The vulnerability of the Active Directory Federation Services (AD FS) for Windows operating systems allows a perpetrator to circumvent security restrictions and enhance their privileges.

The vulnerability of the Active Directory Federation Services AD FS for Windows operating systems is related to security configuration errors. Exploiting this vulnerability can allow a malicious actor to bypass security restrictions and increase their privileges...

The vulnerability of the HTTP Protocol Stack of Microsoft Windows operating systems arises from the possibility of operations going beyond the buffer in memory, allowing an attacker to execute arbitrary code.

The vulnerability of the HTTP Protocol Stack in Microsoft Windows operating systems is related to the execution of operations beyond the buffer in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

Microsoft Windows 权限许可和访问控制问题漏洞

Microsoft Windows is a suite of operating systems for use on personal devices from Microsoft Corporation USA. A vulnerability exists in Microsoft Windows AppContracts API Server with privilege license and access control issues. The following products and editions are affected:Windows 10 Version...

Microsoft Graphics Component 安全漏洞

Microsoft Graphics Component is a graphics driver component from Microsoft Corporation USA. A security vulnerability exists in Microsoft Graphics Component. The following products and versions are affected:Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607 for...

PT-2022-1530 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to errors in privilege management in the implementation of the Kerberos protocol in Windows operating systems. It allows a remote attacker to elevate their privileges...

The vulnerability of the GDI+ graphic library in Microsoft Windows operating systems allows attackers to gain unauthorized access to protected information.

The vulnerability of the GDI+ graphics library in Microsoft Windows operating systems is related to insufficient protection of service data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

Microsoft Security Update Validation Report November 2021

Microsoft’s November 2021 security updates have passed Citrix testing the updates are listed below. The testing is not all-inclusive; all tests are executed against English only environments and issues may still be found upon implementation. Follow best practices for testing and installing softwa...

The vulnerability of the TCP/IP protocol implementation in Microsoft Windows operating systems allows a perpetrator to cause service failures.

The vulnerability of the TCP/IP protocol implementation in Microsoft Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

Vulnerability of Windows operating systems related to insecure management of privileges, allowing attackers to escalate their privileges

Vulnerabilities of Windows operating systems are related to insecure management of privileges. Exploiting these vulnerabilities can allow attackers, who operate remotely, to enhance their privileges...

CVE-2021-29951

The Mozilla Maintenance Service granted SERVICESTART access to BUILTIN|Users which, in a domain network, grants normal remote users access to start or stop the service. This could be used to prevent the browser update service from operating if an attacker spammed the 'Stop' command; but also...

CVE-2021-29951

The Mozilla Maintenance Service granted SERVICESTART access to BUILTIN|Users which, in a domain network, grants normal remote users access to start or stop the service. This could be used to prevent the browser update service from operating if an attacker spammed the 'Stop' command; but also...

Command injection

The Mozilla Maintenance Service granted SERVICESTART access to BUILTIN|Users which, in a domain network, grants normal remote users access to start or stop the service. This could be used to prevent the browser update service from operating if an attacker spammed the 'Stop' command; but also...

The vulnerability of Remote Desktop Services (RDS) for Windows operating systems allows a hacker to carry out an attack using a spoofing technique.

The vulnerability of Remote Desktop Services RDS for Windows operating systems is related to resource release errors. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

The vulnerability of the Microsoft Enhanced Cryptographic Provider on Microsoft Windows operating systems allows attackers to enhance their privileges.

The vulnerability of Microsoft’s Enhanced Cryptographic Provider on Microsoft Windows operating systems is related to insecure management of privileges. Exploiting this vulnerability can allow attackers to enhance their privileges...

PT-2021-3288 · Microsoft · Intune Management Extension

Name of the Vulnerable Software and Affected Versions: Microsoft Intune Management Extension affected versions not specified Description: The issue is related to privilege management errors in the Intune management extension for Windows operating systems. Exploitation of this issue may allow a...

The vulnerability of the HTTP Protocol Stack in Microsoft Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the HTTP Protocol Stack in Microsoft Windows operating systems is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using a specially created HTTP request...

PT-2021-3092

Name of the Vulnerable Software and Affected Versions Microsoft HTTP Protocol Stack versions prior to the fixed version Description The issue is related to a memory usage problem after memory release in the HTTP Protocol Stack of Microsoft Windows operating systems. This can be exploited by a...

Qualcomm Chipsets 输入验证错误漏洞

A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way of miniaturizing circuits mainly semiconductor devices, but also passive components, etc., and is often manufactured on the surface of semiconductor wafers. An input validation error vulnerability exists in Qualcomm chips. The...

Security Vulnerabilities fixed in Thunderbird 78.10.1 — Mozilla

The Maintenance Service granted SERVICESTART access to BUILTIN|Users which, in a domain network, grants normal remote users access to start or stop the service. This could be used to prevent the browser update service from operating if an attacker spammed the 'Stop' command; but also exposed atta...

The vulnerability of the Hyper-V hardware virtualization system for Windows operating systems allows a perpetrator to trigger a service failure.

The vulnerability of the Hyper-V hardware virtualization technology for Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...