21727 matches found
Azure Sphere Information Disclosure Vulnerability
...
Chromium: CVE-2021-30609 Use after free in Sign-In
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2021-30604 Use after free in ANGLE
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Visual Studio Code .NET Runtime Elevation of Privilege Vulnerability
...
Windows GDI Information Disclosure Vulnerability
...
Microsoft SharePoint Server Spoofing Vulnerability
...
Chromium: CVE-2021-30531 Insufficient policy enforcement in Content Security Policy
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2021-30511 Out of bounds read in Tab Groups
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Windows Installer Spoofing Vulnerability
...
RPC Endpoint Mapper Service Elevation of Privilege Vulnerability
...
Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability
...
Microsoft Excel Information Disclosure Vulnerability
...
Windows AppX Deployment Server Denial of Service Vulnerability
...
Windows TCP/IP Driver Denial of Service Vulnerability
...
Windows Console Driver Denial of Service Vulnerability
...
Application Virtualization Remote Code Execution Vulnerability
...
Windows Event Tracing Elevation of Privilege Vulnerability
...
Windows Address Book Remote Code Execution Vulnerability
...
Windows Docker Information Disclosure Vulnerability
...
Bot Framework SDK Information Disclosure Vulnerability
...
Windows Projected File System FS Filter Driver Information Disclosure Vulnerability
...
Windows Backup Engine Elevation of Privilege Vulnerability
...
Windows Backup Engine Elevation of Privilege Vulnerability
...
Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability
...
Windows Canonical Display Driver Information Disclosure Vulnerability
...
Visual Studio Tampering Vulnerability
...
Microsoft Defender for Endpoint Security Feature Bypass Vulnerability
...
Windows Network File System Information Disclosure Vulnerability
...
DirectX Elevation of Privilege Vulnerability
...
Windows Update Orchestrator Service Elevation of Privilege Vulnerability
...
Windows Error Reporting Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in Windows Error Reporting WER when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it. An attacker who successfully exploited the vulnerability could gain greater access to...
Windows COM Server Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when Windows improperly handles COM object creation. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit this vulnerability, an attacker would first have to log on to the system. An...
Microsoft Excel Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...
Windows Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when Microsoft Windows improperly handles reparse points. An attacker who successfully exploited this vulnerability could overwrite or delete a targeted file that would normally require elevated permissions. To exploit this vulnerability, an attacker...
Microsoft SharePoint Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm...
Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft Dynamics 365 for Finance and Operations on-premises version 10.0.11. An attacker who successfully exploited this vulnerability could gain remote code execution via server-side script execution on the victim server. An authenticated attacke...
Windows Custom Protocol Engine Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when the Windows Custom Protocol Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. T...
Windows Media Remote Code Execution Vulnerability
A remote code execution vulnerability exists when Windows Media Audio Codec improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a...
Microsoft Office Remote Code Execution Vulnerability
A remote code execution vulnerability exists when Microsoft Office improperly validates input before loading dynamic link library DLL files. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, o...
Microsoft Graphics Components Remote Code Execution Vulnerability
A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. To exploit the vulnerability, a user would have to open a specially crafte...
Windows Imaging Component Information Disclosure Vulnerability
An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system. There are multiple ways an attacker...
Windows CNG Key Isolation Service Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when the Windows Cryptography Next Generation CNG Key Isolation service improperly handles memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit this vulnerability, an attacker would...
Windows Subsystem for Linux Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in the way that the Windows Subsystem for Linux handles files. An attacker who successfully exploited the vulnerability could execute code with elevated privileges. To exploit the vulnerability, an attacker would first need code execution on a victim...
Microsoft SharePoint Server Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls. An authenticated attacker who successfully exploited the vulnerability could use a specially crafted page to perform actions in the security conte...
Windows Hyper-V Remote Code Execution Vulnerability
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could...
Windows NTLM Tampering Vulnerability
A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC Message Integrity Check protection. An attacker who successfully exploited this vulnerability could gain the ability to downgrade NTLM security features. To exploit...
.NET Framework Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when the .NET Framework common language runtime CLR allows file creation in arbitrary locations. An attacker who successfully exploited this vulnerability could write files to folders that require higher privileges than what the attacker already has...
Scripting Engine Memory Corruption Vulnerability
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully...
Windows VBScript Engine Remote Code Execution Vulnerability
This information is being revised to indicate that this CVE CVE-2019-1183 is fully mitigated by the security updates for the vulnerability discussed in CVE-2019-1194. No update is required...
Microsoft Graphics Remote Code Execution Vulnerability
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data...