| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Visual Studio Code Elevation of Privilege Vulnerability |
| Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability |
| Windows Disk Cleanup Tool Elevation of Privilege Vulnerability |
| Windows Setup Files Cleanup Elevation of Privilege Vulnerability |
| Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
| Windows Storage Elevation of Privilege Vulnerability |
| Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability |
| Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability |
| Microsoft Excel Information Disclosure Vulnerability |
| DHCP Client Service Remote Code Execution Vulnerability |
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability |
| Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability |
| Microsoft Digest Authentication Remote Code Execution Vulnerability |
| Microsoft Digest Authentication Remote Code Execution Vulnerability |
| Internet Connection Sharing (ICS) Denial of Service Vulnerability |
| Windows Active Directory Domain Services API Denial of Service Vulnerability |
| Visual Studio Installer Elevation of Privilege Vulnerability |
| Azure Network Watcher VM Extension Elevation of Privilege Vulnerability |
| There is a Cross‑Site Scripting (XSS) issue in Esri ArcGIS Pro versions 3.6.0 and earlier. ArcGIS Pro is a desktop application, and exploitation is limited to local users interacting with the application; no privileged role or elevated permissions are required beyond standard local user access. A local attacker can supply malicious strings that may be rendered and executed when a specific dialog within ArcGIS Pro is opened. This issue is fixed in ArcGIS Pro version 3.6.1. |
| ArcGIS Server version 11.5 and earlier on Windows and Linux does not properly validate uploaded files, which allows remote attackers to upload arbitrary files. However, exploitation is constrained by server-side controls that prevent execution of uploaded content and do not allow modification of existing application files or system configurations. As a result, successful exploitation would have a low impact on confidentiality, integrity, and availability, and would not enable service disruption, privilege escalation, or unauthorized access to sensitive data. |
