| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network. |
| Memory corruption while processing INIT and multimode invoke IOCTL calls on FastRPC. |
| Use after free in Windows Event Tracing allows an authorized attacker to elevate privileges locally. |
| Memory corruption during dynamic process creation call when client is only passing address and length of shell binary. |
| Double free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally. |
| Memory corruption while rendering graphics using Adreno GPU drivers in Chrome. |
| Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. |
| Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands. |
| Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. |
| Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data".
You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information.
Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected.
Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links. |
| Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. |
| Dell Encryption Admin Utilities versions prior to 11.10.2 contain an Improper Link Resolution vulnerability. A local malicious user could potentially exploit this vulnerability, leading to privilege escalation. |
| Use after free in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally. |
| IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow an unauthenticated user in the environment to obtain highly sensitive information in configuration files. |
| Null pointer dereference in Windows NTFS allows an authorized attacker to elevate privileges locally. |
| IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow a privileged execute code in case management script creation due to the improper generation of code. |
| Use after free in Windows Media allows an authorized attacker to elevate privileges locally. |
| Local privilege escalation due to insecure file permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 40077. |
| Use after free in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally. |
| A vulnerability in the SSH implementation of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthenticated, remote attacker to impersonate Cisco NDFC-managed devices.
This vulnerability is due to insufficient SSH host key validation. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on SSH connections to Cisco NDFC-managed devices, which could allow an attacker to intercept this traffic. A successful exploit could allow the attacker to impersonate a managed device and capture user credentials. |
