| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError. |
| The Easytest contains SQL injection vulnerabilities. After obtaining a user’s privilege, remote attackers can inject SQL commands into the parameters of the elective course management page to obtain all database and administrator permissions. |
| The Easytest contains SQL injection vulnerabilities. After obtaining user’s privilege, remote attackers can inject SQL commands into the parameters of the learning history page to access all database and obtain administrator permissions. |
| The “Teacher Edit” function of ShinHer StudyOnline System does not perform authority control. After logging in with user’s privilege, remote attackers can access and edit other users’ credential and personal information by crafting URL parameters. |
| An issue was discovered on DCN (Digital China Networks) S4600-10P-SI devices before R0241.0470. Due to improper parameter validation in the console interface, it is possible for a low-privileged authenticated attacker to escape the sandbox environment and execute system commands as root via shell metacharacters in the capture command parameters. Command output will be shown on the Serial interface of the device. Exploitation requires both credentials and physical access. |
| Visual Studio Code Elevation of Privilege Vulnerability |
| Microsoft SharePoint Server Spoofing Vulnerability |
| Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability |
| Microsoft Defender for IoT Remote Code Execution Vulnerability |
| Microsoft Defender for IoT Remote Code Execution Vulnerability |
| Microsoft Defender for IoT Elevation of Privilege Vulnerability |
| Microsoft Defender for IoT Remote Code Execution Vulnerability |
| Microsoft SharePoint Server Remote Code Execution Vulnerability |
| Microsoft Defender Remote Code Execution Vulnerability |
| Microsoft Word Remote Code Execution Vulnerability |
| Microsoft SharePoint Server Remote Code Execution Vulnerability |
| Active Directory Domain Services Elevation of Privilege Vulnerability |
| Windows Core Shell SI Host Extension Framework for Composable Shell Elevation of Privilege Vulnerability |
| Windows Kernel Elevation of Privilege Vulnerability |
| NTFS Elevation of Privilege Vulnerability |
