| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. |
| IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 could allow an authenticated user to spoof the identity of another user due to improper authorization which could allow the user to bypass access restrictions. |
| IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0
does not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system. |
| IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. |
| IBM InfoSphere Information 11.7 Server does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. |
| A DLL Hijacking caused by drive remapping combined with a poisoning of the activation cache in Microsoft Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022 allows a malicious authenticated attacker to elevate from a medium integrity process to a high integrity process without the intervention of a UAC prompt. |
| The vulnerability consists of a session ID leak when saving a file downloaded from CGM CLININET. The identifier is exposed through a built-in Windows security feature that stores additional metadata in an NTFS alternate data stream (ADS) for all files downloaded from potentially untrusted sources. |
| Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability |
| Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability |
| Visual Studio Remote Code Execution Vulnerability |
| Microsoft Edge for Android Spoofing Vulnerability |
| Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability |
| Visual Studio Code Remote Code Execution Vulnerability |
| Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability |
| Dynamics CRM Webclient Cross-site Scripting Vulnerability |
| Azure DevOps Server and Team Foundation Services Spoofing Vulnerability |
| Microsoft Exchange Server Information Disclosure Vulnerability |
| Microsoft Exchange Remote Code Execution Vulnerability |
| Microsoft Exchange Remote Code Execution Vulnerability |
| Windows SMB Information Disclosure Vulnerability |
