Microsoft Windows Kernel contains an exposed IOCTL (input and output control) with insufficient access control vulnerability within the IOCTL dispatcher in appid.sys that allows a local attacker to achieve privilege escalation.

Sources: CISA, NIST

Delta Electronics CNCSoft-B contains a stack-based buffer overflow vulnerability that can allow an attacker to execute arbitrary code.

Sources: CISA, Delta Electronics

MicroDicom DICOM Viewer contains heap-based buffer overflow and out-of-bounds write vulnerabilities that can allow an attacker to cause memory corruption issues leading to execution of arbitrary code.

Sources: CISA, MicroDicom

Microsoft Streaming Service contains an untrusted pointer dereference vulnerability that allows for privilege escalation, enabling a local attacker to gain system privileges.

Sources: CISA, NIST

Mitsubishi Electric Multiple Factory Automation Products contains an insufficient resource pool vulnerability that can allow a remote attacker to cause a temporary denial-of-service (DoS) condition for a certain period of time in the product's ethernet communication by performing a TCP SYN Flood attack.

Sources: CISA, Mitsubishi Electric

Santesoft Sante DICOM Viewer Pro contains an out-of-bounds read vulnerability that can allow an attacker to disclose information and execute arbitrary code on affected installations of the product.

Sources: CISA, Santesoft

GitLab contains an improper access control vulnerability that can allow group members with sub-maintainer roles to change the title of privately accessible deploy keys associated with projects in the group.

Sources: NIST, GitLab Support