| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| LightCMS v1.3.5 contains a remote code execution vulnerability in /app/Http/Controllers/Admin/NEditorController.php during the downloading of external images. |
| In SPIRE before versions 0.8.5, 0.9.4, 0.10.2, 0.11.3 and 0.12.1, the "aws_iid" Node Attestor improperly normalizes the path provided through the agent ID templating feature, which may allow the issuance of an arbitrary SPIFFE ID within the same trust domain, if the attacker controls the value of an EC2 tag prior to attestation, and the attestor is configured for agent ID templating where the tag value is the last element in the path. This issue has been fixed in SPIRE versions 0.11.3 and 0.12.1 |
| In SPIRE 0.8.1 through 0.8.4 and before versions 0.9.4, 0.10.2, 0.11.3 and 0.12.1, specially crafted requests to the FetchX509SVID RPC of SPIRE Server’s Legacy Node API can result in the possible issuance of an X.509 certificate with a URI SAN for a SPIFFE ID that the agent is not authorized to distribute. Proper controls are in place to require that the caller presents a valid agent certificate that is already authorized to issue at least one SPIFFE ID, and the requested SPIFFE ID belongs to the same trust domain, prior to being able to trigger this vulnerability. This issue has been fixed in SPIRE versions 0.8.5, 0.9.4, 0.10.2, 0.11.3 and 0.12.1. |
| NTFS Elevation of Privilege Vulnerability |
| Windows Media Video Decoder Remote Code Execution Vulnerability |
| Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability |
| Windows Kernel Information Disclosure Vulnerability |
| Azure AD Web Sign-in Security Feature Bypass Vulnerability |
| RPC Endpoint Mapper Service Elevation of Privilege Vulnerability |
| Windows Secure Kernel Mode Elevation of Privilege Vulnerability |
| Microsoft Internet Messaging API Remote Code Execution Vulnerability |
| Windows Event Tracing Elevation of Privilege Vulnerability |
| Windows Services and Controller App Elevation of Privilege Vulnerability |
| Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability |
| Quantum Development Kit for Visual Studio Code Remote Code Execution Vulnerability |
| Azure Sphere Unsigned Code Execution Vulnerability |
| Windows Media Photo Codec Information Disclosure Vulnerability |
| Microsoft Exchange Server Remote Code Execution Vulnerability |
| Windows Win32k Elevation of Privilege Vulnerability |
| Microsoft SharePoint Server Remote Code Execution Vulnerability |