A denial of service vulnerability exists when Windows Routing Utilities improperly handles objects in memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
<p>An information disclosure vulnerability exists when a Windows Projected Filesystem improperly handles file redirections. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
<p>An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
<p>An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
<p>An information disclosure vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
<p>An information disclosure vulnerability exists when the win32k component improperly provides kernel information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
<p>An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Microsoft Graphics Component Denial of Service Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
<p>An information disclosure vulnerability exists when the Windows State Repository Service improperly handles objects in memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
<p>An information disclosure vulnerability exists in how splwow64.exe handles certain calls. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
Huawei smartphones BLA-A09 versions 8.0.0.123(C212),versions earlier than 8.0.0.123(C567),versions earlier than 8.0.0.123(C797);BLA-TL00B versions earlier than 8.1.0.326(C01);Berkeley-L09 versions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
<p>A information disclosure vulnerability exists when TLS components use weak hash algorithms. Rated medium severity (CVSS 5.4).
<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
<p>A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
<p>A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.