CVE Catalog

An elevation of privilege vulnerability has been identified in Windows Digital Media. This vulnerability allows an attacker to gain higher privileges on the affected system.

A denial-of-service vulnerability has been identified in Windows Remote Desktop Gateway (RD Gateway). This issue can cause the RD Gateway service to become unresponsive, potentially disrupting remote desktop connections.

A remote code execution vulnerability has been identified in the Windows Line Printer Daemon (LPD) service. This issue arises from improper parsing and handling of incoming print requests, allowing unauthenticated attackers to execute arbitrary code on affected systems. The vulnerability is present in several versions of Windows, including Windows 10, Windows 11, Windows Server 2022, and Windows Server 2025. The LPD service is not installed or enabled by default and has been deprecated since Windows Server 2012.

A remote code execution vulnerability has been identified in the Windows Telephony Service. This vulnerability allows an attacker to execute arbitrary code on the affected system. It is present in several versions of Windows Server and Windows 10, as well as in Windows 11 and Windows Server 2022.

A vulnerability allowing information disclosure has been identified in Microsoft Message Queuing. This issue arises from the improper handling of memory, which could allow an attacker to read small portions of heap memory. The vulnerability affects multiple versions of Windows Server and Windows 10.

A security feature bypass vulnerability has been identified in the MapUrlToZone function in Microsoft products. This vulnerability allows for the circumvention of security features, potentially leading to unauthorized access or actions.

A denial-of-service vulnerability has been identified in the Windows Kerberos Key Distribution Center (KDC) Proxy Service). An unauthenticated attacker could exploit this vulnerability by using a specially crafted application, leading to a disruption of service on the target system.

A spoofing vulnerability in Windows NTLM has been identified. This vulnerability allows an attacker to manipulate NTLM authentication, potentially leading to unauthorized access or actions. It affects multiple Windows versions, including Windows 10, Windows 11, various Windows Server editions, and specific system architectures.

A security feature bypass vulnerability has been identified in various Microsoft Windows operating systems, including several versions of Windows Server and Windows 10. This vulnerability allows an attacker to bypass the Secure Boot feature, which is designed to ensure that a device boots using only software that is trusted by the PC manufacturer. The vulnerability could be exploited by an attacker who has logged onto the system, potentially leading to the execution of unauthorized actions or the saving of invalid data states.

A vulnerability allowing information disclosure has been identified in Windows BitLocker. This issue could potentially allow an attacker to access sensitive information, specifically the BitLocker key. The vulnerability is present in several versions of Windows Server and Windows 10, as well as in Windows 11 and Windows Server 2022. The vulnerability arises from the need for an attacker to repeatedly exploit the issue by swapping virtual hard disks, indicating a high complexity in exploitation.

A security feature bypass vulnerability has been identified in Microsoft Windows, allowing attackers to bypass the Secure Boot feature. This vulnerability affects several versions of Windows Server and Windows 10, as well as Windows 11. The issue arises from improper access control, which could potentially be exploited to undermine the security provided by Secure Boot.

A security feature bypass vulnerability has been identified in Microsoft Secure Boot. This vulnerability allows an attacker to bypass the Secure Boot mechanism, which is designed to ensure that only trusted software is loaded during the boot process. The issue affects several versions of Windows, including Windows Server 2012, Windows Server 2016, Windows 10, Windows 11, and Windows Server 2022. The vulnerability arises from a failure in the protection mechanism, allowing for unauthorized modifications to the boot process.

A vulnerability allowing information disclosure has been identified in Windows BitLocker. This issue arises from the improper handling of hibernation images, which can be exposed in an unencrypted, cleartext format. The vulnerability is present in multiple Windows versions, including Windows 10 (various releases) and Windows 11 (version 22H2). Additionally, several Windows Server versions are affected. Exploitation of this vulnerability requires physical access to the machine's hard disk.

A denial-of-service vulnerability has been identified in the Windows Connected Devices Platform Service (Cdpsvc). This vulnerability allows an attacker to send specially crafted packets that can disrupt the availability of the service, leading to a denial-of-service condition.

An elevation of privilege vulnerability has been identified in the Windows Recovery Environment Agent. This vulnerability allows an attacker with physical access to a device to gain elevated privileges, potentially leading to unauthorized actions or access within the system.

A spoofing vulnerability has been identified in Active Directory Federation Server. This vulnerability allows an attacker to manipulate user interactions in a way that could lead to unauthorized actions being performed on behalf of the user.

A security feature bypass vulnerability has been identified in Microsoft Windows. This vulnerability allows an attacker to bypass the MapURLToZone method, which could lead to improper handling of security zones. The issue affects all supported versions of Microsoft Windows.

A remote code execution vulnerability has been identified in Microsoft Power Automate for Desktop, specifically in version 2.51 and prior to 2.52. This vulnerability allows for arbitrary code execution, with exploitation requiring user interaction.

A remote code execution vulnerability has been identified in Microsoft Access. This issue affects multiple versions of Microsoft Access, including the 2019 and 2021 LTSC releases, as well as Microsoft 365 Apps for Enterprise. The vulnerability arises from a heap-based buffer overflow, which could be exploited by sending a specially crafted email attachment that bypasses security measures and executes malicious code when opened. Notably, the Preview Pane does not pose an attack vector for this vulnerability.

A remote code execution vulnerability has been identified in multiple versions of Microsoft Visual Studio, including Visual Studio 2015 Update 3, Visual Studio 2019 version 16.11, Visual Studio 2022 versions 17.6, 17.8, 17.10, and 17.12. This vulnerability arises from a heap-based buffer overflow and an out-of-bounds read, allowing attackers to execute arbitrary code by convincing users to open a maliciously crafted package file in Visual Studio.

A remote code execution vulnerability has been identified in .NET, .NET Framework, and Microsoft Visual Studio. This issue arises from a buffer over-read in the .NET runtime, specifically in the 'DiaSymReader.dll' file. The vulnerability allows an attacker to execute arbitrary code by convincing a user to open a maliciously crafted package file in Visual Studio. The affected .NET Framework versions include 4.6/4.6.2, 4.7, 4.7.1, 4.7.2, and 4.8.1, as well as .NET 6.0.0 prior to 6.0.36, .NET 8.0.0 prior to 8.0.11, and .NET 9.0.0.

A vulnerability allowing elevation of privilege has been identified in the .NET Runtime, specifically in versions 6.0.0 prior to 6.0.36, 8.0.0 through 8.0.11, and 9.0.0 prior to 9.0.1, when installed on Linux. This vulnerability arises from the creation of temporary files in directories with insecure permissions, which can be exploited by attackers to overwrite arbitrary file content in the security context of the local system.

A remote code execution vulnerability has been identified in .NET and Microsoft Visual Studio. This issue arises from a heap-based buffer overflow, which is triggered by an integer overflow in the 'msdia140.dll' file. The vulnerability affects multiple versions of the .NET runtime and several releases of Visual Studio. Exploitation requires convincing a user to open a maliciously crafted package file in Visual Studio.

A remote code execution vulnerability has been identified in .NET 9.0, PowerShell 7.5, and Microsoft Visual Studio 2022. This vulnerability allows an attacker to execute arbitrary code on the affected system.

A critical deserialization vulnerability has been identified in AquilaCMS version 1.412.13. The issue arises in the file '/api/v2/categories', where the 'PostBody.populate' argument can be manipulated, leading to unauthorized data deserialization. This vulnerability can be exploited remotely.

A vulnerability in Ivanti Endpoint Manager (EPM) has been identified, specifically in versions prior to the January 2025 Security Update for both EPM 2024 and EPM 2022 SU6. This vulnerability arises from improper signature verification, which allows a remote, unauthenticated attacker to execute code. However, exploitation requires local user interaction.

A remote code execution vulnerability has been identified in Ivanti Endpoint Manager (EPM) versions prior to the January 2025 Security Update for both the 2024 and 2022 SU6 releases. This vulnerability arises from inadequate validation of filenames, allowing an unauthenticated attacker to execute arbitrary code remotely. Exploitation of this issue requires local user interaction.

A denial-of-service vulnerability has been identified in Ivanti Endpoint Manager (EPM) versions prior to the January 2025 Security Update for both the 2024 release and the 2022 SU6 release. The vulnerability arises from an out-of-bounds write, allowing a remote unauthenticated attacker to disrupt service.

A privilege escalation vulnerability has been identified in Ivanti Endpoint Manager (EPM) versions prior to the January 2025 Security Update for both the 2024 and 2022 SU6 releases. This vulnerability allows a local authenticated attacker to escalate privileges by exploiting an out-of-bounds read condition.

A denial-of-service vulnerability has been identified in Ivanti Endpoint Manager (EPM) versions prior to the January 2025 Security Update for both the 2024 release and the 2022 SU6 release. The vulnerability arises from an out-of-bounds write, which allows a remote unauthenticated attacker to disrupt service.

A denial-of-service vulnerability has been identified in Ivanti Endpoint Manager (EPM) versions prior to the January 2025 security update for both the 2024 and 2022 SU6 releases. The vulnerability arises from an out-of-bounds write, allowing remote unauthenticated attackers to disrupt service.

A denial-of-service vulnerability has been identified in Ivanti Endpoint Manager (EPM) versions prior to the January 2025 security update for both the 2024 and 2022 SU6 releases. The vulnerability arises from an out-of-bounds write, allowing remote unauthenticated attackers to disrupt service.

A denial-of-service vulnerability has been identified in Ivanti Endpoint Manager (EPM) versions prior to the January 2025 Security Update for both the 2024 and 2022 SU6 releases. The vulnerability arises from an out-of-bounds write, which allows a remote unauthenticated attacker to disrupt service.

A privilege escalation vulnerability has been identified in Ivanti Endpoint Manager (EPM) versions prior to the January 2025 Security Update for both the 2024 and 2022 SU6 releases. This vulnerability allows a local authenticated attacker to escalate privileges by exploiting an uninitialized resource.

A deserialization vulnerability allowing remote code execution has been identified in Ivanti Endpoint Manager (EPM) versions prior to the January 2024-2025 Security Update and the 2022 SU6 January-2025 Security Update. This vulnerability arises from the deserialization of untrusted data, which a remote unauthenticated attacker can exploit, although it requires local user interaction.

A SQL injection vulnerability has been identified in Ivanti Endpoint Manager (EPM) versions prior to the January 2024-2025 Security Update and the 2022 SU6 January-2025 Security Update. This vulnerability allows remote authenticated attackers with admin privileges to execute code remotely. The issue arises from incomplete fixes related to a previous vulnerability, CVE-2024-32848.

A path traversal vulnerability has been identified in Ivanti Endpoint Manager (EPM) versions prior to the January 2025 Security Update for both the 2024 release and the 2022 SU6 release. This vulnerability allows remote, unauthenticated attackers to access and leak sensitive information by exploiting the application's failure to properly validate file paths. The issue arises in the WSVulnerabilityCore.dll component, where certain web API endpoints can be manipulated to read files from the server's file system.

A path traversal vulnerability has been identified in Ivanti Endpoint Manager (EPM) versions 2024 November security update and prior, as well as 2022 SU6 November security update and prior. This vulnerability allows remote unauthenticated attackers to leak sensitive information by exploiting the application's web API endpoints related to vulnerability management.

A path traversal vulnerability has been identified in Ivanti Endpoint Manager (EPM) versions 2024 November security update and prior, as well as 2022 SU6 November security update and prior. This vulnerability allows remote, unauthenticated attackers to exploit absolute path traversal, leading to the leakage of sensitive information. The issue arises because the affected application does not properly validate user input in certain API endpoints, allowing attackers to manipulate file paths and access restricted data.

A vulnerability exists in Ivanti Endpoint Manager (EPM) versions prior to the January 2025 Security Update for both the 2024 and 2022 SU6 releases. This vulnerability allows remote authenticated attackers with admin privileges to execute code by exploiting an unbounded resource search path.

A race condition vulnerability has been identified in Rsync, specifically in versions through 3.2.4. This flaw occurs during the application's handling of symbolic links, where Rsync typically skips them by default. An attacker could exploit this behavior by replacing a regular file with a symbolic link at a strategic moment, allowing them to traverse symbolic links and bypass the default handling. Depending on the privileges of the Rsync process, this could result in leaking sensitive information or even escalating privileges.

A path traversal vulnerability has been identified in the rsync utility, specifically when the '--safe-links' option is used. The rsync client does not properly verify if a symbolic link destination from the server contains another symbolic link, allowing for traversal outside the intended directory. This flaw could lead to arbitrary file writes in unintended locations.

A path traversal vulnerability has been identified in the rsync utility, specifically in versions through 3.2.7. This vulnerability arises when the '--inc-recursive' option is enabled, either by default for many client options or by the server without client acknowledgment. The issue stems from inadequate verification of symbolic links, allowing a malicious server to manipulate file writing locations on the client, potentially overwriting critical files. This vulnerability is particularly concerning as it can be exploited to exfiltrate sensitive data or execute arbitrary code by overwriting files that are executed as scripts.

A vulnerability in Rsync versions through 3.2.7 allows a server to enumerate the contents of arbitrary files on a client's machine. This issue arises when files are transferred from the client to the server. During the transfer, the Rsync server sends checksums of local data to the client for comparison, determining what data needs to be sent. An attacker can exploit this by sending specially crafted checksum values for specific files, enabling them to reconstruct the files' contents byte by byte based on the client's responses. This vulnerability is particularly concerning as it can lead to the unauthorized disclosure of sensitive information, such as SSH keys, which could be exploited to execute malicious code on the client's machine by overwriting files like ~/.bashrc or ~/.popt.

A vulnerability in Rsync versions through 3.2.7 allows for information leakage via uninitialized stack memory. This issue arises when Rsync's daemon compares file checksums. An attacker can manipulate the checksum length to force a comparison with uninitialized memory, leaking one byte of sensitive data at a time. Over multiple requests, up to MAX_DIGEST_LEN - 8 bytes can be extracted, potentially bypassing Address Space Layout Randomization (ASLR).

A vulnerability in the Wikimedia Foundation MediaWiki DataTransfer Extension allows for Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) attacks. This issue affects MediaWiki DataTransfer Extension versions 1.39.X prior to 1.39.11, 1.41.X prior to 1.41.3, and 1.42.X prior to 1.42.2.

A cross-site scripting (XSS) vulnerability has been identified in the Wikimedia Foundation MediaWiki OpenBadges Extension. This issue arises from improper input sanitization during web page generation, allowing malicious users to inject harmful scripts. The vulnerability affects OpenBadges Extension versions 1.39.X prior to 1.39.11, 1.41.X prior to 1.41.3, and 1.42.X prior to 1.42.2.

A cross-site scripting (XSS) vulnerability has been identified in SourceCodester Task Reminder System version 1.0. The issue arises in the Maintenance Section, where user input in the 'System Name' argument is not properly sanitized before being output, allowing for the injection of malicious scripts. This vulnerability can be exploited remotely, but requires authentication and user interaction.

A critical vulnerability allowing unrestricted file upload has been identified in Shanghai Lingdang Information Technology Lingdang CRM versions through 8.6.0.0. The issue arises from an unknown function in the file '/crm/weixinmp/index.php', where the 'name' argument can be manipulated to upload files without restriction. This vulnerability can be exploited remotely.

A critical SQL injection vulnerability has been identified in Shanghai Lingdang Information Technology's Lingdang CRM, affecting versions through 8.6.0.0. The issue arises from the file '/crm/weixinmp/index.php' where the 'searchcontent' argument can be manipulated, allowing for SQL injection attacks to be executed remotely.