21767 matches found
Kerberos Security Feature Bypass Vulnerability
...
Encryption Key Negotiation of Bluetooth Vulnerability
Executive Summary Microsoft is aware of the Bluetooth BR/EDR basic rate/enhanced data rate, known as "Bluetooth Classic" key negotiation vulnerability that exists at the hardware specification level of any BR/EDR Bluetooth device. An attacker could potentially be able to negotiate the offered key...
Microsoft SQL Server Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles processing of internal functions. An attacker who successfully exploited this vulnerability could execute code in the context of the SQL Server Database Engine service account. To exploit the...
Microsoft Edge (Chromium-based) Spoofing Vulnerability
...
.NET and Visual Studio Denial of Service Vulnerability
...
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability
...
Windows DWM Core Library Elevation of Privilege Vulnerability
...
Chromium: CVE-2023-5475 Inappropriate implementation in DevTools
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Microsoft OneDrive for iOS Security Feature Bypass Vulnerability
...
Chromium: CVE-2023-0941 Use after free in Prompts
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. Google is aware that an exploit for CVE-2023-0941 exists in the wild...
Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability
...
3D Builder Remote Code Execution Vulnerability
...
Microsoft Exchange Server Information Disclosure Vulnerability
...
Windows Win32k Elevation of Privilege Vulnerability
...
Windows Cryptographic Information Disclosure Vulnerability
...
Web Account Manager Information Disclosure Vulnerability
...
Windows Kernel Elevation of Privilege Vulnerability
...
Chromium: CVE-2022-2157 Use after free in Interest groups
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Windows Print Spooler Elevation of Privilege Vulnerability
...
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
...
Kerberos AppContainer Security Feature Bypass Vulnerability
...
Windows TCP/IP Driver Security Feature Bypass Vulnerability
...
Microsoft IIS Server Tampering Vulnerability
A tampering vulnerability exists when Microsoft IIS Server improperly handles malformed request headers. An attacker who successfully exploited the vulnerability could cause a vulnerable server to improperly process HTTP headers and tamper with the responses returned to clients. To exploit the...
Microsoft Office SharePoint XSS Vulnerability
A cross-site-scripting XSS vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint...
Chromium: CVE-2026-12469 Uninitialized Use in GPU
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Visual Studio Code Remote Extension Elevation of Privilege Vulnerability
...
Microsoft Office Remote Code Execution Vulnerability
...
3D Builder Remote Code Execution Vulnerability
...
PowerShell Remote Code Execution Vulnerability
...
Windows Defender Credential Guard Security Feature Bypass Vulnerability
...
Upcoming improvements to Azure Data Factory and Azure Synapse Pipeline infrastructure in response to CVE-2022-29972
Executive Summary Microsoft recently mitigated and remediated a vulnerability affecting Azure Data Factory and Azure Synapse Pipelines. The vulnerability was found in the third-party ODBC data connector used to connect to Amazon Redshift, in Integration Runtime IR in Azure Synapse Pipelines, and...
Windows Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists because of overly permissive Access Control Lists ACLs on multiple system files, including the Security Accounts Manager SAM database. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An...
Paint 3D Remote Code Execution Vulnerability
...
Chromium: CVE-2021-21231 Insufficient data validation in V8
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Win32k Elevation of Privilege Vulnerability
...
Chromium CVE-2021-21144: Heap buffer overflow in Tab Groups
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium CVE-2021-21131: Insufficient policy enforcement in File System API
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium CVE-2021-21120: Use after free in WebSQL
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Microsoft Exchange Remote Code Execution Vulnerability
...
Microsoft Windows Codecs Library Remote Code Execution Vulnerability
A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. Exploitation of the vulnerability requires that a...
ASP.NET Core Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when a Kestrel web application fails to validate web requests. An attacker who successfully exploited this vulnerability could perform HTML injection attacks. To exploit the vulnerability, an attacker could send a specially crafted request, containin...
Outlook for Android Information Disclosure Vulnerability
...
Microsoft Office Remote Code Execution Vulnerability
...
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
...
Windows Miracast Wireless Display Remote Code Execution Vulnerability
...
Windows Bluetooth Service Remote Code Execution Vulnerability
...
Microsoft Defender Elevation of Privilege Vulnerability
...
Windows iSCSI Service Denial of Service Vulnerability
...
Microsoft Cryptographic Services Elevation of Privilege Vulnerability
...
Outlook for Android Elevation of Privilege Vulnerability
...