21727 matches found
Microsoft Project Server Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in Microsoft Project when Microsoft Project Server does not properly manage user sessions. For this Cross-site Request ForgeryCSRF/XSRF vulnerability to be exploited, the victim must be authenticated to logged on the target site. In a web-based attac...
ASP.NET Core Elevation Of Privilege Vulnerability
An open redirect vulnerability exists in ASP.NET Core that could lead to elevation of privilege. To exploit the vulnerability, an attacker could send a link that has a specially crafted URL, and convince the user to click the link. When an authenticated user clicks the link, the authenticated...
Internet Explorer Memory Corruption Vulnerability
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerabilit...
Win32k Graphics Remote Code Execution Vulnerability
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete dat...
Microsoft Outlook Memory Corruption Vulnerability
A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially crafted email messages. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or...
Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code...
Windows Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when Windows Secure Kernel Mode fails to properly handle objects in memory. To exploit the vulnerability, a locally-authenticated attacker could attempt to run a specially crafted application on a targeted system. An attacker who successfully exploit...
Windows Kernel Information Disclosure Vulnerability
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information t...
Microsoft Outlook Security Feature Bypass Vulnerability
A security feature bypass vulnerability exists in Microsoft Outlook software when it improperly handles the parsing of file formats. The security feature bypass by itself does not allow arbitrary code execution. However, to successfully exploit the vulnerability, an attacker would have to use it ...
ADFS Security Feature Bypass Vulnerability
A security feature bypass vulnerability exists when ADFS incorrectly treats requests coming from Extranet clients as Intranet requests. To exploit this vulnerability, an attacker could run a specially crafted application and attempt to brute-force an account password. An attacker who successfully...
Microsoft Outlook Spoofing Vulnerability
A spoofing vulnerability exists in when Microsoft Outlook for Mac improperly validates HTML tag input. An attacker who successfully tricked the user could gain access to the user's authentication information or login credentials. In an email attack scenario an attacker could exploit the...
Windows GDI Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface GDI handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete...
February 2017 Adobe Flash Security Update
This security update addresses the following vulnerabilities, which are described in Adobe Security Bulletin APSB17-04: CVE-2017-2982, CVE-2017-2984, CVE-2017-2985, CVE-2017-2986, CVE-2017-2987, CVE-2017-2988, CVE-2017-2990, CVE-2017-2992, CVE-2017-2991, CVE-2017-2993, CVE-2017-2994, CVE-2017-299...
Windows Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions. An attacker who successfully exploited the vulnerability could impersonate processes, interject cross-process communication, or interrupt system functionality. To exploit the vulnerability,...
Windows PDF Remote Code Execution
A remote code execution vulnerability exists in Microsoft Windows if a user opens a specially crafted .pdf file. An attacker who successfully exploited the vulnerabilities could cause arbitrary code to execute in the context of the current user. If a user is logged on with administrative user...
Secondary Logon Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in Microsoft Windows when the Windows Secondary Logon Service fails to properly manage requests in memory. An attacker who successfully exploited this vulnerability could run arbitrary code as an administrator. An attacker could then install programs...
Microsoft 365 Copilot for Android Spoofing Vulnerability
Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally...
Chromium: CVE-2025-4052 Inappropriate implementation in DevTools
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Microsoft Excel Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally...
Microsoft Windows Cross Device Service Elevation of Privilege Vulnerability
Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally...
Windows Direct Show Remote Code Execution Vulnerability
...
Windows Telephony Service Remote Code Execution Vulnerability
...
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
...
Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability
...
Microsoft Management Console Remote Code Execution Vulnerability
...
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
...
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
...
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
...
Chromium: CVE-2024-2886 Use after free in WebCodecs
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2024-2628 Inappropriate implementation in Downloads
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
...
Chromium: CVE-2024-2176 Use after free in FedCM
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability
...
Chromium: CVE-2024-0807 Use after free in WebAudio
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Windows CoreMessaging Information Disclosure Vulnerability
...
Windows Message Queuing Client (MSMQC) Information Disclosure
...
Windows Server Key Distribution Service Security Feature Bypass
...
Windows Deployment Services Denial of Service Vulnerability
...
Windows Common Log File System Driver Elevation of Privilege Vulnerability
...
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
...
Chromium: CVE-2023-5476 Use after free in Blink History
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Layer 2 Tunneling Protocol Remote Code Execution Vulnerability
...
.NET Core and Visual Studio Denial of Service Vulnerability
...
Windows GDI Elevation of Privilege Vulnerability
...
Microsoft SharePoint Server Elevation of Privilege Vulnerability
...
Windows Common Log File System Driver Elevation of Privilege Vulnerability
...
Chromium: CVE-2023-4354 Heap buffer overflow in Skia
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Microsoft Teams Remote Code Execution Vulnerability
...
Chromium: CVE-2023-4074 Use after free in Blink Task Scheduling
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2023-4071 Heap buffer overflow in Visuals
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...