Source
CVE
Local Security Authority Subsystem Service Elevation of Privilege Vulnerability
An issue was discovered by Elastic whereby the Documents API of App Search logged the raw contents of indexed documents at INFO log level. Depending on the contents of such documents, this could lead to the insertion of sensitive or private information in the App Search logs. Elastic has released 8.11.2 and 7.17.16 that resolves this issue by changing the log level at which these are logged to DEBUG, which is disabled by default.
A vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to send packets with another VPN user's source IP address. This vulnerability is due to improper validation of the packet's inner source IP address after decryption. An attacker could exploit this vulnerability by sending crafted packets through the tunnel. A successful exploit could allow the attacker to send a packet impersonating another VPN user's IP address. It is not possible for the attacker to receive return packets.
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
Windows Telephony Server Elevation of Privilege Vulnerability
Windows DPAPI (Data Protection Application Programming Interface) Spoofing Vulnerability
Azure Connected Machine Agent Elevation of Privilege Vulnerability
Azure Machine Learning Compute Instance for SDK Users Information Disclosure Vulnerability