Chromium: CVE-2022-1483 Heap buffer overflow in WebGPU

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Windows Hyper-V Remote Code Execution Vulnerability

...

Chromium: CVE-2022-1146 Inappropriate implementation in Resource Timing

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2022-0975 Use after free in ANGLE

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Media Foundation Information Disclosure Vulnerability

...

Windows DNS Server Remote Code Execution Vulnerability

...

Microsoft Exchange Server Remote Code Execution Vulnerability

...

Active Directory Domain Services Elevation of Privilege Vulnerability

...

Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability

...

Microsoft Access Remote Code Execution Vulnerability

...

Chromium: CVE-2021-37970 Use after free in File System API

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2021-30625 Use after free in Selection API

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Windows SMB Information Disclosure Vulnerability

...

Microsoft Exchange Server Information Disclosure Vulnerability

...

Microsoft SharePoint Server Information Disclosure Vulnerability

...

Windows Kernel Elevation of Privilege Vulnerability

...

Chromium: CVE-2021-30537 Insufficient policy enforcement in cookies

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Microsoft Office Remote Code Execution Vulnerability

...

Common Utilities Remote Code Execution Vulnerability

...

Chromium: CVE-2021-21205 Insufficient policy enforcement in navigation

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Azure DevOps Server Spoofing Vulnerability

...

Windows Overlay Filter Information Disclosure Vulnerability

...

Chromium CVE-2021-21124: Potential user after free in Speech Recognizer

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Remote Procedure Call Runtime Remote Code Execution Vulnerability

...

Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability

...

HEIF Image Extensions Remote Code Execution Vulnerability

...

Windows Update Orchestrator Service Elevation of Privilege Vulnerability

...

Windows Remote Desktop Service Denial of Service Vulnerability

A denial of service vulnerability exists in Windows Remote Desktop Service when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the Remote Desktop Service on the target system to stop...

Microsoft Office SharePoint XSS Vulnerability

A cross-site-scripting XSS vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint...

Windows Cryptographic Catalog Services Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows Cryptographic Catalog Services improperly handle objects in memory. An attacker who successfully exploited this vulnerability could modify the cryptographic catalog. To exploit this vulnerability, an attacker would first have to log ...

Windows Kernel Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information t...

WinINet API Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in the way that the Wininit.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. There are multiple ways an attacker could exploit the vulnerability: In a web-based atta...

Windows Modules Installer Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows Modules Installer improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. To exploit the vulnerability, an attacker would first need code execution on a victim...

Availability of updates for Microsoft software utilizing the Autodesk FBX library

Microsoft is announcing the release of updates to address multiple vulnerabilities found in the Autodesk FBX library which is integrated into certain Microsoft applications. Details about the vulnerabilities can be found here - https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002...

.NET Framework Remote Code Execution Vulnerability

A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative us...

Windows Kernel Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on ...

Microsoft Office ClickToRun Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists in the way that Office Click-to-Run C2R components handle a specially crafted file, which could lead to a standard user, any AppContainer sandbox, and Office LPAC Protected View to escalate privileges to SYSTEM. To exploit this bug, an attacker would...

Microsoft Windows Setup Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Microsoft Windows Setup when it does not properly handle privileges. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. To...

Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability

A denial of service vulnerability exists in Remote Desktop Protocol RDP when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RDP service on the target system to stop responding. To...

Windows Defender Application Control Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists in Windows Defender Application Control WDAC which could allow an attacker to bypass WDAC enforcement. An attacker who successfully exploited this vulnerability could circumvent PowerShell Core Constrained Language Mode on the machine. To exploit the...

Visual Studio Information Disclosure Vulnerability

An information disclosure vulnerability exists when Visual Studio improperly parses XML input in certain settings files. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity XXE declaration. To exploit the vulnerability, an attacker could...

Visual Studio Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Visual Studio updater service improperly handles file permissions. An attacker who successfully exploited this vulnerability overwrite arbitrary files with XML content in the security context of the local system. To exploit this vulnerabilit...

Microsoft SQL Server Analysis Services Information Disclosure Vulnerability

An information disclosure vulnerability exists in Microsoft SQL Server Analysis Services when it improperly enforces metadata permissions. An attacker who successfully exploited the vulnerability could query tables or columns for which they do not have access rights. To exploit this vulnerability...

Active Directory Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Active Directory Forest trusts due to a default setting that lets an attacker in the trusting forest request delegation of a TGT for an identity from the trusted forest. To exploit this vulnerability, an attacker would first need to compromise an...

Windows ALPC Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call ALPC. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view...

Scripting Engine Information Disclosure Vulnerability

An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. In a web-based attack scenario, an...

LNK Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user...

Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. In a web-based...

.NET Framework Remote Code Execution Vulnerability

A remote code execution vulnerability exists when Microsoft .NET Framework fails to properly validate input before loading libraries. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delet...

Windows Graphics Component Remote Code Execution Vulnerability

A remote code execution vulnerability exists due to the way the Windows Graphics Component handles objects in memory. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or creat...