IBM QRadar SIEM 7.4 and 7.5 is vulnerable to privilege escalation, allowing a user with some admin capabilities to gain additional admin capabilities. IBM X-Force ID: 239425.
Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.
Microsoft SharePoint Server Remote Code Execution Vulnerability
The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app with root privileges may be able to execute arbitrary code with kernel privileges.
<p>A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet arguments.</p> <p>An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. Exploitation of the vulnerability requires an authenticated user in a certain Exchange role to be compromised.</p> <p>The security update addresses the vulnerability by correcting how Microsoft Exchange handles cmdlet arguments.</p>
Remote code execution vulnerability can be achieved by using cookie values as paths to a file by this builder program. A remote attacker could exploit the vulnerability to execute or inject malicious code.
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is affected by privilege escalation. A privileged user could gain additional access to the application server.
Improper validation of some components used by the rollback mechanism in Trend Micro Apex One and Trend Micro Apex One as a Service clients could allow a Apex One server administrator to instruct affected clients to download an unverified rollback package, which could lead to remote code execution. Please note: an attacker must first obtain Apex One server administration console access in order to exploit this vulnerability.
Windows Kerberos Elevation of Privilege Vulnerability
Unquoted Search Path in Maxthon 5.1.0 to 5.2.7 Browser for Windows.
Azure Site Recovery Remote Code Execution Vulnerability
OS Command Injection vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to execute arbitrary OS commands. This issue affects: Hitachi RAID Manager Storage Replication Adapter 02.01.04 versions prior to 02.03.02 on Windows; 02.05.00 versions prior to 02.05.01 on Windows and Docker.
Azure Site Recovery Remote Code Execution Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Skype for Business and Lync Remote Code Execution Vulnerability
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution.
VMware Workspace ONE Access and Identity Manager contain an authenticated remote code execution vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2.
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution.
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution.
IBM WebSphere Automation 1.7.5 could allow a remote privileged user, who has authorized access to the swagger UI, to execute arbitrary code. Using specially crafted input, the user could exploit this vulnerability to execute arbitrary code on the system.
Wowza Streaming Engine below 4.9.1 permits an authenticated Streaming Engine Manager administrator to define a custom application property and poison a stream target for high-privilege remote code execution.
Windows DNS Server Remote Code Execution Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Azure Site Recovery Remote Code Execution Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Azure Site Recovery Remote Code Execution Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Windows Domain Name Service Remote Code Execution Vulnerability
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Azure Site Recovery Remote Code Execution Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Remote Code Execution Vulnerability
Azure Site Recovery Remote Code Execution Vulnerability
Azure Site Recovery Remote Code Execution Vulnerability
Azure Site Recovery Remote Code Execution Vulnerability
Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability
Microsoft SharePoint Server Remote Code Execution Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Microsoft SharePoint Server Remote Code Execution Vulnerability
Microsoft SharePoint Server Remote Code Execution Vulnerability
Microsoft SharePoint Server Remote Code Execution Vulnerability
Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability
Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability
Windows Kerberos Elevation of Privilege Vulnerability