Acronis Cyber Protect 15 for Windows prior to build 27009 allowed local privilege escalation via binary hijacking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Acronis Cyber Protect 15 for Windows prior to build 27009 and Acronis Agent for Windows prior to build 26226 allowed local privilege escalation via DLL hijacking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Docker Desktop before 3.6.0 suffers from incorrect access control. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Azure Sphere Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.7).
Microsoft SharePoint Server Spoofing Vulnerability. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity.
Belledonne Belle-sip before 4.5.20, as used in Linphone and other products, can crash via an invalid From header in a SIP message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.
Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
.NET Core and Visual Studio Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
WAL-G before 1.1, when a non-libsodium build (e.g., one of the official binary releases published as GitHub Releases) is used, silently ignores the libsodium encryption key and uploads cleartext. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Wasm3 0.5.0 has a heap-based buffer overflow in op_Const64 (called from EvaluateExpression and m3_LoadModule). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
TensorFlow is an end-to-end open source platform for machine learning. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
Windows 10 Update Assistant Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.
TensorFlow is an end-to-end open source platform for machine learning. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.
TensorFlow is an end-to-end open source platform for machine learning. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
TensorFlow is an end-to-end open source platform for machine learning. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
TensorFlow is an end-to-end open source platform for machine learning. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
TensorFlow is an end-to-end open source platform for machine learning. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
TensorFlow is an end-to-end open source platform for machine learning. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
Microsoft Azure Active Directory Connect Authentication Bypass Vulnerability. Rated high severity (CVSS 7.1). This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.
Windows Event Tracing Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.
Azure CycleCloud Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).
Windows User Account Profile Picture Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).