PT-2019-3912 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Microsoft Windows affected versions not specified Description: The issue is related to errors in handling objects in memory in the Win32k component of Windows operating systems. It allows an attacker to potentially elevate their privileges...

The vulnerability of Azure Active Directory (AAD) for managing authentication and access to Windows operating systems allows a perpetrator to gain access to a user account.

The vulnerability of Azure Active Directory AAD for managing authentication and access control on Windows operating systems is related to errors in processing MSA Managed Service Accounts cookie files. Exploiting this vulnerability could allow a malicious actor to gain access to a user account...

The vulnerability of the Windows GDI component in Windows operating systems allows attackers to disclose protected information.

The vulnerability of the Windows GDI component in Windows operating systems is related to errors in memory object handling. Exploiting this vulnerability can allow an attacker to disclose sensitive information through a specially crafted document or web page...

The vulnerability relates to the implementation of the HTTP/2 network protocol on Windows operating systems, Apache Traffic Server web servers, network software such as Envoy, and Node.js software platforms. This allows attackers to induce service interruptions.

The vulnerability of the HTTP/2 network protocol implementation in Windows operating systems, Apache Traffic Server web servers, networking software like Envoy, and Node.js software platforms is related to an uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious...

Microsoft Windows and Windows Server Remote Code Execution Vulnerability

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. A remote code execution vulnerability exists in Microsoft Windows, which arises from the...

The vulnerability of the Cisco Webex Network Recording Player and Cisco Webex Player for Windows operating systems allows a perpetrator to execute arbitrary code.

The vulnerability of the Cisco Webex Network Recording Player and Cisco Webex Player for Windows operating systems is related to the execution of operations beyond the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending a specially crafted...

4 New BlueKeep-like 'Wormable' Windows Remote Desktop Flaws Discovered

If you are using any supported version of the Windows operating system, stop everything and install the latest security updates from Microsoft immediately. Windows operating system contains four new critical wormable, remote code execution vulnerabilities in Remote Desktop Services, similar to th...

PT-2019-3052 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to an elevation of privilege in SyncController.dll, allowing an attacker to run arbitrary code with elevated privileges. To exploit this, an attacker would need to run ...

The vulnerability of the RDP protocol implementation in Windows operating systems allows attackers to circumvent two-factor authentication mechanisms.

The vulnerability of the RDP protocol implementation in Windows operating systems is related to errors in processing RDP sessions based on NLA. Exploiting this vulnerability allows an attacker to circumvent two-factor authentication mechanisms by temporarily disconnecting via RDP and then...

The vulnerability of the DirectWrite programming interface in Windows operating systems allows attackers to gain unauthorized access to protected information.

The vulnerability of the DirectWrite programming interface in Windows operating systems is related to errors in object handling in memory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

The vulnerability of the Windows GDI component in Windows operating systems allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Windows GDI component in Windows operating systems is related to errors in memory object handling. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information through a specially crafted document or web page...

The vulnerability of Azure Automation’s Windows operating system lies in the insecure management of privileges, allowing a malicious actor to escalate their privileges.

The vulnerability of the Azure Automation service for the Windows operating system is related to insecure management of privileges. Exploiting this vulnerability could allow a malicious actor to enhance their privileges remotely...

The vulnerability of the DirectX component of the Windows operating system, which allows attackers to exploit their privileges

The vulnerability of the DirectX component of the Windows operating system is related to errors in object handling in memory. Exploiting this vulnerability can allow an attacker to enhance their privileges through a specially created application...

The vulnerability of the Hyper-V hardware virtualization system for Windows operating systems allows a perpetrator to trigger a service failure.

The vulnerability of the Hyper-V hardware virtualization technology for Windows operating systems exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to trigger a service failure through a specially created application executed in the guest...

CVE-2019-3622

Files or Directories Accessible to External Parties in McAfee Data Loss Prevention DLPe for Windows 11.x prior to 11.3.0 allows authenticated user to redirect DLPe log files to arbitrary locations via incorrect access control applied to the DLPe log folder allowing privileged users to create...

The vulnerability of the DirectWrite programming interface in the Windows operating system allows a hacker to execute arbitrary code.

The vulnerability of the DirectWrite programming interface in the Windows operating system is related to errors in object handling in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created web page or document...

The vulnerability of the DirectWrite programming interface in the Windows operating system allows a hacker to execute arbitrary code.

The vulnerability of the DirectWrite programming interface in the Windows operating system is related to errors in object handling in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created web page or document...

The vulnerability of the Active Directory Federation Services (ADFS) on the Windows operating system allows a perpetrator to circumvent the blocking policy of ADFS.

The vulnerability of the Active Directory Federation Services ADFS on Windows operating systems is related to insecure management of privileges. Exploiting this vulnerability could allow a malicious actor to circumvent blocking policies by using a specially created application and brute-force...

The vulnerability of the DirectWrite programming interface in Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the DirectWrite application programming interface in Windows operating systems is related to errors in object handling in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

Microsoft Windows DNS Server Denial of Service Vulnerability

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is a set of operating systems for personal devices.Microsoft Windows Server is a set of server operating systems. Windows DNS Server is one of the DNS Domain Name System servers. A denial o...