| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| NMIS/BioDose V22.02 and previous versions rely on a common SQL Server user account to access data in the database. User access in the client application is restricted by a password authentication check in the client software but the underlying database connection always has access. The latest version of NMIS/BioDose introduces an option to use Windows user authentication with the database, which would restrict this database connection. |
| NMIS/BioDose V22.02 and previous version installations where the embedded Microsoft SQLServer Express is used are exposed in the Windows share accessed by clients in networked installs. By default, this directory has insecure directory paths that allow access to the SQL Server database and configuration files, which can contain sensitive data. |
| Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally. |
| Exposure of sensitive information to an unauthorized actor in Windows High Availability Services allows an authorized attacker to disclose information locally. |
| Double free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. |
| Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network. |
| Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally. |
| Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally. |
| Time-of-check time-of-use (toctou) race condition in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. |
| Exposure of sensitive information to an unauthorized actor in Microsoft Failover Cluster Virtual Driver allows an authorized attacker to disclose information locally. |
| Improper access control in Microsoft Windows Search Component allows an authorized attacker to deny service locally. |
| Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally. |
| External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network. |
| Improper link resolution before file access ('link following') in Windows Health and Optimized Experiences Service allows an authorized attacker to elevate privileges locally. |
| Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. |
| Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability |
| Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disclose information locally. |
| Out-of-bounds read in Windows MapUrlToZone allows an unauthorized attacker to disclose information over a network. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. |
| Insertion of sensitive information into log file in Windows StateRepository API allows an authorized attacker to disclose information locally. |
