9.1CVSS
8.8AI Score
0.041EPSS
6.6CVSS
8.1AI Score
0.011EPSS
9.1CVSS
8.8AI Score
0.041EPSS
6.5CVSS
6AI Score
0.001EPSS
A spoofing vulnerability exists in Microsoft Exchange Server which could result in an attack that would allow a malicious actor to impersonate the user. This update addresses this vulnerability. To prevent these types of attacks, Microsoft recommends customers to download inline images from...
5.4CVSS
5.6AI Score
0.001EPSS
7.8CVSS
8AI Score
0.0004EPSS
7.8CVSS
8AI Score
0.0004EPSS
8.8CVSS
8.2AI Score
0.005EPSS
5.4CVSS
6AI Score
0.001EPSS
8.4CVSS
8.9AI Score
0.025EPSS
9.1CVSS
8.9AI Score
0.034EPSS
6.4CVSS
5.9AI Score
0.001EPSS
6.6CVSS
7.6AI Score
0.007EPSS
5.4CVSS
6AI Score
0.001EPSS
6.2CVSS
6.3AI Score
0.001EPSS
5.5CVSS
6.7AI Score
0.013EPSS
8.5CVSS
8.4AI Score
0.008EPSS
Insufficient validation in the Bitdefender Update Server and BEST Relay components of Bitdefender Endpoint Security Tools versions prior to 6.6.20.294 allows an unprivileged attacker to bypass the in-place mitigations and interact with hosts on the network. This issue affects: Bitdefender Update...
9.1CVSS
9AI Score
0.002EPSS
An information disclosure vulnerability exists in how Microsoft Exchange validates tokens when handling certain messages. An attacker who successfully exploited the vulnerability could use this to gain further information from a user. To exploit the vulnerability, an attacker could include...
7.1CVSS
6.6AI Score
0.001EPSS
Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted...
6.6CVSS
7.2AI Score
0.002EPSS
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles data operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially...
6.6CVSS
7.1AI Score
0.0004EPSS
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially...
5.5CVSS
6.5AI Score
0.0004EPSS
A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet arguments. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. Exploitation of the vulnerability requires an authenticated....
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability...
A CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability exists in Schneider Electric Software Update (SESU), V2.4.0 and prior, which could cause execution of malicious code on the victim's machine. In order to exploit this vulnerability, an attacker requires privileged access.....
4.7CVSS
4.8AI Score
0.001EPSS
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting...
5.4CVSS
6.3AI Score
0.001EPSS
A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests, aka 'Azure DevOps Server HTML Injection...
6.1CVSS
6.8AI Score
0.001EPSS
A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server, aka 'Microsoft Exchange Server Spoofing...
5.4CVSS
5.1AI Score
0.001EPSS
An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability'. This CVE ID is unique from...
7.5CVSS
7.5AI Score
0.001EPSS
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting...
5.4CVSS
5.6AI Score
0.001EPSS
An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability'. This CVE ID is unique from...
7.5CVSS
7.5AI Score
0.001EPSS
An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege...
8.1CVSS
7.9AI Score
0.003EPSS
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption...
cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in...
7.5CVSS
7.5AI Score
0.005EPSS
A remote code execution vulnerability exists in Microsoft Exchange through the deserialization of metadata via PowerShell, aka 'Microsoft Exchange Remote Code Execution...
9.8CVSS
9.7AI Score
0.045EPSS
A remote code execution vulnerability exists when Azure DevOps Server (ADO) and Team Foundation Server (TFS) fail to validate input properly, aka 'Azure DevOps and Team Foundation Server Remote Code Execution...
9.8CVSS
9.8AI Score
0.025EPSS
In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus...
4.4CVSS
4.7AI Score
0.001EPSS
A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server (TFS) improperly handle user input, aka 'Azure DevOps Server and Team Foundation Server Remote Code Execution...
9.8CVSS
9.8AI Score
0.032EPSS
An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message.....
5.5CVSS
5.5AI Score
0.0004EPSS
AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update. An unauthenticated remote user could use a specially crafted database connection configuration file to execute an arbitrary process on the server...
7.5CVSS
8.7AI Score
0.005EPSS
An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are...
3.3CVSS
5.3AI Score
0.0004EPSS
A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and....
4.7CVSS
6.1AI Score
0.0004EPSS
Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel...
7CVSS
7.2AI Score
0.001EPSS
Apple Software Update before 2.2 on Windows does not use HTTPS, which makes it easier for man-in-the-middle attackers to spoof updates by modifying the client-server data...
5.9CVSS
4.9AI Score
0.001EPSS