| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The ZScaler service is susceptible to a local privilege escalation vulnerability found in the ZScalerService process. Fixed Version: Mac ZApp 4.2.0.241 and later.
|
| In the Linux kernel, the following vulnerability has been resolved:
s390/fpu: Re-add exception handling in load_fpu_state()
With the recent rewrite of the fpu code exception handling for the
lfpc instruction within load_fpu_state() was erroneously removed.
Add it again to prevent that loading invalid floating point register
values cause an unhandled specification exception. |
| In the Linux kernel, the following vulnerability has been resolved:
platform/surface: aggregator: Add missing call to ssam_request_sync_free()
Although rare, ssam_request_sync_init() can fail. In that case, the
request should be freed via ssam_request_sync_free(). Currently it is
leaked instead. Fix this. |
| In the Linux kernel, the following vulnerability has been resolved:
bcachefs: Fix sb_field_downgrade validation
- bch2_sb_downgrade_validate() wasn't checking for a downgrade entry
extending past the end of the superblock section
- for_each_downgrade_entry() is used in to_text() and needs to work on
malformed input; it also was missing a check for a field extending
past the end of the section |
| Electron Capture facilitates video playback for screen-sharing and capture. In versions 2.19.1 and below, the elecap app on macOS allows local unprivileged users to bypass macOS TCC privacy protections by enabling ELECTRON_RUN_AS_NODE. This environment variable allows arbitrary Node.js code to be executed via the -e flag, which runs inside the main Electron context, inheriting any previously granted TCC entitlements (such as access to Documents, Downloads, etc.). This issue is fixed in version 2.20.0. |
| ASP.NET Core Denial of Service Vulnerability |
| .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability |
| ASP.NET Core Security Feature Bypass Vulnerability |
| Microsoft Speech Application Programming Interface (SAPI) Elevation of Privilege Vulnerability |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
| Visual Studio Code Jupyter Extension Spoofing Vulnerability |
| Microsoft Windows Defender Elevation of Privilege Vulnerability |
| Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
| Microsoft On-Prem Data Gateway Security Feature Bypass Vulnerability |
| Microsoft Dynamics 365 Sales Spoofing Vulnerability |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability |
| Microsoft Exchange Server Spoofing Vulnerability |
| Microsoft Excel Security Feature Bypass Vulnerability |
| Microsoft Office Graphics Remote Code Execution Vulnerability |
