| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Windows Security Support Provider Interface Elevation of Privilege Vulnerability |
| Windows HTML Platforms Security Feature Bypass Vulnerability |
| HEVC Video Extensions Remote Code Execution Vulnerability |
| HEVC Video Extensions Remote Code Execution Vulnerability |
| HEVC Video Extensions Remote Code Execution Vulnerability |
| HEVC Video Extensions Remote Code Execution Vulnerability |
| HEVC Video Extensions Remote Code Execution Vulnerability |
| Raw Image Extension Remote Code Execution Vulnerability |
| Windows PDEV Elevation of Privilege Vulnerability |
| Windows NT OS Kernel Elevation of Privilege Vulnerability |
| Windows DWM Core Library Elevation of Privilege Vulnerability |
| Windows Inking COM Elevation of Privilege Vulnerability |
| Microsoft Defender for IoT Elevation of Privilege Vulnerability |
| Microsoft Defender for IoT Remote Code Execution Vulnerability |
| Remote Desktop Client Remote Code Execution Vulnerability |
| Media Foundation Information Disclosure Vulnerability |
| Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21785. |
| Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21800. |
| A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific administrative functions.
This vulnerability is due to insufficient authorization enforcement mechanisms for users created by SAML SSO integration with an external identity provider. An attacker could exploit this vulnerability by submitting a series of specific commands to an affected device. A successful exploit could allow the attacker to modify a limited number of system settings, including some that would result in a system restart. In single-node Cisco ISE deployments, devices that are not authenticated to the network will not be able to authenticate until the Cisco ISE system comes back online. |
| A vulnerability, which was classified as critical, has been found in PHPGurukul Student Record System 3.2. Affected by this issue is some unknown functionality of the file /register.php. The manipulation of the argument session leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. |