| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| In affected versions of Octopus Deploy it is possible to bypass rate limiting on login using null bytes. |
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability |
| Deserialization of untrusted data in Microsoft Update Catalog allows an unauthorized attacker to elevate privileges on the website’s webserver. |
| Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability |
| Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. |
| react-dev-utils on Windows allows developers to run a local webserver for accepting various commands, including a command to launch an editor. The input to that command was not properly sanitized, allowing an attacker who can make a network request to the server (either via CSRF or by direct request) to execute arbitrary commands on the targeted system. This issue affects multiple branches: 1.x.x prior to 1.0.4, 2.x.x prior to 2.0.2, 3.x.x prior to 3.1.2, 4.x.x prior to 4.2.2, and 5.x.x prior to 5.0.2. |
| Adobe After Effects versions 16.1.2 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. |
| Adobe Media Encoder versions 13.1 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . |
| PaperCut NG and PaperCut MF before 22.1.3 on Windows allow path traversal, enabling attackers to upload, read, or delete arbitrary files. This leads to remote code execution when external device integration is enabled (a very common configuration). |
| If Windows failed to duplicate a handle during process creation, the sandbox code may have inadvertently freed a pointer twice, resulting in a use-after-free and a potentially exploitable crash.
*This bug only affects Firefox on Windows when run in non-standard configurations (such as using `runas`). Other operating systems are unaffected.* This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. |
| "IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 236584." |
| "IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 223598." |
| Microsoft Azure Site Recovery Elevation of Privilege Vulnerability |
| Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability |
| Open Management Infrastructure (OMI) Remote Code Execution Vulnerability |
| Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability |
| Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability |
| A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process.
*This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. |
