21727 matches found
Azure Sphere Unsigned Code Execution Vulnerability
...
Microsoft Excel Remote Code Execution Vulnerability
...
Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability
...
Windows Hyper-V Security Feature Bypass Vulnerability
...
Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
...
Windows Print Spooler Elevation of Privilege Vulnerability
...
Microsoft Excel Remote Code Execution Vulnerability
...
Microsoft Windows VMSwitch Denial of Service Vulnerability
...
Microsoft Excel Remote Code Execution Vulnerability
...
Windows Bluetooth Security Feature Bypass Vulnerability
Microsoft is aware of the "Impersonation in the Passkey Entry Protocol" vulnerability. For more information regarding the vulnerability, please see this statement from the Bluetooth SIG. To address the vulnerability, Microsoft has released a software update that will fail attempts to pair if the...
Windows GDI+ Information Disclosure Vulnerability
...
Microsoft SharePoint Server Tampering Vulnerability
...
Windows Remote Access Elevation of Privilege Vulnerability
...
Windows Function Discovery SSDP Provider Information Disclosure Vulnerability
...
Raw Image Extension Remote Code Execution Vulnerability
...
Windows Backup Service Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges...
OneDrive for Windows Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links. An attacker who successfully exploited this vulnerability could overwrite a targeted file with an elevated status. To exploit this vulnerability, an attacker would...
Windows DNS Denial of Service Vulnerability
A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries. An attacker who successfully exploited this vulnerability could cause the DNS service to become nonresponsive. To exploit the vulnerability, an authenticated attacker could send malicious DNS queries...
Windows Start-Up Application Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in the way that the Wininit.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. There are multiple ways an attacker could exploit the vulnerability: In a web-based atta...
Windows Language Pack Installer Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when the Windows Language Pack Installer improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially...
Microsoft Excel Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...
Windows Common Log File System Driver Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when the Windows Common Log File System CLFS driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would first have...
Projected Filesystem Security Feature Bypass Vulnerability
A security feature bypass vulnerability exists when a Windows Projected Filesystem improperly handles file redirections. An attacker who successfully exploited this vulnerability could delete a targeted file they would not have permissions to. To exploit this vulnerability, an attacker would firs...
Jet Database Engine Remote Code Execution Vulnerability
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to...
Microsoft COM for Windows Remote Code Execution Vulnerability
A remote code execution vulnerability exists in the way that Microsoft COM for Windows handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. To exploit the vulnerability, a user would have to open a specially crafted...
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in Microsoft Edge Chromium-based when DLL files are allowed to download without prompting additional warning to the user. An attacker who successfully exploited this vulnerability could drop the DLL files on the users Download folder or equivalent an...
Windows Diagnostics Hub Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input, leading to an unsecure library-loading behavior. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system...
Microsoft SharePoint Spoofing Vulnerability
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The...
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in Microsoft Edge Chromium-based when the Feedback extension improperly validates input. An attacker who successfully exploited this vulnerability could write files to arbitrary locations and gain elevated privileges. The vulnerability by itself does...
Windows Hyper-V Remote Code Execution Vulnerability
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could...
Scripting Engine Memory Corruption Vulnerability
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully...
Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability
A denial of service vulnerability exists in Remote Desktop Protocol RDP when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RDP service on the target system to stop responding. To...
Win32k Graphics Remote Code Execution Vulnerability
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete dat...
Windows Denial of Service Vulnerability
A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit this vulnerability, an attacker would have to log on to an affected system and run a...
Microsoft Excel Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...
Windows Common Log File System Driver Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when the Windows Common Log File System CLFS driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would first have...
ASP.NET Core Denial of Service Vulnerability
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication. A...
.NET Framework Denial of Service Vulnerability
A denial of service vulnerability exists when .NET Framework improperly handles objects in heap memory. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET application. To exploit this vulnerability, an attacker would have to log on to an...
Azure DevOps Server Cross-site Scripting Vulnerability
A Cross-site Scripting XSS vulnerability exists when Azure DevOps Server does not properly sanitize user provided input. An authenticated attacker could exploit the vulnerability by sending a specially crafted payload to the Team Foundation Server, which will get executed in the context of the us...
.NET Framework and Visual Studio Remote Code Execution Vulnerability
A remote code execution vulnerability exists in .NET Framework and Visual Studio software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logg...
Windows Kernel Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create ne...
ASP.NET Core Denial of Service Vulnerability
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication. A...
Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft Dynamics 365 on-premises when the server fails to properly sanitize web requests to an affected Dynamics server. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SQL service account. A...
DirectX Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with...
Chakra Scripting Engine Memory Corruption Vulnerability
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge HTML-based. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who...
HTTP Protocol Stack Remote Code Execution Vulnerability
A remote code execution vulnerability exists when HTTP Protocol Stack Http.sys improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code and take control of the affected system. To exploit the vulnerability, in most situations, an...
Windows Desktop Bridge VFS Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in Windows when the Desktop Bridge VFS does not take into acccount user/kernel mode when managing file paths. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;...
Windows Kernel Information Disclosure Vulnerability
An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization ASLR bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a...
Windows AppContainer Elevation Of Privilege Vulnerability
An elevation of privilege vulnerability exists when AppContainer improperly implements constrained impersonation. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would first have to log on to the syste...
Microsoft Office Memory Corruption Vulnerability
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...