21767 matches found
Windows ALPC Elevation of Privilege Vulnerability
...
Chromium: CVE-2022-1146 Inappropriate implementation in Resource Timing
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Media Foundation Information Disclosure Vulnerability
...
HEVC Video Extensions Remote Code Execution Vulnerability
...
Chromium: CVE-2022-0799 Insufficient policy enforcement in Installer
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Windows DNS Server Remote Code Execution Vulnerability
...
Microsoft Exchange Server Remote Code Execution Vulnerability
...
Microsoft SharePoint Server Remote Code Execution Vulnerability
...
Windows Defender Credential Guard Security Feature Bypass Vulnerability
...
Microsoft Exchange Server Remote Code Execution Vulnerability
...
Active Directory Domain Services Elevation of Privilege Vulnerability
...
Microsoft Access Remote Code Execution Vulnerability
...
Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability
...
OpenSSL: CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT
...
Windows SMB Information Disclosure Vulnerability
...
Windows AF_UNIX Socket Provider Denial of Service Vulnerability
...
Microsoft Exchange Server Information Disclosure Vulnerability
...
Windows Certificate Spoofing Vulnerability
...
Chromium: CVE-2021-30545 Use after free in Extensions
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Microsoft SharePoint Server Spoofing Vulnerability
...
Chromium: CVE-2021-30530 Out of bounds memory access in WebAudio
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2021-30537 Insufficient policy enforcement in cookies
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2021-30529 Use after free in Bookmarks
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Common Utilities Remote Code Execution Vulnerability
...
Microsoft Office Remote Code Execution Vulnerability
...
Chromium: CVE-2021-21229 Incorrect security UI in downloads
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2021-21205 Insufficient policy enforcement in navigation
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2021-21202 Use after free in extensions
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Windows Overlay Filter Information Disclosure Vulnerability
...
Microsoft Teams iOS Information Disclosure Vulnerability
...
Chromium CVE-2021-21124: Potential user after free in Speech Recognizer
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Remote Procedure Call Runtime Remote Code Execution Vulnerability
...
HEVC Video Extensions Remote Code Execution Vulnerability
...
Windows Update Orchestrator Service Elevation of Privilege Vulnerability
...
Windows Remote Desktop Service Denial of Service Vulnerability
A denial of service vulnerability exists in Windows Remote Desktop Service when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the Remote Desktop Service on the target system to stop...
Microsoft Office SharePoint XSS Vulnerability
A cross-site-scripting XSS vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint...
Microsoft SharePoint Reflective XSS Vulnerability
This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server. An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who...
PowerShellGet Module WDAC Security Feature Bypass Vulnerability
A security feature bypass vulnerability exists in the PowerShellGet V2 module. An attacker who successfully exploited this vulnerability could bypass WDAC Windows Defender Application Control policy and execute arbitrary code on a policy locked-down machine. An attacker must have administrator...
Windows Modules Installer Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when Windows Modules Installer improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafte...
WinINet API Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in the way that the Wininit.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. There are multiple ways an attacker could exploit the vulnerability: In a web-based atta...
.NET Framework Remote Code Execution Vulnerability
A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative us...
Windows Kernel Information Disclosure Vulnerability
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on ...
Microsoft Windows Setup Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in Microsoft Windows Setup when it does not properly handle privileges. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. To...
Microsoft SQL Server Analysis Services Information Disclosure Vulnerability
An information disclosure vulnerability exists in Microsoft SQL Server Analysis Services when it improperly enforces metadata permissions. An attacker who successfully exploited the vulnerability could query tables or columns for which they do not have access rights. To exploit this vulnerability...
.NET Core Information Disclosure Vulnerability
An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect. An attacker who successfully exploited this vulnerability could use the information to further compromise the web application. The security update addresses the...
Windows Search Remote Code Execution Vulnerability
A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full...
Scripting Engine Memory Corruption Vulnerability
A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. In a web-based...
Win32k Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or...
Microsoft Excel Information Disclosure Vulnerability
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data. To exploit the vulnerability, an attacker could craft a special...
Microsoft Browser Information Disclosure Vulnerability
An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, in a web-based attack...