| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Azure App Service on Azure Stack Hub Elevation of Privilege Vulnerability |
| Windows Backup Service Elevation of Privilege Vulnerability |
| Windows Kernel Elevation of Privilege Vulnerability |
| Windows SMB Witness Service Elevation of Privilege Vulnerability |
| Azure Service Fabric Container Elevation of Privilege Vulnerability |
| Microsoft Office Visio Remote Code Execution Vulnerability |
| Improper authorization in Dynamics 365 Business Central resulted in a vulnerability that allows an authenticated attacker to elevate privileges over a network. |
| Microsoft Power Automate Desktop Remote Code Execution Vulnerability |
| Windows Remote Desktop Licensing Service Denial of Service Vulnerability |
| Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability |
| Microsoft SQL Server Elevation of Privilege Vulnerability |
| Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability |
| Microsoft Outlook for iOS Information Disclosure Vulnerability |
| Azure Stack Hub Elevation of Privilege Vulnerability |
| IBM Storage Scale Container Native Storage Access 5.1.2.1 -through 5.1.7.0 could allow an attacker to initiate connections to containers from external networks. IBM X-Force ID: 237812. |
| IBM Storage Scale Container Native Storage Access 5.1.2.1 through 5.1.7.0 could allow a local attacker to initiate connections from a container outside the current namespace. IBM X-Force ID: 237811. |
| NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain a vulnerability in the LDAP AAA component, where a user can cause improper access. A successful exploit of this vulnerability might lead to information disclosure, data tampering, and escalation of privileges. |
| A vulnerability in the file system permissions of Cisco IOS XE Software could allow an authenticated, local attacker to obtain read and write access to critical configuration or system files. The vulnerability is due to insufficient file system permissions on an affected device. An attacker could exploit this vulnerability by connecting to an affected device's guest shell, and accessing or modifying restricted files. A successful exploit could allow the attacker to view or modify restricted information or configurations that are normally not accessible to system administrators. |
| Some access control products are vulnerable to a session hijacking attack because the product does not update the session ID after a user successfully logs in. To exploit the vulnerability, attackers have to request the session ID at the same time as a valid user logs in, and gain device operation permissions by forging the IP and session ID of an authenticated user. |
| A vulnerability has been found in Demososo DM Enterprise Website Building System up to 2022.8 and classified as critical. Affected by this vulnerability is the function dmlogin of the file indexDM_load.php of the component Cookie Handler. The manipulation of the argument is_admin with the input y leads to improper authentication. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254605 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
