#windows

Event Tracing for Windows Information Disclosure Vulnerability. This CVE ID is unique from CVE-2023-21753.

Windows GDI Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21532.

An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch.

An authentication bypass vulnerability exists in the get_IFTTTTtoken.cgi functionality of Asus RT-AX82U 3.0.0.4.386_49674-ge182230. A specially-crafted HTTP request can lead to full administrative access to the device. An attacker would need to send a series of HTTP requests to exploit this vulnerability.

Inappropriate implementation in in Permission prompts in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to force acceptance of a permission prompt via a crafted HTML page. (Chromium security severity: Medium)

Inappropriate implementation in in File System API in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Low)

Microsoft released its monthly security update on Tuesday, disclosing 101 vulnerabilities. Of these vulnerabilities, 11 are classified as “Critical”, 89 are classified as “Important”, no vulnerability classified as “Moderate.”

72crm v9 was discovered to contain an arbitrary file upload vulnerability via the avatar upload function. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.

Online Food Ordering System version 2.0 suffers from a remote shell upload vulnerability.

WordPress Mega Main Menu plugin version 2.2.2 suffers from a backup disclosure vulnerability.