| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Windows Event Tracing Elevation of Privilege Vulnerability |
| Windows WalletService Elevation of Privilege Vulnerability |
| Windows Projected File System Elevation of Privilege Vulnerability |
| Windows ActiveX Installer Service Information Disclosure Vulnerability |
| Windows Graphics Component Elevation of Privilege Vulnerability |
| Windows Hyper-V Remote Code Execution Vulnerability |
| Windows Update Service Elevation of Privilege Vulnerability |
| Windows Container Execution Agent Elevation of Privilege Vulnerability |
| Windows Virtual Registry Provider Elevation of Privilege Vulnerability |
| Windows Win32k Elevation of Privilege Vulnerability |
| Windows Installer Elevation of Privilege Vulnerability |
| Windows Graphics Component Remote Code Execution Vulnerability |
| Windows App-V Overlay Filter Elevation of Privilege Vulnerability |
| A local authenticated escalation of privilege vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in ClearPass OnGuard could allow local authenticated users on a Windows platform to elevate their privileges. A successful exploit could allow an attacker to execute arbitrary code with SYSTEM level privileges. |
| Improper input validation vulnerability in HANDY Groupware’s ActiveX moudle allows attackers to download or execute arbitrary files. This vulnerability can be exploited by using the file download or execution path as the parameter value of the vulnerable function. |
| A path traversal vulnerability in XPLATFORM's runtime archive function could lead to arbitrary file creation. When the .xzip archive file is decompressed, an arbitrary file can be d in the parent path by using the path traversal pattern ‘..\’. |
| Improper input validation vulnerability in XPLATFORM's execBrowser method can cause execute arbitrary commands. IF the second parameter value of the execBrowser function is ‘default’, the first parameter value could be passed to the ShellExecuteW API. The passed parameter is an arbitrary code to be executed. Remote attackers can use this vulnerability to execute arbitrary remote code. |
| Insufficient Verification of input Data leading to arbitrary file download and execute was discovered in Nexacro platform. This vulnerability is caused by an automatic update function that does not verify input data except version information. Remote attackers can use this incomplete validation logic to download and execute arbitrary malicious file. |
| A remote code execution vulnerability due to incomplete check for 'xheader_decode_path_record' function's parameter length value in the ark library. Remote attackers can induce exploit malicious code using this function. |
| An remote code execution vulnerability due to SSTI vulnerability and insufficient file name parameter validation was discovered in Genian NAC. Remote attackers are able to execute arbitrary malicious code with SYSTEM privileges on all connected nodes in NAC through this vulnerability. |
