| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Improperly implemented security check for standard in Windows Secure Boot allows an authorized attacker to bypass a security feature locally. |
| Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally. |
| Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally. |
| Use after free in Windows Secure Socket Tunneling Protocol (SSTP) allows an unauthorized attacker to execute code over a network. |
| Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network. |
| Improper link resolution before file access ('link following') in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally. |
| Heap-based buffer overflow in Active Directory Domain Services allows an authorized attacker to execute code over a network. |
| Heap-based buffer overflow in Windows DHCP Server allows an authorized attacker to execute code over a network. |
| Improper certificate validation in Azure Monitor Agent allows an unauthorized attacker to elevate privileges over an adjacent network. |
| Stack-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. |
| Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
| Missing release of memory after effective lifetime in Windows Cryptographic Services allows an unauthorized attacker to deny service over a network. |
| External control of file name or path in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. |
| Deserialization of untrusted data in SQL Server allows an authorized attacker to execute code over a network. |
| Integer overflow or wraparound in Microsoft Defender allows an unauthorized attacker to execute code locally. |
| Heap-based buffer overflow in Microsoft Exchange Server allows an authorized attacker to execute code over a network. |
| A privilege escalation vulnerability exists in the HTTP authentication component in Archer VX1800v v1. Improper handling of user-controlled input may allow newline characters to be injected into internally constructed configuration data.
An
authenticated user with sufficient privileges may be able to modify account
settings and gain elevated administrative privileges. |
| An OS
command injection vulnerability exists in Archer VX800v v1 due to insufficient input sanitization of
the domain name parameter. An adjacent attacker who can access the relevant
HTTP interface can modify the parameter to inject shell metacharacters, resulting
in arbitrary code execution with root privileges.
Successful
exploitation may allow remote code execution and complete compromise of the
device. |
| An OS command
injection vulnerability exists in the TR-069 / CWMP management interface of Archer VX1800v v1 due to insufficient input validation and sanitization of
parameters, allowing crafted input to be executed as system-level commands.
Exploitation requires specific conditions such as TR-069 being enabled and ability
to influence ACS-delivered commands, compromise or control an ACS server.
Successful
exploitation may allow arbitrary command execution with root privileges,
resulting in complete compromise of the device. |