| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Microsoft WordPad Information Disclosure Vulnerability |
| Windows Mark of the Web Security Feature Bypass Vulnerability |
| Windows Error Reporting Service Elevation of Privilege Vulnerability |
| Windows Search Remote Code Execution Vulnerability |
| .NET and Visual Studio Denial of Service Vulnerability |
| Skype for Business Elevation of Privilege Vulnerability |
| Microsoft SharePoint Server Remote Code Execution Vulnerability |
| Windows CNG Key Isolation Service Elevation of Privilege Vulnerability |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| Win32k Elevation of Privilege Vulnerability |
| Microsoft SharePoint Server Elevation of Privilege Vulnerability |
| Microsoft Streaming Service Elevation of Privilege Vulnerability |
| Windows MSHTML Platform Elevation of Privilege Vulnerability |
| Windows SmartScreen Security Feature Bypass Vulnerability |
| Microsoft Outlook Security Feature Bypass Vulnerability |
| Windows SmartScreen Security Feature Bypass Vulnerability |
| Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required. |
| Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack. |
| A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level privileges are required to exploit this vulnerability.
This vulnerability is due to improper validation of a file when it is read from system flash memory. An attacker could exploit this vulnerability by copying a crafted file to the disk0: file system of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the affected device after the next reload of the device, which could alter system behavior. Because the injected code could persist across device reboots, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High. |
| A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.
This vulnerability is due to incomplete error checking when parsing an HTTP header. An attacker could exploit this vulnerability by sending a crafted HTTP request to a targeted web server on a device. A successful exploit could allow the attacker to cause a DoS condition when the device reloads. |
