| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 194891. |
| IBM WebSphere Application Server 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 194883. |
| A malicious 3rd party with local access to the Windows machine where MongoDB Compass is installed can execute arbitrary software with the privileges of the user who is running MongoDB Compass. This issue affects: MongoDB Inc. MongoDB Compass 1.x version 1.3.0 on Windows and later versions; 1.x versions prior to 1.25.0 on Windows. |
| Nessus Agent 8.2.4 and earlier for Windows were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific Windows executables as the Nessus host. This is different than CVE-2021-20099. |
| Nessus Agent 8.2.4 and earlier for Windows were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific Windows executables as the Nessus host. This is different than CVE-2021-20100. |
| Incomplete List of Disallowed Inputs in ManageEngine ServiceDesk Plus before version 11205 allows a remote, authenticated attacker to execute arbitrary commands with SYSTEM privileges. |
| Windows Remote Procedure Call Information Disclosure Vulnerability |
| PFX Encryption Security Feature Bypass Vulnerability |
| Windows Update Stack Setup Elevation of Privilege Vulnerability |
| Windows Installer Elevation of Privilege Vulnerability |
| Microsoft SharePoint Server Spoofing Vulnerability |
| Windows Fax Service Remote Code Execution Vulnerability |
| Microsoft Windows Media Foundation Remote Code Execution Vulnerability |
| Windows Win32k Elevation of Privilege Vulnerability |
| Windows GDI+ Information Disclosure Vulnerability |
| Windows LUAFV Elevation of Privilege Vulnerability |
| Microsoft Edge (HTML-based) Memory Corruption Vulnerability |
| Windows Hyper-V Elevation of Privilege Vulnerability |
| Windows Event Logging Service Elevation of Privilege Vulnerability |
| Windows Remote Procedure Call Runtime Elevation of Privilege Vulnerability |
