| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally. |
| Improper access control in Microsoft Windows DNS allows an authorized attacker to perform tampering locally. |
| Relative path traversal in DNS Server allows an authorized attacker to execute code over an adjacent network. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Key Guard allows an authorized attacker to elevate privileges locally. |
| Null pointer dereference in Windows Image Acquisition allows an authorized attacker to elevate privileges locally. |
| Buffer over-read in Windows NTFS allows an authorized attacker to disclose information locally. |
| Out-of-bounds read in Windows TCP/IP allows an authorized attacker to disclose information locally. |
| Protection mechanism failure in Windows Event Logging Service allows an authorized attacker to disclose information over a network. |
| Integer underflow (wrap or wraparound) in Windows Kernel allows an authorized attacker to disclose information locally. |
| Use of uninitialized resource in Windows SMB allows an authorized attacker to disclose information locally. |
| Use of uninitialized resource in Microsoft Windows App Store allows an authorized attacker to disclose information locally. |
| Out-of-bounds read in Windows Kernel allows an authorized attacker to bypass a security feature locally. |
| Improper access control in Windows Audio Compression Manager (ACM) allows an authorized attacker to elevate privileges locally. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows App Store allows an unauthorized attacker to elevate privileges over a network. |
| Improper restriction of rendered ui layers or frames in Microsoft Bing App for IOS allows an unauthorized attacker to perform spoofing over a network. |
| Exposure of sensitive system information to an unauthorized control sphere in Windows Kernel allows an unauthorized attacker to disclose information locally. |
| Heap-based buffer overflow in Windows USB Video Driver allows an unauthorized attacker to elevate privileges with a physical attack. |
| Improper limitation of a pathname to a restricted directory ('path traversal') in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Windows App Store allows an authorized attacker to elevate privileges locally. |
| A path traversal security issue exists within Studio 5000 Logix Designer® due to improper limitation of file paths within ACD project files. The software does not sanitize or validate file names embedded in the ACD file structure during the project opening procedure, allowing path traversal sequences to escape the intended extraction directory. If exploited, an attacker could craft a malicious ACD project file that results in arbitrary files being written to attacker-controlled locations on the file system, potentially leading to code execution. |