| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Use after free in Windows Kernel Mode Driver allows an authorized attacker to elevate privileges locally. |
| Improper authorization in Windows Admin Center allows an authorized attacker to execute code locally. |
| Deserialization of untrusted data in Azure Active Directory allows an unauthorized attacker to deny service over a network. |
| Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally. |
| Relative path traversal in Windows PowerShell allows an authorized attacker to execute code over a network. |
| Insufficient granularity of access control in Microsoft Surface allows an authorized attacker to elevate privileges locally. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Clipboard Server allows an authorized attacker to elevate privileges locally. |
| Stack-based buffer overflow in Windows NTFS allows an authorized attacker to elevate privileges locally. |
| Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 7.3.0-BETA1 until 7.4.12 and 8.0.12, the JsonPath component compiles attacker-controlled match() and search() filter patterns directly into preg_match() without a length cap, i-regexp restriction, or bounded backtracking, allowing catastrophic-backtracking expressions to pin worker CPU and cause denial of service. This issue is fixed in versions 7.4.12 and 8.0.12. |
| Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. |
| Improper access control in Windows Server allows an authorized attacker to elevate privileges locally. |
| Use of uninitialized resource in Windows SMB allows an authorized attacker to disclose information locally. |
| Exposure of sensitive information to an unauthorized actor in Windows DirectX allows an unauthorized attacker to disclose information locally. |
| Improper access control in Windows Win32K allows an authorized attacker to elevate privileges locally. |
| Improper link resolution before file access ('link following') in Windows Server Backup allows an authorized attacker to elevate privileges locally. |
| Use after free in Quality Windows Audio/Video Experience (QWAVE) service allows an authorized attacker to elevate privileges locally. |
| Improper neutralization of special elements used in a command ('command injection') in Windows Admin Center allows an authorized attacker to execute code over a network. |
| Improper authorization in Windows Installer allows an authorized attacker to elevate privileges locally. |
| Heap-based buffer overflow in Microsoft Windows Media Foundation allows an unauthorized attacker to execute code over a network. |
| Pillow is a Python imaging library. Prior to 12.3.0, when Pillow loads an uncompressed McIdas AREA image from a filename through the mmap raw codec path, attacker-controlled header words can set a row stride smaller than the natural row width, causing pixel access such as Image.tobytes(), getpixel, convert, or save to read beyond the mapped region and disclose adjacent process memory or fault. This issue is fixed in version 12.3.0. |