Microsoft Windows could allow a remote attacker to execute arbitrary code or BSOD the system, caused by a design flaw in the Network File System component.
A vulnerability was discovered in RealVNC VNC Server installations on Windows when running MSI repair, which can lead to a local user privilege escalation.
An OGNL injection vulnerability present in ActionChainResult class of xwork jar file would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance.
This module exploits a vulnerability in Microsoft MSDT, which can be leveraged to execute arbitrary code on vulnerable machines by convincing an unsuspecting user to open a malicious document.
Windows Ancillary Function Driver for WinSock is prone to a DoS because of an integer overflow.
A denial of service vulnerability exists in Point-to-Point Tunneling Protocol service when an unauthenticated attacker connects to the target system and sends specially crafted requests.
A deserialization vulnerability present in the OpenssoEngineController component of Oracle Access Manager allows a unauthenticated attacker with network access via HTTP to execute system commands.
An authentication bypass in Veeam.Backup.ServiceLib.CForeignInvokerNegotiateAuthenticator.Authenticate and a file upload present in ExecuteUploadManagerPerformUpload allows an unauthenticated attacker to execute system commands with the privileges of the "IIS Worker Process" process (NT AUTHORITY\\NETWORK SERVICE)
This bug could allow an attacker to gain code execution on an affected system by sending specially crafted packets to a system utilizing the HTTP Protocol Stack (http.sys) to process packets. No user interaction, no privileges required, and an elevated service add up to a wormable bug. And while this is definitely more server-centric, remember that Windows clients can also run http.sys, so all affected versions are affected by this bug. Test and deploy this patch quickly.
This is a remote code execution vulnerability that impacts some versions of Windows 10 32-bit and 64-bit, Windows 11 64-bit, and Windows Server 2019, 2022. The HTTP Protocol Stack enables Windows and applications to communicate with other devices. If exploited, this vulnerability could enable an unauthenticated attacker to send a specially crafted packet to a targeted server utilizing the HTTP Protocol Stack (http.sys) to process packets and ultimately, execute arbitrary code, and take control of the affected system.
This is a remote code execution vulnerability that impacts some versions of Windows 10 32-bit and 64-bit, Windows 11 64-bit, and Windows Server 2019, 2022. The HTTP Protocol Stack enables Windows and applications to communicate with other devices. If exploited, this vulnerability could enable an unauthenticated attacker to send a specially crafted packet to a targeted server utilizing the HTTP Protocol Stack (http.sys) to process packets and ultimately, execute arbitrary code, and take control of the affected system.
Description: JNDI features used in configuration, log messages, and parameters present in Apache Log4j2 do not protect against attacker controlled LDAP and other JNDI related endpoints. This library, used by Apache James, allows unauthenticated attackers to execute system commands.