Microsoft Office Security Feature Bypass Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).
Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).
Windows Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).
Windows Clustered Shared Volume Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).
Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).
Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).
Windows Push Notifications Apps Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).
Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).
Storage Spaces Direct Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).
Storage Spaces Direct Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).
Windows ALPC Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).
Windows PlayToManager Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).
In ion_ioctl and related functions of ion.c, there is a possible use after free due to a race condition. Rated high severity (CVSS 7.0). No vendor patch available.
In startActivityForAttachedApplicationIfNeeded of RootWindowContainer.java, there is a possible way to overlay an app that believes it's still in the foreground, when it is not, due to a race. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.
In several functions of KeyguardServiceWrapper.java and related files,, there is a possible way to briefly view what's under the lockscreen due to a race condition. Rated high severity (CVSS 7.0). No vendor patch available.
In various functions of the USB gadget subsystem, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
Windows Clustered Shared Volume Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.
Windows Clustered Shared Volume Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.
Windows Clustered Shared Volume Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.
Windows WLAN AutoConfig Service Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.
Windows Clustered Shared Volume Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.
Windows Graphics Component Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Remote Desktop Protocol Client Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
Windows Server Service Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
Windows WLAN AutoConfig Service Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.
Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The WP-JS plugin for WordPress contains a script called wp-js.php with the function wp_js_admin, that accepts unvalidated user input and echoes it back to the user. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in Black Duck Hub’s embedded MadCap Flare documentation files could allow an unauthenticated remote attacker to conduct a cross-site scripting attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Windows LSA Spoofing Vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.
Windows Hyper-V Denial of Service Vulnerability. Rated medium severity (CVSS 5.6).
Windows Print Spooler Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Windows Print Spooler Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Windows Failover Cluster Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Windows NTFS Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Windows Remote Access Connection Manager Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Windows Graphics Component Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In getNodeValue of USCCDMPlugin.java, there is a possible disclosure of ICCID due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In private_handle_t of mali_gralloc_buffer.h, there is a possible information disclosure due to uninitialized data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In (TBD) of (TBD), there is a possible way to decrypt local data encrypted by the GSC due to improperly used crypto. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In broadcastServiceStateChanged of TelephonyRegistry.java, there is a possible way to learn base station information without location permission due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
In getAvailabilityStatus of PrivateDnsPreferenceController.java, there is a possible way for a guest user to change private DNS settings due to a permissions bypass. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In getArray of NotificationManagerService.java , there is a possible leak of one user notifications to another due to missing check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
An issue has been discovered in GitLab affecting all versions starting from 12.10 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
This is a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that is configured with a RunAs principal. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Windows Kernel Information Disclosure Vulnerability. Rated medium severity (CVSS 4.7).
In mmc_blk_read_single of block.c, there is a possible way to read kernel heap memory due to uninitialized data. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.