| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A vulnerability has been discovered in Grafana OSS where an authorization bypass in the provisioning contact points API allows users with Editor role to modify protected webhook URLs without the required alert.notifications.receivers.protected:write permission. |
| A vulnerability in Grafana Tempo exposes the S3 SSE-C encryption key in plaintext through the /status/config endpoint, potentially allowing unauthorized users to obtain the key used to encrypt trace data stored in S3.
Thanks to william_goodfellow for reporting this vulnerability. |
| Use after free in Broadcast DVR allows an authorized attacker to elevate privileges locally. |
| Use after free in RPC Runtime allows an authorized attacker to execute code over a network. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to elevate privileges locally. |
| Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability |
| Out-of-bounds read in Windows Resilient File System (ReFS) allows an authorized attacker to elevate privileges locally. |
| Out-of-bounds read in Push Message Routing Service allows an authorized attacker to disclose information locally. |
| Heap-based buffer overflow in Windows File Server allows an authorized attacker to elevate privileges locally. |
| External control of file name or path in Windows Kernel allows an authorized attacker to elevate privileges locally. |
| Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. |
| Improper access control in Windows Projected File System allows an authorized attacker to elevate privileges locally. |
| Incorrect permission assignment for critical resource in Windows Accessibility Infrastructure (ATBroker.exe) allows an authorized attacker to elevate privileges locally. |
| Use after free in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally. |
| Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. |
| Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Device Association Service allows an authorized attacker to elevate privileges locally. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Device Association Service allows an authorized attacker to elevate privileges locally. |
| Null pointer dereference in Windows Performance Counters allows an authorized attacker to elevate privileges locally. |
| Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally. |
