| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Microsoft Brokering File System Elevation of Privilege Vulnerability |
| Windows File Server Resource Management Service Elevation of Privilege Vulnerability |
| Windows Telephony Server Elevation of Privilege Vulnerability |
| Windows Update Stack Elevation of Privilege Vulnerability |
| Microsoft Install Service Elevation of Privilege Vulnerability |
| Windows Authentication Elevation of Privilege Vulnerability |
| Microsoft Excel Remote Code Execution Vulnerability |
| Windows Search Service Elevation of Privilege Vulnerability |
| Microsoft PLUGScheduler Scheduled Task Elevation of Privilege Vulnerability |
| Azure Monitor Agent Elevation of Privilege Vulnerability |
| Microsoft SharePoint Server Remote Code Execution Vulnerability |
| In JetBrains TeamCity version before 2022.10, Password parameters could be exposed in the build log if they contained special characters |
| Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform arbitrary read/write via a malicious file. (Chromium security severity: Critical) |
| OpenHarmony-v3.1.2 and prior versions had an Arbitrary file read vulnerability via download_server. Local attackers can install an malicious application on the device and reveal any file from the filesystem that is accessible to download_server service which run with UID 1000. |
| Netskope client is impacted by a vulnerability where an authenticated, local attacker can view sensitive information stored in NSClient logs which should be restricted. The vulnerability exists because the sensitive information is not masked/scrubbed before writing in the logs. A malicious user can use the sensitive information to download data and impersonate another user.
|
| Insertion of Sensitive Information into Log File vulnerability in Hitachi Ops Center Analyzer on Linux (Virtual Strage Software Agent component) allows local users to gain sensitive information.
This issue affects Hitachi Ops Center Analyzer: from 10.8.1-00 before 10.9.0-00
|
| The Foundry Magritte plugin osisoft-pi-web-connector versions 0.15.0 - 0.43.0 was found to be logging in a manner that captured authentication requests. This vulnerability is resolved in osisoft-pi-web-connector version 0.44.0. |
| The goTenna Pro App uses a weak password for sharing encryption keys via
the key broadcast method. If the broadcasted encryption key is captured
over RF, and password is cracked via brute force attack, it is possible
to decrypt it and use it to decrypt all future and past messages sent
via encrypted broadcast with that particular key. This only applies when
the key is broadcasted over RF. This is an optional feature, so it is
recommended to use local QR encryption key sharing for additional
security on this and previous versions. |
| A vulnerability in
Hitachi Vantara Pentaho Business Analytics Server versions before 9.2.0.2 and
8.3.0.25 does not cascade the hidden property to the children of the Home folder. This directory listing provides an attacker with the complete index of all the resources located
inside the directory.
|
| An issue discovered in Unisys Stealth 5.3.062.0 allows attackers to view sensitive information via the Enterprise ManagementInstaller_msi.log file. |
