| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Win32k Elevation of Privilege Vulnerability |
| Microsoft Streaming Service Elevation of Privilege Vulnerability |
| Windows SmartScreen Security Feature Bypass Vulnerability |
| An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys, aka "Windows Win32k Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. |
| Incorrect validation of OCSP certificates vulnerability in TheGreenBow VPN, versions 7.5 and 7.6. During the IKEv2 authentication step, the OCSP-enabled VPN client establishes the tunnel even if it does not receive an OCSP response or if the OCSP response signature is invalid. |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. |
| Windows SmartScreen Security Feature Bypass Vulnerability |
| Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network. |
| Use after free in Windows DWM allows an authorized attacker to elevate privileges locally. |
| Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability |
| Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability |
| Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. |
| Improper input validation in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. |
| Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. |
| External control of file name or path in Internet Shortcut Files allows an unauthorized attacker to execute code over a network. |
| Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network. |
| IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. The obsolete API call was removed in Faspex 4.4.2 PL2. IBM X-Force ID: 243512. |
| Incorrect Default Permissions vulnerability in MongoDB Atlas SQL ODBC driver on Windows allows Privilege Escalation.This issue affects MongoDB Atlas SQL ODBC driver: from 1.0.0 through 2.0.0. |
| NVIDIA Display Driver for Windows and Linux contains a vulnerability in a video decoder, where an attacker might cause an out-of-bounds read. A successful exploit of this vulnerability might lead to information disclosure or denial of service. |
