| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Insufficient granularity of access control in Microsoft Surface allows an authorized attacker to elevate privileges locally. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Clipboard Server allows an authorized attacker to elevate privileges locally. |
| Stack-based buffer overflow in Windows NTFS allows an authorized attacker to elevate privileges locally. |
| Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 7.3.0-BETA1 until 7.4.12 and 8.0.12, the JsonPath component compiles attacker-controlled match() and search() filter patterns directly into preg_match() without a length cap, i-regexp restriction, or bounded backtracking, allowing catastrophic-backtracking expressions to pin worker CPU and cause denial of service. This issue is fixed in versions 7.4.12 and 8.0.12. |
| Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. |
| Improper access control in Windows Server allows an authorized attacker to elevate privileges locally. |
| Use of uninitialized resource in Windows SMB allows an authorized attacker to disclose information locally. |
| Exposure of sensitive information to an unauthorized actor in Windows DirectX allows an unauthorized attacker to disclose information locally. |
| Improper access control in Windows Win32K allows an authorized attacker to elevate privileges locally. |
| Improper link resolution before file access ('link following') in Windows Server Backup allows an authorized attacker to elevate privileges locally. |
| Use after free in Quality Windows Audio/Video Experience (QWAVE) service allows an authorized attacker to elevate privileges locally. |
| Improper neutralization of special elements used in a command ('command injection') in Windows Admin Center allows an authorized attacker to execute code over a network. |
| Improper authorization in Windows Installer allows an authorized attacker to elevate privileges locally. |
| Heap-based buffer overflow in Microsoft Windows Media Foundation allows an unauthorized attacker to execute code over a network. |
| Pillow is a Python imaging library. Prior to 12.3.0, when Pillow loads an uncompressed McIdas AREA image from a filename through the mmap raw codec path, attacker-controlled header words can set a row stride smaller than the natural row width, causing pixel access such as Image.tobytes(), getpixel, convert, or save to read beyond the mapped region and disclose adjacent process memory or fault. This issue is fixed in version 12.3.0. |
| Improper access control in Extensible Storage Engine (ESENT) allows an authorized attacker to elevate privileges locally. |
| Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.1.0-BETA1 until 6.4.40, 7.4.12, and 8.0.12, HtmlSanitizer URL sanitization can allow off-allowlist URLs through allowLinkHosts() or allowMediaHosts() because UrlSanitizer::parse() follows RFC 3986 while browsers follow WHATWG URL parsing, and because <area href> is checked against the media policy rather than the link policy. This issue is fixed in versions 6.4.40, 7.4.12, and 8.0.12. |
| Deserialization of untrusted data in Microsoft Exchange Server allows an authorized attacker to elevate privileges locally. |
| Heap-based buffer overflow in Universal Plug and Play (upnp.dll) allows an authorized attacker to elevate privileges locally. |
| Heap-based buffer overflow in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges locally. |