| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An issue was discovered in the installer in Samsung Magician 8.1.0 on Windows. An attacker can create arbitrary folders in the system permission directory via a symbolic link during the installation process. |
| A vulnerability, which was classified as critical, has been found in Wondershare Filmora 14.5.16. Affected by this issue is some unknown functionality in the library CRYPTBASE.dll of the file NFWCHK.exe of the component Installer. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. |
| Win32k Elevation of Privilege Vulnerability |
| Windows Kernel Elevation of Privilege Vulnerability |
| Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability |
| Windows TCP/IP Information Disclosure Vulnerability |
| .NET Denial of Service Vulnerability |
| Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability |
| NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability |
| Windows HTML Platforms Security Feature Bypass Vulnerability |
| Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
| Windows Message Queuing Client (MSMQC) Information Disclosure |
| Windows Server Key Distribution Service Security Feature Bypass |
| Windows Subsystem for Linux Elevation of Privilege Vulnerability |
| Microsoft Identity Denial of service vulnerability |
| Azure IPAM (IP Address Management) is a lightweight solution developed on top of the Azure platform designed to help Azure customers manage their IP Address space easily and effectively. By design there is no write access to customers' Azure environments as the Service Principal used is only assigned the Reader role at the root Management Group level. Until recently, the solution lacked the validation of the passed in authentication token which may result in attacker impersonating any privileged user to access data stored within the IPAM instance and subsequently from Azure, causing an elevation of privilege. This vulnerability has been patched in version 3.0.0.
|
| JPress through 5.1.1 on Windows has an arbitrary file upload vulnerability that could cause arbitrary code execution via ::$DATA to AttachmentController, such as a .jsp::$DATA file to io.jpress.web.commons.controller.AttachmentController#upload. NOTE: this is unrelated to the attack vector for CVE-2024-32358. |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
| Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10 may allow an authenticated user to conduct an escalation of privilege via local access. |
| Acrobat Reader T5 (MSFT Edge) versions 120.0.2210.91 and earlier are affected by an Improper Input Validation vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
