| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print(). |
| The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure. |
| The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. |
| Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, user_setup, which modifies the permissions of the /etc/passwd file to 664 during build time. Developers who used Operator-SDK before 0.15.2 to scaffold their operator may still be impacted by this if the insecure user_setup script is still being used to build new container images.
In affected images, the /etc/passwd file is created during build time with group-writable permissions and a group ownership of root (gid=0). An attacker who can execute commands within an affected container, even as a non-root user, may be able to leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container. |
| Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability |
| Heap-based buffer overflow in Windows Core Messaging allows an authorized attacker to elevate privileges over a network. |
| An improper access control vulnerability in Power Pages allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control.
This vulnerability has already been mitigated in the service and all affected customers have been notified. This update addressed the registration control bypass. Affected customers have been given instructions on reviewing their sites for potential exploitation and clean up methods. If you've not been notified this vulnerability does not affect you. |
| Missing Authentication for Critical Function in Microsoft Bing allows an unauthorized attacker to execute code over a network |
| Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability |
| Visual Studio Code JS Debug Extension Elevation of Privilege Vulnerability |
| Windows Installer Elevation of Privilege Vulnerability |
| Windows Core Messaging Elevation of Privileges Vulnerability |
| Microsoft PC Manager Elevation of Privilege Vulnerability |
| Internet Connection Sharing (ICS) Denial of Service Vulnerability |
| Internet Connection Sharing (ICS) Denial of Service Vulnerability |
| Internet Connection Sharing (ICS) Denial of Service Vulnerability |
| Windows Core Messaging Elevation of Privileges Vulnerability |
| Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
| DHCP Client Service Denial of Service Vulnerability |
| Microsoft SharePoint Server Remote Code Execution Vulnerability |
