| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0
does not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system. |
| IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. |
| IBM InfoSphere Information 11.7 Server does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. |
| A DLL Hijacking caused by drive remapping combined with a poisoning of the activation cache in Microsoft Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022 allows a malicious authenticated attacker to elevate from a medium integrity process to a high integrity process without the intervention of a UAC prompt. |
| Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 40734. |
| The vulnerability consists of a session ID leak when saving a file downloaded from CGM CLININET. The identifier is exposed through a built-in Windows security feature that stores additional metadata in an NTFS alternate data stream (ADS) for all files downloaded from potentially untrusted sources. |
| Windows SMB Information Disclosure Vulnerability |
| Windows Overlay Filter Security Feature Bypass Vulnerability |
| Windows Error Reporting Information Disclosure Vulnerability |
| DirectX Graphics Kernel Elevation of Privilege Vulnerability |
| Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
| Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
| Chakra Scripting Engine Memory Corruption Vulnerability |
| Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
| Windows Lock Screen Security Feature Bypass Vulnerability |
| Windows GDI+ Information Disclosure Vulnerability |
| Windows Digital Media Receiver Elevation of Privilege Vulnerability |
| Windows NTFS Remote Code Execution Vulnerability |
| Windows Hyper-V Remote Code Execution Vulnerability |
| Windows Error Reporting Information Disclosure Vulnerability |
