| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Windows Runtime C++ Template Library Elevation of Privilege Vulnerability |
| Active Template Library Elevation of Privilege Vulnerability |
| Microsoft splwow64 Elevation of Privilege Vulnerability |
| Windows WLAN Service Elevation of Privilege Vulnerability |
| Windows Docker Information Disclosure Vulnerability |
| HEVC Video Extensions Remote Code Execution Vulnerability |
| HEVC Video Extensions Remote Code Execution Vulnerability |
| Windows AppX Deployment Extensions Elevation of Privilege Vulnerability |
| Microsoft SharePoint Server Spoofing Vulnerability |
| Windows Print Spooler Elevation of Privilege Vulnerability |
| Visual Studio Code Remote Code Execution Vulnerability |
| Microsoft is aware of the "Impersonation in the Passkey Entry Protocol" vulnerability. For more information regarding the vulnerability, please see this statement from the Bluetooth SIG.
To address the vulnerability, Microsoft has released a software update that will fail attempts to pair if the remote device exchanges a public key with the same X coordinate as the locally exchanged public key |
| Windows DNS Query Information Disclosure Vulnerability |
| Microsoft SQL Elevation of Privilege Vulnerability |
| Tableau Server fails to validate certain URLs that are embedded in emails sent to Tableau Server users. |
| The Duo Authentication Proxy installer prior to 5.2.1 did not properly validate file installation paths. This allows an attacker with local user privileges to coerce the installer to write to arbitrary privileged directories. If successful, an attacker can manipulate files used by Duo Authentication Proxy installer, cause Denial of Service (DoS) by deleting file(s), or replace system files to potentially achieve elevation of privileges. This is only exploitable during new installations, while the installer is running, and is not exploitable once installation has finished. Versions 5.2.1 of Duo Authentication Proxy installer addresses this issue. |
| A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. To exploit this vulnerability, the attacker would need to have valid credentials on the device. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending one or more crafted IPC messages to the AnyConnect process on an affected device. A successful exploit could allow the attacker to stop the AnyConnect process, causing a DoS condition on the device. Note: The process under attack will automatically restart so no action is needed by the user or admin. |
| A vulnerability in the upgrade component of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker with low privileges to read arbitrary files on the underlying operating system (OS) of an affected device. The vulnerability is due to insufficient file permission restrictions. An attacker could exploit this vulnerability by sending a crafted command from the local CLI to the application. A successful exploit could allow the attacker to read arbitrary files on the underlying OS of the affected device. The attacker would need to have valid user credentials to exploit this vulnerability. |
| NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to corrupt program data. |
| NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to access debug registers during runtime, which may lead to information disclosure. |
