| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A remote code execution security issue exists within Studio 5000 Logix Designer® due to incorrect authorization on a configuration file. This can allow any authenticated user to modify the paths of external tools configured within the application. If exploited, an attacker could alter the configuration to point to a malicious executable, resulting in arbitrary code execution when any user interacts with the external tools functionality. |
| Pillow is a Python imaging library. Prior to 12.3.0, Pillow's public rank-filter API can trigger a native heap out-of-bounds write when given a very large odd filter size because ImageFilter.RankFilter.filter() calls image.expand(size // 2, size // 2) before rank-filter size validation and ImagingExpand() computes output dimensions with unchecked signed int arithmetic. This issue is fixed in version 12.3.0. |
| Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally. |
| Nexus Repository 3 is vulnerable to Server-Side Request Forgery (SSRF) via the SSL Certificate Retrieval endpoint. A user holding the nexus:ssl-truststore:read permission could cause the server to initiate outbound connections to internal or otherwise restricted network hosts. This issue affects Nexus Repository 3.0.0 through versions prior to 3.94.0. |
| Integer overflow or wraparound in Microsoft Office allows an unauthorized attacker to disclose information locally. |
| Improper validation of specified type of input in Microsoft Office Word allows an unauthorized attacker to disclose information locally. |
| Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally. |
| Out-of-bounds read in Windows Active Directory allows an authorized attacker to deny service over a network. |
| Relative path traversal in DNS Server allows an authorized attacker to execute code over an adjacent network. |
| Buffer over-read in Windows NTFS allows an authorized attacker to disclose information locally. |
| Out-of-bounds read in Windows TCP/IP allows an authorized attacker to disclose information locally. |
| Integer underflow (wrap or wraparound) in Windows Kernel allows an authorized attacker to disclose information locally. |
| Use of uninitialized resource in Windows SMB allows an authorized attacker to disclose information locally. |
| Use of uninitialized resource in Microsoft Windows App Store allows an authorized attacker to disclose information locally. |
| Out-of-bounds read in Windows Kernel allows an authorized attacker to bypass a security feature locally. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows App Store allows an unauthorized attacker to elevate privileges over a network. |
| Improper restriction of rendered ui layers or frames in Microsoft Bing App for IOS allows an unauthorized attacker to perform spoofing over a network. |
| Improper limitation of a pathname to a restricted directory ('path traversal') in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Windows App Store allows an authorized attacker to elevate privileges locally. |
| A path traversal security issue exists within Studio 5000 Logix Designer® due to improper limitation of file paths within ACD project files. The software does not sanitize or validate file names embedded in the ACD file structure during the project opening procedure, allowing path traversal sequences to escape the intended extraction directory. If exploited, an attacker could craft a malicious ACD project file that results in arbitrary files being written to attacker-controlled locations on the file system, potentially leading to code execution. |