Windows Common Log File System Driver Information Disclosure Vulnerability
Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
Windows TCP/IP Information Disclosure Vulnerability
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability
Windows Kernel Information Disclosure Vulnerability
DHCP Server Service Denial of Service Vulnerability
Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
PowerShell Information Disclosure Vulnerability
Open Management Infrastructure Information Disclosure Vulnerability
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Remote Procedure Call Information Disclosure Vulnerability
Buffer over-read in Windows NTFS allows an unauthorized attacker to disclose information locally.
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Windows Extended Negotiation Denial of Service Vulnerability
An issue was discovered in Faronics Insight 10.0.19045 on Windows. The Insight Teacher Console application allows unauthenticated attackers to view constantly updated screenshots of student desktops and to submit falsified screenshots on behalf of students. Attackers are able to view screenshots of student desktops without their consent. These screenshots may potentially contain sensitive/personal data. Attackers can also rapidly submit falsified images, hiding the actual contents of student desktops from the Teacher Console.
DHCP Server Service Information Disclosure Vulnerability
DHCP Server Service Denial of Service Vulnerability
Remote Procedure Call Runtime Denial of Service Vulnerability
Remote Procedure Call Runtime Denial of Service Vulnerability
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Remote Procedure Call Runtime Denial of Service Vulnerability
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
Remote Procedure Call Runtime Denial of Service Vulnerability
Remote Procedure Call Runtime Denial of Service Vulnerability
Remote Procedure Call Runtime Denial of Service Vulnerability
Windows Installer Information Disclosure Vulnerability
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
Windows Kernel Information Disclosure Vulnerability
Windows Common Log File System Driver Elevation of Privilege Vulnerability
On affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine (Sfe) can lead to a potential denial of service attack by sending malformed packets to the switch. This causes a leak of packet buffers and if enough malformed packets are received, the switch may eventually stop forwarding traffic.
Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.801 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating temporary files in directory with insecure permissions during Yandex Browser update process.
Windows Resilient File System (ReFS) Information Disclosure Vulnerability
Remote Desktop Licensing Diagnoser Information Disclosure Vulnerability
Splashtop Remote Client (Business Edition) through 3.4.8.3 creates a Temporary File in a Directory with Insecure Permissions.
Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability
Adobe Premiere Elements version 5.2 (and earlier) is affected by an insecure temporary file creation vulnerability. An unauthenticated attacker could leverage this vulnerability to call functions against the installer to perform high privileged actions. Exploitation of this issue does not require user interaction.
Microsoft Internet Explorer 6 through 9 does not properly implement JavaScript event handlers, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Event Handlers Information Disclosure Vulnerability."
Microsoft Office Graphics Remote Code Execution Vulnerability
Microsoft Windows Admin Center Information Disclosure Vulnerability
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 199149.
In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and older unsupported versions, HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping are additionally exposed under URIs that can potentially be exposed for unauthorized access depending on the Spring Security configuration.
XWiki Commons are technical libraries common to several other top level XWiki projects. It's possible to list some users who are normally not viewable from subwiki by requesting users on a subwiki which allows only global users with `uorgsuggest.vm`. This issue only concerns hidden users from main wiki. Note that the disclosed information are the username and the first and last name of users, no other information is leaked. The problem has been patched on XWiki 13.10.8, 14.4.3 and 14.7RC1.