| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Dell SupportAssist OS Recovery, versions prior to 5.5.15.1, contain a Creation of Temporary File With Insecure Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. |
| An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerability in Fortinet FortiClientEMS 7.4.3 through 7.4.4, FortiClientEMS 7.4.0 through 7.4.1, FortiClientEMS 7.2.0 through 7.2.10, FortiClientEMS 7.0 all versions may allow an authenticated attacker with at least read-only admin permission to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests. |
| A vulnerability in the router mode configuration of HPE Instant On Access Points exposed certain network configuration details to unintended interfaces. A malicious actor could gain knowledge of internal network configuration details through inspecting impacted packets. |
| A vulnerability affecting HPE Networking Instant On Access Points has been identified where a device processing a specially crafted packet could enter a non-responsive state, in some cases requiring a hard reset to re-establish services. A malicious actor could leverage this vulnerability to conduct a Denial-of-Service attack on a target network. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Printer Association Object allows an authorized attacker to elevate privileges locally. |
| Time-of-check time-of-use (toctou) race condition in Windows Kernel Memory allows an authorized attacker to elevate privileges locally. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to elevate privileges locally. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an authorized attacker to elevate privileges locally. |
| Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. |
| Exposure of sensitive information to an unauthorized actor in Tablet Windows User Interface (TWINUI) Subsystem allows an authorized attacker to disclose information locally. |
| Out-of-bounds read in Windows Internet Connection Sharing (ICS) allows an unauthorized attacker to disclose information with a physical attack. |
| Use of a broken or risky cryptographic algorithm in Windows Kerberos allows an authorized attacker to disclose information locally. |
| Absolute path traversal in Windows Shell allows an unauthorized attacker to perform spoofing with a physical attack. |
| Out-of-bounds read in Capability Access Management Service (camsvc) allows an authorized attacker to disclose information locally. |
| Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally. |
| Use after free in Windows DWM allows an authorized attacker to elevate privileges locally. |
| Use after free in Windows Clipboard Server allows an unauthorized attacker to elevate privileges locally. |
| Out-of-bounds read in Capability Access Management Service (camsvc) allows an unauthorized attacker to disclose information locally. |
| Untrusted pointer dereference in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. |
| Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally. |
