Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

Heap-based buffer overflow in the Local Security Authority Subsystem Service (LSASS), as used in Active Directory in Microsoft Windows Server 2003 SP2 and Windows Server 2008 Gold, SP2, and R2; Active Directory Application Mode (ADAM) in Windows XP SP2 and SP3 and Windows Server 2003 SP2; and Active Directory Lightweight Directory Service (AD LDS) in Windows Vista SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, allows remote authenticated users to execute arbitrary code via malformed LDAP messages, aka "LSASS Heap Overflow Vulnerability."

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2, and 6.1.0.0 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code with SYSTEM privileges. IBM X-Force ID: 172452.

Microsoft SharePoint Remote Code Execution Vulnerability

Microsoft Defender for IoT Remote Code Execution Vulnerability

Microsoft Outlook Remote Code Execution Vulnerability

Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

Microsoft SharePoint Server Remote Code Execution Vulnerability

Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network.

Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network.

Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network.

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

Deserialization of untrusted data in Web Deploy allows an authorized attacker to execute code over a network.

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network.

Windows NTFS Remote Code Execution Vulnerability

Microsoft SharePoint Remote Code Execution Vulnerability

Microsoft Exchange Server Information Disclosure Vulnerability

Microsoft Exchange Remote Code Execution Vulnerability

Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability

Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability

System Center Operations Manager Elevation of Privilege Vulnerability

Microsoft SharePoint Server Tampering Vulnerability

Remote Procedure Call Runtime Remote Code Execution Vulnerability

IBM Maximo for Civil Infrastructure 7.6.2 includes executable functionality (such as a library) from a source that is outside of the intended control sphere. IBM X-Force ID: 196619.

Remote Procedure Call Runtime Remote Code Execution Vulnerability

Remote Procedure Call Runtime Remote Code Execution Vulnerability

Double free vulnerability in the Workstation service in Microsoft Windows allows remote authenticated users to gain privileges via a crafted RPC message to a Windows XP SP2 or SP3 or Server 2003 SP2 system, or cause a denial of service via a crafted RPC message to a Vista Gold, SP1, or SP2 or Server 2008 Gold or SP2 system, aka "Workstation Service Memory Corruption Vulnerability."

A buffer overflow issue was discovered in ZOOK solution(remote administration tool) through processing 'ConnectMe' command while parsing a crafted OUTERIP value because of missing boundary check. This vulnerability allows the attacker to execute remote arbitrary command.

IBM OpenPages with Watson 8.3 and 9.0 could allow remote attacker to bypass security restrictions, caused by insufficient authorization checks. By authenticating as an OpenPages user and using non-public APIs, an attacker could exploit this vulnerability to bypass security and gain unauthorized administrative access to the application. IBM X-Force ID: 264005.

In Cyxtera AppGate SDP Client 4.1.x through 4.3.x before 4.3.2 on Windows, a local or remote user from the same domain can gain privileges.

Reportexpress ProPlus contains a vulnerability that could allow an arbitrary code execution by inserted VBscript into the configure file(rxp).

A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes.

CompleteFTPService.exe in the server in EnterpriseDT CompleteFTP before 12.1.4 allows Remote Code Execution by leveraging a Windows user account that has SSH access. The exec command is always run as SYSTEM.

Improper access control for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via network access.

Microsoft Exchange Server Remote Code Execution Vulnerability

ASP.NET Elevation of Privilege Vulnerability

IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authenticated user to upload files of a dangerous file type. IBM X-Force ID: 271341.

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1295, CVE-2019-1296.

Arbitrary File Overwrite in Eclipse JGit <= 6.6.0 In Eclipse JGit, all versions <= 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive filesystem, or when a checkout from a clone of such a repository is performed on a case-insensitive filesystem. This can happen on checkout (DirCacheCheckout), merge (ResolveMerger via its WorkingTreeUpdater), pull (PullCommand using merge), and when applying a patch (PatchApplier). This can be exploited for remote code execution (RCE), for instance if the file written outside the working tree is a git filter that gets executed on a subsequent git command. The issue occurs only on case-insensitive filesystems, like the default filesystems on Windows and macOS. The user performing the clone or checkout must have the rights to create symbolic links for the problem to occur, and symbolic links must be enabled in the git configuration. Setting git configuration option core.symlinks = false before checking out avoids the problem. The issue was fixed in Eclipse JGit version 6.6.1.202309021850-r and 6.7.0.202309050840-r, available via Maven Central https://repo1.maven.org/maven2/org/eclipse/jgit/  and repo.eclipse.org https://repo.eclipse.org/content/repositories/jgit-releases/ . A backport is available in 5.13.3 starting from 5.13.3.202401111512-r. The JGit maintainers would like to thank RyotaK for finding and reporting this issue.

A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1257, CVE-2019-1295.