473 matches found
CVE-2025-59033
The Microsoft vulnerable driver block list is implemented as Windows Defender Application Control WDAC policy. Entries that specify only the to-be-signed TBS part of the code signer certificate are properly blocked, but entries that specify the signing certificate's TBS hash along with a...
CVE-2025-59033
The Microsoft vulnerable driver block list is implemented as Windows Defender Application Control WDAC policy. Entries that specify only the to-be-signed TBS part of the code signer certificate are properly blocked, but entries that specify the signing certificate's TBS hash along with a...
CVE-2022-50238
The on-endpoint Microsoft vulnerable driver blocklist is not fully synchronized with the online Microsoft recommended driver block rules. Some entries present on the online list have been excluded from the on-endpoint blocklist longer than the expected periodic monthly Windows updates. It is...
CVE-2022-50238
The on-endpoint Microsoft vulnerable driver blocklist is not fully synchronized with the online Microsoft recommended driver block rules. Some entries present on the online list have been excluded from the on-endpoint blocklist longer than the expected periodic monthly Windows updates. It is...
Microsoft Windows Defender Application Control 安全漏洞
Microsoft Windows Defender Application Control WDAC is a security tool from Microsoft Corporation USA that restricts the operation of programs at the software level by configuring policies to reduce the scope of what hackers can attack. A security vulnerability exists in Microsoft Windows Defende...
CVE-2025-59033
The Microsoft vulnerable driver block list is implemented as Windows Defender Application Control WDAC policy. Entries that specify only the to-be-signed TBS part of the code signer certificate are properly blocked, but entries that specify the signing certificate's TBS hash along with a...
CVE-2022-50238
The on-endpoint Microsoft vulnerable driver blocklist is not fully synchronized with the online Microsoft recommended driver block rules. Some entries present on the online list have been excluded from the on-endpoint blocklist longer than the expected periodic monthly Windows updates. It is...
PT-2025-36472
Name of the Vulnerable Software and Affected Versions: Microsoft Windows affected versions not specified Description: The on-endpoint Microsoft vulnerable driver blocklist is not fully synchronized with the online Microsoft recommended driver block rules. Some entries present on the online list...
PT-2025-36478
Name of the Vulnerable Software and Affected Versions: Windows versions affected versions not specified Description: The Microsoft vulnerable driver block list, implemented as Windows Defender Application Control WDAC policy, does not properly block entries specifying the signing certificate’s TB...
CVE-2025-59033
The Microsoft vulnerable driver block list is implemented as Windows Defender Application Control WDAC policy. Entries that specify only the to-be-signed TBS part of the code signer certificate are properly blocked, but entries that specify the signing certificate's TBS hash along with a...
CVE-2025-59033
The CVE-2025-59033 entry describes a Microsoft Windows WDAC-based vulnerable driver block list where entries that specify the signing certificate’s TBS hash along with a FileAttribRef qualifier (e.g., file name/version) may not be blocked, regardless of HVCI being enabled. Affects the Microsoft v...
BIT-POWERSHELL-2020-0951 Windows Defender Application Control Security Feature Bypass Vulnerability
A security feature bypass vulnerability exists in Windows Defender Application Control WDAC which could allow an attacker to bypass WDAC enforcement. An attacker who successfully exploited this vulnerability could execute PowerShell commands that would be blocked by WDAC. To exploit the...
DEBIAN-CVE-2025-45766
poco v1.14.1-release was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14, and other rules; the dispute tagging is...
Freescout Helper::decrypt() function deserialization vulnerability
FreeScout is an open source helpdesk system built on the PHP Laravel framework, designed to provide users with functionality similar to Zendesk or Help Scout, but without sacrificing privacy or freedom. Freescout suffers from a deserialization vulnerability that stems from an application that...
CVE-2025-40736
A vulnerability has been identified in SINEC NMS All versions V4.0. The affected application exposes an endpoint that allows an unauthorized modification of administrative credentials. This could allow an unauthenticated attacker to reset the superadmin password and gain full control of the...
The vulnerability of Windows Defender Application Control on Windows operating systems allows attackers to circumvent existing security restrictions.
The vulnerability of Windows Defender Application Control WDAC on Windows operating systems is related to errors in verifying the cryptographic signature. Exploiting this vulnerability can allow a hacker to circumvent existing security restrictions...
CVE-2025-33069
Improper verification of cryptographic signature in App Control for Business WDAC allows an unauthorized attacker to bypass a security feature locally...
CVE-2025-33069
CVE-2025-33069 affects Windows App Control for Business (WDAC). The root cause is improper verification of cryptographic signatures in WDAC, enabling a local attacker to bypass the security feature. The vulnerability is categorized as a security feature bypass with medium severity (CVSS 3.1: Loca...
CVE-2022-31593
SAP Business One client - version 10.0 allows an attacker with low privileges, to inject code that can be executed by the application. An attacker could thereby control the behavior of the application...
CVE-2021-46899
SyncTrayzor 1.1.29 enables CEF Chromium Embedded Framework remote debugging, allowing a local attacker to control the application...