Microsoft SharePoint Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint...

Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge HTML-based. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who...

Windows Kernel Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information t...

NetBIOS Remote Code Execution Vulnerability

A race condition that could lead to a remote code execution vulnerability exists in NetBT Session Services when NetBT fails to maintain certain sequencing requirements. To exploit the vulnerability, an attacker needs to be able to send specially crafted NetBT Session Service packets to an impacte...

Microsoft SharePoint Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint...

Microsoft PowerPoint Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...

Microsoft Edge Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins. The vulnerability allows Microsoft Edge to bypass Same-Origin Policy SOP restrictions, and to allow requests that should otherwise be ignored. An attacker who successfully exploite...

Microsoft Edge Elevation of Privilege Vulnerability

A vulnerability exists when Microsoft Edge renders a domain-less page in the URL, which could allow Microsoft Edge to perform actions in the context of the Intranet Zone and access functionality that is not typically available to the browser when browsing in the context of the Internet Zone. To...

Microsoft Outlook Spoofing Vulnerability

A spoofing vulnerability exists in when Microsoft Outlook for Mac improperly validates HTML tag input. An attacker who successfully tricked the user could gain access to the user's authentication information or login credentials. In an email attack scenario an attacker could exploit the...

February 2017 Adobe Flash Security Update

This security update addresses the following vulnerabilities, which are described in Adobe Security Bulletin APSB17-04: CVE-2017-2982, CVE-2017-2984, CVE-2017-2985, CVE-2017-2986, CVE-2017-2987, CVE-2017-2988, CVE-2017-2990, CVE-2017-2992, CVE-2017-2991, CVE-2017-2993, CVE-2017-2994, CVE-2017-299...

Microsoft Office Memory Corruption Vulnerability

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on wit...

Windows Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions. An attacker who successfully exploited the vulnerability could impersonate processes, interject cross-process communication, or interrupt system functionality. To exploit the vulnerability,...

Secure Boot Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists when Windows Secure Boot improperly applies an affected policy. An attacker who successfully exploited this vulnerability could disable code integrity checks, allowing test-signed executables and drivers to be loaded on a target device. In addition, ...

Windows PDF Remote Code Execution

A remote code execution vulnerability exists in Microsoft Windows if a user opens a specially crafted .pdf file. An attacker who successfully exploited the vulnerabilities could cause arbitrary code to execute in the context of the current user. If a user is logged on with administrative user...

Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploit...

Windows DLL Loading Remote Code Execution Vulnerability

A remote code execution vulnerability exists when Windows improperly validates input before loading dynamic link library DLL files. An attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete...

Microsoft Excel Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally...

Windows Direct Show Remote Code Execution Vulnerability

...

Windows Telephony Service Remote Code Execution Vulnerability

...

.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability

...

Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability

...

SQL Server Native Client Remote Code Execution Vulnerability

...

Microsoft Management Console Remote Code Execution Vulnerability

...

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

...

Chromium: CVE-2024-5847 Use after free in PDFium

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2024-4058 Type Confusion in ANGLE

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2024-3832 Object corruption in V8

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Azure Arc-enabled Kubernetes Extension Cluster-Scope Elevation of Privilege Vulnerability

...

Proxy Driver Spoofing Vulnerability

...

Chromium: CVE-2024-2628 Inappropriate implementation in Downloads

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability

...

Chromium: CVE-2024-2176 Use after free in FedCM

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

...

Microsoft ActiveX Data Objects Remote Code Execution Vulnerability

...

Chromium: CVE-2024-0807 Use after free in WebAudio

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Windows Server Key Distribution Service Security Feature Bypass

...

Windows libarchive Remote Code Execution Vulnerability

...

Windows Message Queuing Client (MSMQC) Information Disclosure

...

Chromium: CVE-2024-0222 Use after free in ANGLE

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Windows Deployment Services Denial of Service Vulnerability

...

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

...

Chromium: CVE-2023-5474 Heap buffer overflow in PDF

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Layer 2 Tunneling Protocol Remote Code Execution Vulnerability

...

Windows GDI Elevation of Privilege Vulnerability

...

.NET Core and Visual Studio Denial of Service Vulnerability

...

Microsoft SharePoint Server Elevation of Privilege Vulnerability

...

Chromium: CVE-2023-4075 Use after free in Cast

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Windows Remote Desktop Protocol Security Feature Bypass

...

Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability

...

iSCSI Target WMI Provider Remote Code Execution Vulnerability

...