| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network. |
| Sensitive data storage in improperly locked memory in Windows Kernel allows an authorized attacker to elevate privileges locally. |
| Improper link resolution before file access ('link following') in Windows Update Stack allows an authorized attacker to elevate privileges locally. |
| Sensitive data storage in improperly locked memory in Windows Update Stack allows an authorized attacker to elevate privileges locally. |
| Sensitive data storage in improperly locked memory in Microsoft Streaming Service allows an unauthorized attacker to deny service over a network. |
| Sensitive data storage in improperly locked memory in Windows TCP/IP allows an unauthorized attacker to execute code over a network. |
| Sensitive data storage in improperly locked memory in Windows upnphost.dll allows an authorized attacker to elevate privileges locally. |
| Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to disclose information locally. |
| Sensitive data storage in improperly locked memory in Remote Desktop Gateway Service allows an unauthorized attacker to deny service over a network. |
| Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally. |
| Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an authorized attacker to elevate privileges locally. |
| Improper link resolution before file access ('link following') in Visual Studio allows an unauthorized attacker to elevate privileges over a network. |
| Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally. |
| Improper link resolution before file access ('link following') in Windows Performance Recorder allows an authorized attacker to deny service locally. |
| Improper link resolution before file access ('link following') in Windows AppX Deployment Service allows an authorized attacker to elevate privileges locally. |
| Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over an adjacent network. |
| Improper link resolution before file access ('link following') in Windows Update Service allows an authorized attacker to elevate privileges locally. |
| Improper link resolution before file access ('link following') in Service Fabric allows an authorized attacker to elevate privileges locally. |
| This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Tahoe 26.3. An app may be able to gain root privileges. |
| A link following vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to traverse the file system to unintended locations.
We have already fixed the vulnerability in the following versions:
QTS 5.2.8.3350 build 20251216 and later
QuTS hero h5.3.2.3354 build 20251225 and later
QuTS hero h5.2.8.3350 build 20251216 and later |
