| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-31322 | Hig | 0.51 | 7.8 | 0.00 | Jul 9, 2024 | In updateServicesLocked of AccessibilityManagerService.java, there is a possible way for an app to be hidden from the Setting while retaining Accessibility Service due to improper input validation. This could lead to local escalation of privilege with no additional execution… | ||
| CVE-2024-31320 | Hig | 0.51 | 7.8 | 0.00 | Jul 9, 2024 | In setSkipPrompt of AssociationRequest.java , there is a possible way to establish a companion device association without any confirmation due to CDM. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed… | ||
| CVE-2024-31319 | Hig | 0.51 | 7.8 | 0.00 | Jul 9, 2024 | In updateNotificationChannelFromPrivilegedListener of NotificationManagerService.java, there is a possible cross-user data leak due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not… | ||
| CVE-2024-31318 | Hig | 0.51 | 7.8 | 0.00 | Jul 9, 2024 | In CompanionDeviceManagerService.java, there is a possible way to pair a companion device without user acceptance due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed… | ||
| CVE-2024-31317 | Hig | 0.51 | 7.8 | 0.01 | Jul 9, 2024 | In multiple functions of ZygoteProcess.java, there is a possible way to achieve code execution as any app via WRITE_SECURE_SETTINGS due to unsafe deserialization. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not… | ||
| CVE-2024-31316 | Hig | 0.51 | 7.8 | 0.00 | Jul 9, 2024 | In onResult of AccountManagerService.java, there is a possible way to perform an arbitrary background activity launch due to parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for… | ||
| CVE-2024-31315 | Hig | 0.51 | 7.8 | 0.00 | Jul 9, 2024 | In multiple functions of ManagedServices.java, there is a possible way to hide an app with notification access in the Device & app notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges… | ||
| CVE-2024-31313 | Hig | 0.51 | 7.8 | 0.00 | Jul 9, 2024 | In availableToWriteBytes of MessageQueueBase.h, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2024-31311 | Hig | 0.51 | 7.8 | 0.00 | Jul 9, 2024 | In increment_annotation_count of stats_event.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2024-31310 | Hig | 0.51 | 7.8 | 0.00 | Jul 9, 2024 | In newServiceInfoLocked of AutofillManagerServiceImpl.java, there is a possible way to hide an enabled Autofill service app in the Autofill service settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges… | ||
| CVE-2024-23711 | Hig | 0.51 | 7.8 | 0.00 | Jul 9, 2024 | In DevmemXIntUnreserveRange of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for… | ||
| CVE-2024-23698 | Hig | 0.51 | 7.8 | 0.00 | Jul 9, 2024 | In RGXFWChangeOSidPriority of rgxfwutils.c, there is a possible arbitrary code execution due to a missing bounds check. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2024-23697 | Hig | 0.51 | 7.8 | 0.00 | Jul 9, 2024 | In RGXCreateHWRTData_aux of rgxta3d.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2024-23696 | Hig | 0.51 | 7.8 | 0.00 | Jul 9, 2024 | In RGXCreateZSBufferKM of rgxta3d.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2024-23695 | Hig | 0.51 | 7.8 | 0.00 | Jul 9, 2024 | In CacheOpPMRExec of cache_km.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2023-21114 | Hig | 0.51 | 7.8 | 0.00 | Jul 9, 2024 | In multiple locations, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2023-21113 | Hig | 0.51 | 7.8 | 0.00 | Jul 9, 2024 | In multiple locations, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2024-39063 | Hig | 0.57 | 8.8 | 0.00 | Jul 9, 2024 | Lime Survey <= 6.5.12 is vulnerable to Cross Site Request Forgery (CSRF). The YII_CSRF_TOKEN is only checked when passed in the body of POST requests, but the same check isn't performed in the equivalent GET requests. | ||
| CVE-2024-37872 | Hig | 0.53 | 8.1 | 0.01 | Jul 9, 2024 | SQL injection vulnerability in process.php in Itsourcecode Billing System in PHP 1.0 allows remote attackers to execute arbitrary SQL commands via the username parameter. | ||
| CVE-2024-37871 | Hig | 0.53 | 8.2 | 0.00 | Jul 9, 2024 | SQL injection vulnerability in login.php in Itsourcecode Online Discussion Forum Project in PHP with Source Code 1.0 allows remote attackers to execute arbitrary SQL commands via the email parameter. | ||
| CVE-2024-34139 | Hig | 0.51 | 7.8 | 0.00 | Jul 9, 2024 | Bridge versions 14.0.4, 13.0.7, 14.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a… | ||
| CVE-2024-29153 | Hig | 0.53 | 8.1 | 0.00 | Jul 9, 2024 | A vulnerability was discovered in Samsung Mobile Processor, Wearable Processor, and Modems with versions Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos… | ||
| CVE-2024-20785 | Hig | 0.51 | 7.8 | 0.00 | Jul 9, 2024 | InDesign Desktop versions ID19.3, ID18.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a… | ||
| CVE-2024-20783 | Hig | 0.51 | 7.8 | 0.00 | Jul 9, 2024 | InDesign Desktop versions ID19.3, ID18.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a… | ||
| CVE-2024-20782 | Hig | 0.51 | 7.8 | 0.00 | Jul 9, 2024 | InDesign Desktop versions ID19.3, ID18.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a… | ||
| CVE-2024-20781 | Hig | 0.51 | 7.8 | 0.00 | Jul 9, 2024 | InDesign Desktop versions ID19.3, ID18.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a… | ||
| CVE-2024-40039 | Hig | 0.57 | 8.8 | 0.00 | Jul 9, 2024 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userGroup_deal.php?mudi=del | ||
| CVE-2024-40037 | Hig | 0.57 | 8.8 | 0.00 | Jul 9, 2024 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userScore_deal.php?mudi=del | ||
| CVE-2024-40036 | Hig | 0.57 | 8.8 | 0.01 | Jul 9, 2024 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userGroup_deal.php?mudi=add&nohrefStr=close | ||
| CVE-2024-40034 | Hig | 0.57 | 8.8 | 0.00 | Jul 9, 2024 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userLevel_deal.php?mudi=del | ||
| CVE-2024-39684 | Hig | 0.51 | 7.8 | 0.00 | Jul 9, 2024 | Tencent RapidJSON is vulnerable to privilege escalation due to an integer overflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened;… | ||
| CVE-2024-38517 | Hig | 0.44 | 7.8 | 0.00 | Jul 9, 2024 | Tencent RapidJSON is vulnerable to privilege escalation due to an integer underflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened;… | ||
| CVE-2024-34123 | Hig | 0.46 | 7.0 | 0.00 | Jul 9, 2024 | Premiere Pro versions 23.6.5, 24.4.1 and earlier are affected by an Untrusted Search Path vulnerability that could lead to arbitrary code execution. An attacker could exploit this vulnerability by inserting a malicious file into the search path, which the application might… | ||
| CVE-2023-50807 | Hig | 0.53 | 8.1 | 0.00 | Jul 9, 2024 | A vulnerability was discovered in Samsung Wearable Processor and Modems with versions Exynos 9110, Exynos Modem 5123, Exynos Modem 5300 that allows an out-of-bounds write in the heap in 2G (no auth). | ||
| CVE-2023-50806 | Hig | 0.55 | 8.4 | 0.00 | Jul 9, 2024 | A vulnerability was discovered in Samsung Mobile Processor, Wearable Processor, and Modems with versions Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850 Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380 Exynos 1330, Exynos 9110, Exynos W920, Exynos… | ||
| CVE-2023-50805 | Hig | 0.53 | 8.1 | 0.00 | Jul 9, 2024 | A vulnerability was discovered in Samsung Mobile Processor, Wearable Processor, and Modems with versions Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos… | ||
| CVE-2024-6222 | Hig | 0.46 | 7.0 | 0.01 | Jul 9, 2024 | In Docker Desktop before v4.29.0, an attacker who has gained access to the Docker Desktop VM through a container breakout can further escape to the host by passing extensions and dashboard related IPC messages. Docker Desktop v4.29.0 https://docs.docker.com/desktop/release-note… | ||
| CVE-2024-39698 | Hig | 0.42 | 7.5 | 0.00 | Jul 9, 2024 | electron-updater allows for automatic updates for Electron apps. The file `packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts` implements the signature validation routine for Electron applications on Windows. Because of the surrounding shell, a first pass by… | ||
| CVE-2024-38112 | Hig | 0.67 | 7.5 | 0.84 | KEV | Jul 9, 2024 | Windows MSHTML Platform Spoofing Vulnerability | |
| CVE-2024-38104 | Hig | 0.57 | 8.8 | 0.02 | Jul 9, 2024 | Windows Fax Service Remote Code Execution Vulnerability | ||
| CVE-2024-38100 | Hig | 0.51 | 7.8 | 0.05 | Jul 9, 2024 | Windows File Explorer Elevation of Privilege Vulnerability | ||
| CVE-2024-38095 | Hig | 0.49 | 7.5 | 0.03 | Jul 9, 2024 | .NET and Visual Studio Denial of Service Vulnerability | ||
| CVE-2024-38094 | Hig | 0.69 | 7.2 | 0.50 | KEV | Jul 9, 2024 | Microsoft SharePoint Remote Code Execution Vulnerability | |
| CVE-2024-38092 | Hig | 0.57 | 8.8 | 0.02 | Jul 9, 2024 | Azure CycleCloud Elevation of Privilege Vulnerability | ||
| CVE-2024-38091 | Hig | 0.49 | 7.5 | 0.02 | Jul 9, 2024 | Microsoft WS-Discovery Denial of Service Vulnerability | ||
| CVE-2024-38088 | Hig | 0.57 | 8.8 | 0.02 | Jul 9, 2024 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | ||
| CVE-2024-38087 | Hig | 0.57 | 8.8 | 0.02 | Jul 9, 2024 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | ||
| CVE-2024-38085 | Hig | 0.51 | 7.8 | 0.05 | Jul 9, 2024 | Windows Graphics Component Elevation of Privilege Vulnerability | ||
| CVE-2024-38081 | Hig | 0.48 | 7.3 | 0.01 | Jul 9, 2024 | .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability | ||
| CVE-2024-38080 | Hig | 0.63 | 7.8 | 0.07 | KEV | Jul 9, 2024 | Windows Hyper-V Elevation of Privilege Vulnerability |
- risk 0.51cvss 7.8epss 0.00
In updateServicesLocked of AccessibilityManagerService.java, there is a possible way for an app to be hidden from the Setting while retaining Accessibility Service due to improper input validation. This could lead to local escalation of privilege with no additional execution…
- risk 0.51cvss 7.8epss 0.00
In setSkipPrompt of AssociationRequest.java , there is a possible way to establish a companion device association without any confirmation due to CDM. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed…
- risk 0.51cvss 7.8epss 0.00
In updateNotificationChannelFromPrivilegedListener of NotificationManagerService.java, there is a possible cross-user data leak due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not…
- risk 0.51cvss 7.8epss 0.00
In CompanionDeviceManagerService.java, there is a possible way to pair a companion device without user acceptance due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed…
- risk 0.51cvss 7.8epss 0.01
In multiple functions of ZygoteProcess.java, there is a possible way to achieve code execution as any app via WRITE_SECURE_SETTINGS due to unsafe deserialization. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not…
- risk 0.51cvss 7.8epss 0.00
In onResult of AccountManagerService.java, there is a possible way to perform an arbitrary background activity launch due to parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…
- risk 0.51cvss 7.8epss 0.00
In multiple functions of ManagedServices.java, there is a possible way to hide an app with notification access in the Device & app notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges…
- risk 0.51cvss 7.8epss 0.00
In availableToWriteBytes of MessageQueueBase.h, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- risk 0.51cvss 7.8epss 0.00
In increment_annotation_count of stats_event.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- risk 0.51cvss 7.8epss 0.00
In newServiceInfoLocked of AutofillManagerServiceImpl.java, there is a possible way to hide an enabled Autofill service app in the Autofill service settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges…
- risk 0.51cvss 7.8epss 0.00
In DevmemXIntUnreserveRange of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for…
- risk 0.51cvss 7.8epss 0.00
In RGXFWChangeOSidPriority of rgxfwutils.c, there is a possible arbitrary code execution due to a missing bounds check. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
- risk 0.51cvss 7.8epss 0.00
In RGXCreateHWRTData_aux of rgxta3d.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
- risk 0.51cvss 7.8epss 0.00
In RGXCreateZSBufferKM of rgxta3d.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
- risk 0.51cvss 7.8epss 0.00
In CacheOpPMRExec of cache_km.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
- risk 0.51cvss 7.8epss 0.00
In multiple locations, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- risk 0.51cvss 7.8epss 0.00
In multiple locations, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- risk 0.57cvss 8.8epss 0.00
Lime Survey <= 6.5.12 is vulnerable to Cross Site Request Forgery (CSRF). The YII_CSRF_TOKEN is only checked when passed in the body of POST requests, but the same check isn't performed in the equivalent GET requests.
- risk 0.53cvss 8.1epss 0.01
SQL injection vulnerability in process.php in Itsourcecode Billing System in PHP 1.0 allows remote attackers to execute arbitrary SQL commands via the username parameter.
- risk 0.53cvss 8.2epss 0.00
SQL injection vulnerability in login.php in Itsourcecode Online Discussion Forum Project in PHP with Source Code 1.0 allows remote attackers to execute arbitrary SQL commands via the email parameter.
- risk 0.51cvss 7.8epss 0.00
Bridge versions 14.0.4, 13.0.7, 14.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…
- risk 0.53cvss 8.1epss 0.00
A vulnerability was discovered in Samsung Mobile Processor, Wearable Processor, and Modems with versions Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos…
- risk 0.51cvss 7.8epss 0.00
InDesign Desktop versions ID19.3, ID18.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…
- risk 0.51cvss 7.8epss 0.00
InDesign Desktop versions ID19.3, ID18.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…
- risk 0.51cvss 7.8epss 0.00
InDesign Desktop versions ID19.3, ID18.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…
- risk 0.51cvss 7.8epss 0.00
InDesign Desktop versions ID19.3, ID18.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…
- risk 0.57cvss 8.8epss 0.00
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userGroup_deal.php?mudi=del
- risk 0.57cvss 8.8epss 0.00
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userScore_deal.php?mudi=del
- risk 0.57cvss 8.8epss 0.01
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userGroup_deal.php?mudi=add&nohrefStr=close
- risk 0.57cvss 8.8epss 0.00
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userLevel_deal.php?mudi=del
- risk 0.51cvss 7.8epss 0.00
Tencent RapidJSON is vulnerable to privilege escalation due to an integer overflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened;…
- risk 0.44cvss 7.8epss 0.00
Tencent RapidJSON is vulnerable to privilege escalation due to an integer underflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened;…
- risk 0.46cvss 7.0epss 0.00
Premiere Pro versions 23.6.5, 24.4.1 and earlier are affected by an Untrusted Search Path vulnerability that could lead to arbitrary code execution. An attacker could exploit this vulnerability by inserting a malicious file into the search path, which the application might…
- risk 0.53cvss 8.1epss 0.00
A vulnerability was discovered in Samsung Wearable Processor and Modems with versions Exynos 9110, Exynos Modem 5123, Exynos Modem 5300 that allows an out-of-bounds write in the heap in 2G (no auth).
- risk 0.55cvss 8.4epss 0.00
A vulnerability was discovered in Samsung Mobile Processor, Wearable Processor, and Modems with versions Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850 Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380 Exynos 1330, Exynos 9110, Exynos W920, Exynos…
- risk 0.53cvss 8.1epss 0.00
A vulnerability was discovered in Samsung Mobile Processor, Wearable Processor, and Modems with versions Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos…
- risk 0.46cvss 7.0epss 0.01
In Docker Desktop before v4.29.0, an attacker who has gained access to the Docker Desktop VM through a container breakout can further escape to the host by passing extensions and dashboard related IPC messages. Docker Desktop v4.29.0 https://docs.docker.com/desktop/release-note…
- risk 0.42cvss 7.5epss 0.00
electron-updater allows for automatic updates for Electron apps. The file `packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts` implements the signature validation routine for Electron applications on Windows. Because of the surrounding shell, a first pass by…
- risk 0.67cvss 7.5epss 0.84
Windows MSHTML Platform Spoofing Vulnerability
- risk 0.57cvss 8.8epss 0.02
Windows Fax Service Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.05
Windows File Explorer Elevation of Privilege Vulnerability
- risk 0.49cvss 7.5epss 0.03
.NET and Visual Studio Denial of Service Vulnerability
- risk 0.69cvss 7.2epss 0.50
Microsoft SharePoint Remote Code Execution Vulnerability
- risk 0.57cvss 8.8epss 0.02
Azure CycleCloud Elevation of Privilege Vulnerability
- risk 0.49cvss 7.5epss 0.02
Microsoft WS-Discovery Denial of Service Vulnerability
- risk 0.57cvss 8.8epss 0.02
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
- risk 0.57cvss 8.8epss 0.02
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.05
Windows Graphics Component Elevation of Privilege Vulnerability
- risk 0.48cvss 7.3epss 0.01
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
- risk 0.63cvss 7.8epss 0.07
Windows Hyper-V Elevation of Privilege Vulnerability