22103 matches found
Microsoft Store Runtime Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when the Microsoft Store Runtime improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The...
Office Web Apps XSS Vulnerability
A spoofing vulnerability exists when an Office Web Apps server does not properly sanitize a specially crafted request. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Office Web Apps server. The attacker who successfully exploited th...
Microsoft Edge PDF Information Disclosure Vulnerability
An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, in a web-based attack...
Windows Credential Enrollment Manager Service Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in the way that the Credential Enrollment Manager service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker...
Microsoft Bing Search Spoofing Vulnerability
A spoofing vulnerability exists when Microsoft Bing Search for Android improperly handles specific HTML content. An attacker who successfully exploited this vulnerability could trick a user into believing that the user was on a legitimate website. The specially crafted website, when browsed using...
Remote Code Execution Vulnerability in Application Inspector
A remote code execution vulnerability exists in Application Inspector version v1.0.23 or earlier when the tool reflects example code snippets from third-party source files into its HTML output. An attacker who exploited it could send sections of the report containing code snippets to an external...
LNK Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user...
Windows GDI Information Disclosure Vulnerability
An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface GDI handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could...
Microsoft Windows Security Feature Bypass Vulnerability
A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages. To exploit this vulnerability, an attacker could send a specially crafted authentication request. An attacker who successfully exploited this vulnerability could access...
Visual Studio Remote Code Execution Vulnerability
A remote code execution vulnerability exists when the Visual Studio C++ Redistributable Installer improperly validates input before loading dynamic link library DLL files. An attacker who successfully exploited the vulnerability could execute arbitrary code in the context of the current user. Use...
MSHTML Engine Remote Code Execution Vulnerability
A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input. An attacker could execute arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the...
Windows DNS Security Feature Bypass Vulnerability
A security feature bypass vulnerability exists in DNS Global Blocklist feature. An attacker who successfully exploited this vulnerability could redirect traffic to malicious DNS endpoints. The update addresses the vulnerability by updating DNS Server Role record additions to not bypass the Global...
ASP.NET Core Denial of Service Vulnerability
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication. A...
Skype for Business Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when Skype for Business fails to properly handle specific authentication requests. An authenticated attacker who successfully exploited this vulnerability could steal an authentication hash that can be reused elsewhere. The attacker could then take a...
Windows Kernel Information Disclosure Vulnerability
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information t...
Windows Bowser.sys Information Disclosure Vulnerability
An information disclosure vulnerability exists in Windows when the Windows bowser.sys kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could potentially disclose contents of System memory to which they should not have access. ...
Windows Scripting Engine Memory Corruption Vulnerability
An information disclosure vulnerability exists when VBScript improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user’s computer or data. To exploit the vulnerability, an attacker must know the memory address of where the...
Microsoft Office Memory Corruption Vulnerability
A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on wit...
Remote Desktop Protocol Drive Redirection Information Disclosure Vulnerability
An information disclosure vulnerability exists in Microsoft Windows when a USB disk mounted over Remote Desktop Protocol RDP via Microsoft RemoteFX is not correctly tied to the session of the mounting user. An attacker who successfully exploited this vulnerability could obtain access to file and...
Windows Storage Management Provider Information Disclosure Vulnerability
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally...
Microsoft Excel Remote Code Execution Vulnerability
Access of resource using incompatible type 'type confusion' in Microsoft Office allows an unauthorized attacker to execute code locally...
Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability
Improper neutralization of special elements used in a command 'command injection' in Azure Command Line Integration CLI allows an unauthorized attacker to elevate privileges locally...
Windows OLE Remote Code Execution Vulnerability
...
Windows Kernel Elevation of Privilege Vulnerability
...
Chromium: CVE-2024-0519 Out of bounds memory access in V8
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. Google is aware of reports that an exploit for CVE-2024-0519 exists in the wild...
Windows CoreMessaging Information Disclosure Vulnerability
...
Chromium: CVE-2024-0224 Use after free in WebAudio
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
...
Azure DevOps Server Spoofing Vulnerability
...
Chromium: CVE-2023-6346 Use after free in WebAudio
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Microsoft SharePoint Server Spoofing Vulnerability
...
Remote Desktop Client Remote Code Execution Vulnerability
...
Microsoft Office Graphics Remote Code Execution Vulnerability
...
Windows USB Serial Driver Information Disclosure Vulnerability
...
Chromium: CVE-2022-3304 Use after free in CSS
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Azure Site Recovery Remote Code Execution Vulnerability
...
AV1 Video Extension Remote Code Execution Vulnerability
...
Chromium: CVE-2022-1856 Use after free in User Education
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2022-1864 Use after free in WebApp Installs
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2022-1638 Heap buffer overflow in V8 Internationalization
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
.NET and Visual Studio Denial of Service Vulnerability
...
Windows Clustered Shared Volume Information Disclosure Vulnerability
...
Windows Print Spooler Elevation of Privilege Vulnerability
...
Microsoft Excel Remote Code Execution Vulnerability
...
Chromium: CVE-2022-1135 Use after free in Shopping Cart
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Microsoft Office Visio Remote Code Execution Vulnerability
...
Roaming Security Rights Management Services Remote Code Execution Vulnerability
...
Microsoft Dynamics GP Elevation Of Privilege Vulnerability
...
.NET Denial of Service Vulnerability
...
Microsoft Outlook for Mac Security Feature Bypass Vulnerability
...