21767 matches found
Microsoft SharePoint Server Spoofing Vulnerability
...
Windows InstallService Elevation of Privilege Vulnerability
...
Chromium: CVE-2021-30527 Use after free in WebUI
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2021-30539 Insufficient policy enforcement in content security policy
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Windows Graphics Component Elevation of Privilege Vulnerability
...
Windows Media Video Decoder Remote Code Execution Vulnerability
...
Remote Procedure Call Runtime Remote Code Execution Vulnerability
...
Quantum Development Kit for Visual Studio Code Remote Code Execution Vulnerability
...
Azure DevOps Server and Team Foundation Services Spoofing Vulnerability
...
Visual Studio Code JSHint Extension Remote Code Execution Vulnerability
...
HEVC Video Extensions Remote Code Execution Vulnerability
...
Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
...
Windows Kernel Information Disclosure Vulnerability
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on ...
TLS Information Disclosure Vulnerability
A information disclosure vulnerability exists when TLS components use weak hash algorithms. An attacker who successfully exploited this vulnerability could obtain information to further compromise a users's encrypted transmission channel. To exploit the vulnerability, an attacker would have to...
Windows Routing Utilities Denial of Service
A denial of service vulnerability exists when Windows Routing Utilities improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit this vulnerability, an attacker would have to log on to an affected...
Microsoft Word Information Disclosure Vulnerability
An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data. To exploit the vulnerability, an attacker could craft a special...
Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability
A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system,...
Windows AppX Deployment Extensions Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files. To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application to elevate privilege...
Microsoft Defender Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations. To exploit the vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted command that could exploit the...
Windows Remote Code Execution Vulnerability
A remote code execution vulnerability exists when Microsoft Windows fails to properly handle cabinet files. To exploit the vulnerability, an attacker would have to convince a user to either open a specially crafted cabinet file or spoof a network printer and trick a user into installing a malicio...
Microsoft Power BI Report Server Spoofing Vulnerability
A spoofing vulnerability exists in Microsoft Power BI Report Server in the way it validates the content-type of uploaded attachments. An authenticated attacker could exploit the vulnerability by uploading a specially crafted payload and sending it to the user. The attacker who successfully...
Microsoft Visual Studio Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when Microsoft Visual Studio updater service improperly handles file permissions. An attacker who successfully exploited this vulnerability could overwrite arbitrary file content in the security context of the local system. To exploit this...
Windows Kernel Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially...
Microsoft Outlook Security Feature Bypass Vulnerability
A security feature bypass vulnerability exists in Microsoft Outlook software when it improperly handles the parsing of URI formats. The security feature bypass by itself does not allow arbitrary code execution. However, to successfully exploit the vulnerability, an attacker would have to use it i...
Windows Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in the way that ws2ifsl.sys Winsock handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated privileges. To exploit the vulnerability, a locally authenticated attacker could run a specially...
Windows DHCP Client Remote Code Execution Vulnerability
A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client. An attacker who successfully exploited the vulnerability could run arbitrary code on the client machine. To exploit the vulnerability, an attacker could send...
Windows RPCSS Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in rpcss.dll when the RPC service Activation Kernel improperly handles an RPC request. To exploit this vulnerability, a low level authenticated attacker could run a specially crafted application. The security update addresses this vulnerability by...
WCF/WIF SAML Token Authentication Bypass Vulnerability
An authentication bypass vulnerability exists in Windows Communication Foundation WCF and Windows Identity Foundation WIF, allowing signing of SAML tokens with arbitrary symmetric keys. This vulnerability allows an attacker to impersonate another user, which can lead to elevation of privileges. T...
Hyper-V vSMB Remote Code Execution Vulnerability
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate vSMB packet data. An attacker who successfully exploited these vulnerabilities could execute arbitrary code on a target operating system. To exploit these vulnerabilities, an attacker...
MS XML Remote Code Execution Vulnerability
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the user’s system. To exploit the vulnerability, an attacker could hos...
OData Denial of Service Vulnerability
A denial of service vulnerability exists when OData Library improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an OData web application. A remote unauthenticated attacker could exploit this vulnerability by issuing...
Microsoft SQL Server Remote Code Execution Vulnerability
A buffer overflow vulnerability exists in the Microsoft SQL Server that could allow remote code execution on an affected system. An attacker who successfully exploited this vulnerability could execute code in the context of the SQL Server Database Engine service account. To exploit the...
Microsoft SharePoint Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint...
Microsoft Windows Information Disclosure Vulnerability
An information disclosure vulnerability exists when the Windows its:// protocol handler unnecessarily sends traffic to a remote site in order to determine the zone of a provided URL. This could potentially result in the disclosure of sensitive information to a malicious site. To exploit the...
Windows DHCP Server Remote Code Execution Vulnerability
A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server. An attacker who successfully exploited the vulnerability could either run arbitrary code on the DHCP failover server or cause the DHCP service to...
Microsoft Office Remote Code Execution Vulnerability
A remote code execution vulnerability exists in the way that Microsoft Offiice parses specially crafted email messages. An attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or crea...
Windows Kernel Local Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when the Windows Kernel API improperly allows a user to access sensitive registry information. An attacker who successfully exploited the vulnerability could gain access to user account information that is not intended for the user. A locally...
Microsoft Outlook Information Disclosure Vulnerability
An information disclosure vulnerability exists in the way that Microsoft Exchange Server parses email messages. The vulnerability could allow an attacker to discover confidential user information that is contained in Microsoft Outlook applications. To exploit the vulnerability, an attacker could...
Microsoft Outlook Spoofing Vulnerability
...
Windows Telephony Service Remote Code Execution Vulnerability
...
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
...
Windows Kernel Elevation of Privilege Vulnerability
...
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
...
Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
...
Secure Boot Security Feature Bypass Vulnerability
...
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
...
Chromium: CVE-2024-2173 Out of bounds memory access in V8
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2024-1670 Use after free in Mojo
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Windows SmartScreen Security Feature Bypass Vulnerability
...
Windows Kerberos Security Feature Bypass Vulnerability
...