| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
| .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability |
| BCryptPasswordEncoder.matches(CharSequence,String) will incorrectly return true for passwords larger than 72 characters as long as the first 72 characters are the same. |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
| Visual Studio Remote Code Execution Vulnerability |
| An authorization issue was addressed with improved state management. This issue is fixed in iPadOS 17.7.5, iOS 18.3.1 and iPadOS 18.3.1. A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals. |
| A hardcoded credential vulnerability exists in a specific deployment pattern for Esri Portal for ArcGIS versions 11.4 and below that may allow a remote unauthenticated attacker to gain administrative access to the system. |
| Microsoft SharePoint Server Remote Code Execution Vulnerability |
| Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to version 4.9.1, an unsafe deserialization vulnerability allows for remote code execution on Wazuh servers. DistributedAPI parameters are a serialized as JSON and deserialized using `as_wazuh_object` (in `framework/wazuh/core/cluster/common.py`). If an attacker manages to inject an unsanitized dictionary in DAPI request/response, they can forge an unhandled exception (`__unhandled_exc__`) to evaluate arbitrary python code. The vulnerability can be triggered by anybody with API access (compromised dashboard or Wazuh servers in the cluster) or, in certain configurations, even by a compromised agent. Version 4.9.1 contains a fix. |
| This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.6. An app may be able to gain root privileges. |
| Microsoft Office Visio Remote Code Execution Vulnerability |
| SolarWinds Platform is vulnerable to a reflected cross-site scripting vulnerability. This was caused by an insufficient sanitation of input parameters. This vulnerability requires authentication by a high- privileged account to be exploitable. |
| Microsoft SharePoint Server Remote Code Execution Vulnerability |
| Deserialization of untrusted data in Microsoft Dataverse allows an authorized attacker to execute code over a network. |
| OS command injection in the admin web console of Ivanti CSA before version 5.0.5 allows a remote authenticated attacker with admin privileges to achieve remote code execution. |
| Microsoft Excel Remote Code Execution Vulnerability |
| Improper authorization in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network. |
| A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6 allows a remote authenticated attacker to achieve remote code execution. |
| Microsoft Office Visio Remote Code Execution Vulnerability |
| When installing Nessus Agent to a non-default location on a Windows host, Nessus Agent versions prior to 10.8.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location. |
