| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network. |
| Integer overflow or wraparound in Microsoft Office allows an authorized attacker to elevate privileges locally. |
| Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. |
| Incorrect default permissions in .NET allows an authorized attacker to elevate privileges locally. |
| Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally. |
| Improper input validation in System Center Operations Manager allows an authorized attacker to elevate privileges over a network. |
| Insufficient verification of data authenticity in Windows App Installer allows an unauthorized attacker to perform spoofing over a network. |
| Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. |
| Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally. |
| Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
| Untrusted search path in Windows GDI allows an unauthorized attacker to execute code locally. |
| Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. |
| Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to elevate privileges over an adjacent network. |
| Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally. |
| Exposure of sensitive information to an unauthorized actor in Windows Accessibility Infrastructure (ATBroker.exe) allows an authorized attacker to disclose information locally. |
| Tina is a headless content management system. Prior to 2.1.2, TinaCMS allows users to create, update, and delete content documents using relative file paths (relativePath, newRelativePath) via GraphQL mutations. Under certain conditions, these paths are combined with the collection path using path.join() without validating that the resolved path remains within the collection root directory. Because path.join() does not prevent directory traversal, paths containing ../ sequences can escape the intended directory boundary. This vulnerability is fixed in 2.1.2. |
| Exposure of sensitive information to an unauthorized actor in Windows Shell Link Processing allows an unauthorized attacker to perform spoofing over a network. |
| Out-of-bounds read in Windows GDI+ allows an unauthorized attacker to disclose information over a network. |
| Out-of-bounds read in Microsoft Graphics Component allows an unauthorized attacker to disclose information locally. |
| Improper validation of specified type of input in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. |
