22103 matches found
Microsoft Excel Remote Code Execution Vulnerability
...
Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability
...
Chromium: CVE-2021-30611 Use after free in WebRTC
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Windows User Account Profile Picture Elevation of Privilege Vulnerability
...
HEVC Video Extensions Remote Code Execution Vulnerability
...
Windows TCP/IP Driver Denial of Service Vulnerability
...
Azure AD Security Feature Bypass Vulnerability
...
Storage Spaces Controller Elevation of Privilege Vulnerability
...
Microsoft Bing Search Spoofing Vulnerability
...
Chromium: CVE-2021-30550 Use after free in Accessibility
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2021-30549 Use after free in Spell check
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2021-30546 Use after free in Autofill
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Server for NFS Information Disclosure Vulnerability
...
3D Viewer Information Disclosure Vulnerability
...
Visual Studio Code Remote Containers Extension Remote Code Execution Vulnerability
...
Windows Media Foundation Core Remote Code Execution Vulnerability
...
Microsoft SharePoint Server Information Disclosure Vulnerability
...
Microsoft Office Remote Code Execution Vulnerability
...
Windows Console Driver Denial of Service Vulnerability
...
Visual Studio Code Remote Code Execution Vulnerability
...
Windows Graphics Component Remote Code Execution Vulnerability
...
Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability
...
Chromium CVE-2021-21136: Insufficient policy enforcement in WebView
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Microsoft SharePoint Elevation of Privilege Vulnerability
...
GDI+ Remote Code Execution Vulnerability
...
Microsoft Excel Remote Code Execution Vulnerability
...
Windows Win32k Elevation of Privilege Vulnerability
...
Microsoft Excel Remote Code Execution Vulnerability
...
Remote Desktop Protocol Server Information Disclosure Vulnerability
...
Azure Sphere Unsigned Code Execution Vulnerability
...
AV1 Video Extension Remote Code Execution Vulnerability
...
Windows Remote Access Elevation of Privilege Vulnerability
...
Visual Studio Code Python Extension Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads a Jupyter notebook file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative us...
Jet Database Engine Remote Code Execution Vulnerability
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to...
Xamarin.Forms Spoofing Vulnerability
A spoofing vulnerability manifests in Microsoft Xamarin.Forms due to the default settings on Android WebView version prior to 83.0.4103.106. This vulnerability could allow an attacker to execute arbitrary Javascript code on a target system. For the attack to be successful, the targeted user would...
Microsoft Store Runtime Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when the Microsoft Store Runtime improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The...
Windows Storage Services Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. To exploit the vulnerability, an attacker would first need code execution on a victim syste...
Windows InstallService Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when the Windows InstallService improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The...
Microsoft SharePoint Server Tampering Vulnerability
A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data. An attacker who successfully exploited this vulnerability could modify a targeted user's profile data. To exploit the vulnerability, an attacker would need to be authenticated on an affected...
Windows Camera Codec Pack Remote Code Execution Vulnerability
A remote code execution vulnerability exists when the Windows Camera Codec Pack improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user...
Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft Dynamics 365 on-premises when the server fails to properly sanitize web requests to an affected Dynamics server. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SQL service account. A...
Microsoft Outlook Memory Corruption Vulnerability
A remote code execution vulnerability exists in Microsoft Outlook when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrativ...
Microsoft Office Click-to-Run Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run C2R components handle objects in memory. An attacker who successfully exploited the vulnerability could elevate privileges. The attacker would need to already have the ability to execute code on the syste...
Microsoft Edge PDF Information Disclosure Vulnerability
An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, in a web-based attack...
Microsoft Project Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft Project software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...
Windows Credential Enrollment Manager Service Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in the way that the Credential Enrollment Manager service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker...
Microsoft Edge (Chromium-based) in IE Mode Spoofing Vulnerability
A spoofing vulnerability exists when theMicrosoft Edge Chromium-based in IE Mode improperly handles specific redirects. An attacker who successfully exploits the IE Mode vulnerability could trick a user into believing that the user was on a legitimate website. The specially crafted website could...
System Center Operations Manager Spoofing Vulnerability
A spoofing vulnerability exists when System Center Operations Manager SCOM does not properly sanitize a specially crafted web request to an affected SCOM 2016 Web Console instance. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SCOM...
Microsoft SharePoint Information Disclosure Vulnerability
An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks a variant of cross-site request forgery, CSRF. When users are simultaneously logged in to Microsoft SharePoint Server and visit a...
Win32k Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or...