Windows Point-to-Point Protocol over Ethernet (PPPoE) Elevation of Privilege Vulnerability

...

Windows Media Remote Code Execution Vulnerability

...

Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability

...

Chromium: CVE-2023-1224 Insufficient policy enforcement in Web Payments API

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Windows Graphics Component Remote Code Execution Vulnerability

...

Windows Kernel Denial of Service Vulnerability

...

Chromium: CVE-2022-4186 Insufficient validation of untrusted input in Downloads

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2022-3038 Use after free in Network Service

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Azure Site Recovery Elevation of Privilege Vulnerability

...

Chromium: CVE-2022-1869 Type Confusion in V8

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Windows Graphics Component Information Disclosure Vulnerability

...

Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability

...

Chromium: CVE-2022-1498 Inappropriate implementation in HTML Parser

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2022-1309 Insufficient policy enforcement in developer tools

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Windows DNS Server Remote Code Execution Vulnerability

...

Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability

...

Chromium: CVE-2022-0975 Use after free in ANGLE

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Media Foundation Information Disclosure Vulnerability

...

Windows NTFS Elevation of Privilege Vulnerability

...

OpenSSL: CVE-2020-1971 EDIPARTYNAME NULL pointer de-reference

...

Chromium: CVE-2021-30625 Use after free in Selection API

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Microsoft Office Graphics Remote Code Execution Vulnerability

...

Chromium: CVE-2021-30618 Inappropriate implementation in DevTools

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Windows Print Spooler Elevation of Privilege Vulnerability

...

Windows Kernel Elevation of Privilege Vulnerability

...

Windows AppX Deployment Extensions Elevation of Privilege Vulnerability

...

Windows Desktop Bridge Elevation of Privilege Vulnerability

...

HEVC Video Extensions Remote Code Execution Vulnerability

...

Windows DNS Server Remote Code Execution Vulnerability

...

Microsoft Word Remote Code Execution Vulnerability

...

Visual Studio Code Remote Code Execution Vulnerability

...

Chromium: CVE-2021-30530 Out of bounds memory access in WebAudio

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2021-30536 Out of bounds read in V8

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Visual Studio Code Remote Code Execution Vulnerability

...

Windows SMB Client Security Feature Bypass Vulnerability

...

Windows Installer Elevation of Privilege Vulnerability

...

Microsoft Internet Messaging API Remote Code Execution Vulnerability

...

PFX Encryption Security Feature Bypass Vulnerability

...

Microsoft Excel Remote Code Execution Vulnerability

...

Windows Print Configuration Elevation of Privilege Vulnerability

...

Azure DevOps Server and Team Foundation Services Spoofing Vulnerability

...

HEIF Image Extensions Remote Code Execution Vulnerability

...

PowerShellGet Module WDAC Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists in the PowerShellGet V2 module. An attacker who successfully exploited this vulnerability could bypass WDAC Windows Defender Application Control policy and execute arbitrary code on a policy locked-down machine. An attacker must have administrator...

GDI+ Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface GDI handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or dele...

Windows Cryptographic Catalog Services Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows Cryptographic Catalog Services improperly handle objects in memory. An attacker who successfully exploited this vulnerability could modify the cryptographic catalog. To exploit this vulnerability, an attacker would first have to log ...

Windows Modules Installer Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Windows Modules Installer improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafte...

Windows Modules Installer Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows Modules Installer improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. To exploit the vulnerability, an attacker would first need code execution on a victim...

Microsoft Office SharePoint XSS Vulnerability

A cross-site-scripting XSS vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint...

Remote Desktop Services Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an authenticated attacker abuses clipboard redirection. An attacker who successfully exploited this vulnerability could execute arbitrary code on the victim system. An attacker cou...

Visual Studio Code Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Visual Studio Code when it exposes a debug listener to users of a local computer. A local attacker who successfully exploited the vulnerability could inject arbitrary code to run in the context of the current user. If the current user is logged on...