| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Microsoft Edge (Chrome based) Spoofing on IE Mode |
| Microsoft Exchange Server Spoofing Vulnerability |
| Microsoft Exchange Server Spoofing Vulnerability |
| Console Window Host Security Feature Bypass Vulnerability |
| Microsoft SharePoint Server Remote Code Execution Vulnerability |
| Windows Fast FAT File System Driver Information Disclosure Vulnerability |
| Windows MSHTML Platform Remote Code Execution Vulnerability |
| Windows Graphics Component Remote Code Execution Vulnerability |
| Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability |
| Active Directory Security Feature Bypass Vulnerability |
| Windows Kernel Information Disclosure Vulnerability |
| Windows Print Spooler Elevation of Privilege Vulnerability |
| Windows Print Spooler Information Disclosure Vulnerability |
| Windows Media Audio Decoder Remote Code Execution Vulnerability |
| Microsoft Windows Media Foundation Remote Code Execution Vulnerability |
| In MISP before 2.4.148, app/Lib/Export/OpendataExport.php mishandles parameter data that is used in a shell_exec call. |
| Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Users should update to Apache Shiro 1.8.0. |
| TensorFlow is an open source platform for machine learning. In affected versions the implementation of `SplitV` can trigger a segfault is an attacker supplies negative arguments. This occurs whenever `size_splits` contains more than one value and at least one value is negative. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. |
| FirstUseAuthenticator is a JupyterHub authenticator that helps new users set their password on their first login to JupyterHub. When JupyterHub is used with FirstUseAuthenticator, a vulnerability in versions prior to 1.0.0 allows unauthorized access to any user's account if `create_users=True` and the username is known or guessed. One may upgrade to version 1.0.0 or apply a patch manually to mitigate the vulnerability. For those who cannot upgrade, there is no complete workaround, but a partial mitigation exists. One can disable user creation with `c.FirstUseAuthenticator.create_users = False`, which will only allow login with fully normalized usernames for already existing users prior to jupyterhub-firstuserauthenticator 1.0.0. If any users have never logged in with their normalized username (i.e. lowercase), they will still be vulnerable until a patch or upgrade occurs. |
| Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.9, a vulnerable node is susceptible to crash when processing a maliciously crafted message from a peer. Version v1.10.9 contains patches to the vulnerability. There are no known workarounds aside from upgrading. |
