22103 matches found
Windows LSA Spoofing Vulnerability
...
Microsoft Edge (Chromium-based) Spoofing Vulnerability
...
Visual Studio Code Elevation of Privilege Vulnerability
Improper access control in Visual Studio Code allows an authorized attacker to elevate privileges locally...
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
...
Windows Bluetooth Driver Elevation of Privilege Vulnerability
...
Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability
...
Win32k Elevation of Privilege Vulnerability
...
Active Directory Domain Services Elevation of Privilege Vulnerability
...
Windows Container Manager Service Elevation of Privilege Vulnerability
...
Microsoft SharePoint Server Spoofing Vulnerability
...
.NET Core and Visual Studio Denial of Service Vulnerability
...
OneDrive for Windows Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links. An attacker who successfully exploited this vulnerability could overwrite a targeted file with an elevated status. To exploit this vulnerability, an attacker would...
Microsoft Guidance for cleaning up orphaned keys generated on vulnerable TPMs and used for Windows Hello for Business
Microsoft is aware of an issue in Windows Hello for Business WHfB with public keys that persist after a device is removed from Active Directory, if the AD exists. After a user sets up Windows Hello for Business WHfB, the WHfB public key is written to the on-premises Active Directory. The WHfB key...
Windows Hyper-V Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally...
Microsoft Edge (Chromium-based) Spoofing Vulnerability
...
Intel: CVE-2023-28746 Register File Data Sampling (RFDS)
This CVE was assigned by Intel. Please see CVE-2023-28746 on CVE.org for more information...
Microsoft Edge for Android Spoofing Vulnerability
...
Microsoft DWM Core Library Elevation of Privilege Vulnerability
...
Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability
...
Windows Kerberos Elevation of Privilege Vulnerability
...
Windows Common Log File System Driver Elevation of Privilege Vulnerability
...
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
...
Windows Setup Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in Windows Setup in the way it handles permissions. A locally authenticated attacker could run arbitrary code with elevated system privileges. After successfully exploiting the vulnerability, an attacker could then install programs; view, change, or...
SQL RDBMS Engine Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in Microsoft SQL Server when it improperly handles pointer casting. An attacker could exploit the vulnerability if the attacker's credentials allow access to an affected SQL server database. An attacker who successfully exploited this vulnerability...
Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability
...
Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability
...
Microsoft Office Remote Code Execution Vulnerability
...
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
...
Windows Fast FAT File System Driver Elevation of Privilege Vulnerability
...
HTTP Protocol Stack Remote Code Execution Vulnerability
...
ASP.NET Core and Visual Studio Information Disclosure Vulnerability
...
Chromium: CVE-2021-21150 Use after free in Downloads
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Visual Studio JSON Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious 'package.json' file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...
Windows CryptoAPI Spoofing Vulnerability
A spoofing vulnerability exists in the way Windows CryptoAPI Crypt32.dll validates Elliptic Curve Cryptography ECC certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted,...
Microsoft Office Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft Office that could be exploited when a user opens a file containing a malformed graphics image or when a user inserts a malformed graphics image into an Office file. Such a file could also be included in an email attachment. An attacker cou...
Visual Studio Code Remote Code Execution Vulnerability
...
Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability
...
Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
...
Windows Kernel Elevation of Privilege Vulnerability
...
Windows DNS Server Remote Code Execution Vulnerability
...
Chromium: CVE-2022-0790 Use after free in Cast UI
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
3D Viewer Remote Code Execution Vulnerability
...
Microsoft Office Remote Code Execution Vulnerability
...
Chromium: CVE-2021-21152 Heap buffer overflow in Media
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Microsoft ASP.NET Core Security Feature Bypass Vulnerability
A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names. The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded. The security update address...
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
...
NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability
...
Microsoft Word Remote Code Execution Vulnerability
...
Microsoft Exchange Server Remote Code Execution Vulnerability
...
Visual Studio Remote Code Execution Vulnerability
...