| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An elevation of privilege vulnerability exists due to a stack corruption in Windows Subsystem for Linux. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.
The security update addresses the vulnerability by correcting how Windows Subsystem for Linux handles objects in memory. |
| An elevation of privilege vulnerability exists in the way that the PsmServiceExtHost.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.
The security update addresses the vulnerability by ensuring the PsmServiceExtHost.dll properly handles objects in memory. |
| An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system.
The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. |
| An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.
To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.
The update addresses the vulnerability by correcting the way in which the Windows Graphics Component handles objects in memory. |
| An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.
To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.
The update addresses the vulnerability by correcting the way in which the Windows Graphics Component handles objects in memory. |
| IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an authenticated user to cause the program to crash due to a buffer being overwritten when it is allocated on the stack. |
| RemShutdown 2.9.0.0 contains a denial of service vulnerability in its registration key input that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the registration key field to trigger an application crash. |
| RemShutdown 2.9.0.0 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' registration field. Attackers can generate a 1000-character buffer payload and paste it into the registration name field to trigger an application crash. |
| SpotFTP 3.0.0.0 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Name' field to trigger an application crash. |
| An attacker could send crafted SMTP packets to cause a denial-of-service condition where the controller enters a major non-recoverable faulted state (MNRF) in CompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370 controllers, and Armor Compact GuardLogix 5370 Controllers Versions 20 - 30 and earlier. |
|
Dell PowerScale OneFS, 8.2.x-9.5.0.x, contains an information disclosure vulnerability in NFS. A low privileged attacker could potentially exploit this vulnerability, leading to information disclosure.
|
| Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
| Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. |
| Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. |
| Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. |
| Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. |
| Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. |
| Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally. |
| Integer overflow or wraparound in Windows Hyper-V allows an authorized attacker to elevate privileges locally. |
| Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. |
