Azure RTOS Information Disclosure Vulnerability
Windows Mobile Broadband Driver Information Disclosure Vulnerability
Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak encryption (XOR obfuscation with a fixed key) when sending the user's PIN/Password over the USB connection from the host to the device, which might make it easier for attackers to decode a PIN/Password obtained by (1) sniffing or (2) spoofing the docking process.
IBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could could allow a physical user to obtain sensitive information due to not masking passwords during entry.
Insertion of sensitive information into log file in Windows NTFS allows an unauthorized attacker to disclose information with a physical attack.
ScaleFusion 10.5.2 does not properly limit users to the Edge application because file downloads can occur. NOTE: the vendor's position is "Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules."
A security feature bypass exists when Windows Secure Boot improperly restricts access to debugging functionality, aka 'Windows Secure Boot Security Feature Bypass Vulnerability'.
Encrypted disks created by PRIMX CRYHOD for Windows before Q.2020.4 (ANSSI qualification submission) or CRYHOD for Windows before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger outbound network traffic from computers on which disks are opened.
Missing Password Field Masking vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Agent component).This issue affects Hitachi Device Manager: before 8.8.5-04.
An issue was discovered in Faronics Insight 10.0.19045 on Windows. The Insight Teacher Console application exposes the teacher's Console password in cleartext via an API endpoint accessible from localhost. Attackers with physical access to the Teacher Console can open a web browser, navigate to the affected endpoint and obtain the teacher's password. This enables them to log into the Teacher Console and begin trivially attacking student machines.
A security feature bypass exists when Windows Secure Boot improperly restricts access to debugging functionality, aka 'Windows Secure Boot Security Feature Bypass Vulnerability'.
IBM Robotic Process Automation 20.12 through 21.0.6 could allow an attacker with physical access to the system to obtain highly sensitive information from system memory. IBM X-Force ID: 238053.
BitLocker Security Feature Bypass Vulnerability
IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 could allow a user with psychical access to the system to obtain sensitive information due to insufficiently protected credentials.
An authentication bypass vulnerability exists in Microsoft YourPhoneCompanion application for Android, in the way the application processes notifications generated by work profiles.This could allow an unauthenticated attacker to view notifications, aka 'Microsoft YourPhone Application for Android Authentication Bypass Vulnerability'.
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user with access to the local host (client machine) to obtain a login access token. IBM X-Force ID: 223019.
Secure Boot Security Feature Bypass Vulnerability
Secure Boot Security Feature Bypass Vulnerability
BitLocker Security Feature Bypass Vulnerability
Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability
Microsoft Edge for Android Information Disclosure Vulnerability
Windows Resilient File System (ReFS) Information Disclosure Vulnerability
Microsoft Windows Admin Center Information Disclosure Vulnerability
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Microsoft Office Graphics Remote Code Execution Vulnerability
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability
Windows Hyper-V Elevation of Privilege Vulnerability
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Windows Remote Desktop Licensing Service Denial of Service Vulnerability
Windows Graphics Component Elevation of Privilege Vulnerability
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Windows Remote Access Connection Manager Information Disclosure Vulnerability
Windows Common Log File System Driver Elevation of Privilege Vulnerability
DHCP Server Service Information Disclosure Vulnerability
DHCP Server Service Denial of Service Vulnerability
Windows Kernel Information Disclosure Vulnerability
Remote Procedure Call Runtime Denial of Service Vulnerability
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
Windows NFS Portmapper Information Disclosure Vulnerability
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
Remote Procedure Call Runtime Denial of Service Vulnerability
On affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine (Sfe) can lead to a potential denial of service attack by sending malformed packets to the switch. This causes a leak of packet buffers and if enough malformed packets are received, the switch may eventually stop forwarding traffic.
Remote Procedure Call Runtime Denial of Service Vulnerability
Microsoft Edge (Chromium-based) Tampering Vulnerability
Microsoft Protected Extensible Authentication Protocol (PEAP) Denial of Service Vulnerability
Windows Distributed File System (DFS) Remote Code Execution Vulnerability
Windows iSCSI Service Denial of Service Vulnerability
Windows Secure Channel Denial of Service Vulnerability