| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability |
| Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands. |
| Windows Remote Desktop Configuration Service Tampering Vulnerability |
| 7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, 7-Zip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-25456. |
| Windows Kernel Security Feature Bypass Vulnerability |
| Avi Load Balancer contains an unauthenticated blind SQL Injection vulnerability which was privately reported to VMware. Patches are available to remediate this vulnerability in affected VMware products.
A malicious user with network access may be able to use specially crafted SQL queries to gain database access. |
| Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability |
| Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 4625. |
| Windows Telephony Service Remote Code Execution Vulnerability |
| Authentication bypass by spoofing in Azure AI Face Service allows an authorized attacker to elevate privileges over a network. |
| Microsoft Excel Remote Code Execution Vulnerability |
| Missing authorization in Microsoft Account allows an unauthorized attacker to elevate privileges over a network. |
| Microsoft Excel Remote Code Execution Vulnerability |
| DevDojo Voyager through version 1.8.0 is vulnerable to bypassing the file type verification when an authenticated user uploads a file via /admin/media/upload. An authenticated user can upload a web shell causing arbitrary code execution on the server. |
| Microsoft Excel Remote Code Execution Vulnerability |
| VMware Aria Operations for Logs contains a privilege escalation vulnerability. A malicious actor with non-administrative privileges and network access to Aria Operations for Logs API may be able to perform certain operations in the context of an admin user. |
| Microsoft Office Remote Code Execution Vulnerability |
| Local privilege escalation due to unquoted search path vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39378. |
| Microsoft Excel Remote Code Execution Vulnerability |
| Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39378. |
