| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A security flaw has been discovered in Portabilis i-Diario up to 1.5.0. Affected by this vulnerability is an unknown functionality of the file /password/email of the component Password Recovery Endpoint. The manipulation results in observable response discrepancy. It is possible to launch the attack remotely. This attack is characterized by high complexity. The exploitation appears to be difficult. The exploit has been released to the public and may be exploited. |
| Improper input validation for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow a privileged user to potentially enable denial of service via local access. |
| Error messages containing sensitive information in the File Abstraction Layer in TYPO3 CMS versions 9.0.0-9.5.54, 10.0.0-10.4.53, 11.0.0-11.5.47, 12.0.0-12.4.36, and 13.0.0-13.4.17 allow backend users to disclose full file paths via failed low-level file-system operations. |
| Improper input validation in Windows Hyper-V allows an unauthorized attacker to deny service locally. |
| Insufficient granularity of access control in Visual Studio allows an authorized attacker to disclose information locally. |
| Improper input validation in Active Directory Certificate Services (AD CS) allows an authorized attacker to deny service over a network. |
| Windows Cryptographic Information Disclosure Vulnerability |
| Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability |
| Windows Themes Spoofing Vulnerability |
| Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
| Microsoft SharePoint Server Remote Code Execution Vulnerability |
| Windows Virtual Trusted Platform Module Denial of Service Vulnerability |
| Windows Virtual Trusted Platform Module Denial of Service Vulnerability |
| Windows Kerberos Information Disclosure Vulnerability |
| Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability |
| Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability |
| Windows BitLocker Information Disclosure Vulnerability |
| A vulnerability has been identified in APOGEE PXC Series (BACnet) (All versions), APOGEE PXC Series (P2 Ethernet) (All versions), TALON TC Series (BACnet) (All versions). Affected devices connected to the network allow unrestricted access to sensitive files, such as databases. This could allow an attacker to download encrypted .db file containing passwords. |
| CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause unauthorized access to sensitive credential data when an attacker is able to capture local SMB traffic between a valid user within the BMS network and the vulnerable products. |
| jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.2, user control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful PNG file that results in high CPU utilization and denial of service. The vulnerability was fixed in jsPDF 3.0.2. |
