Windows Desktop Bridge VFS Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Windows when the Desktop Bridge VFS does not take into acccount user/kernel mode when managing file paths. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;...

Windows Kernel Information Disclosure Vulnerability

An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization ASLR bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a...

Microsoft Office Memory Corruption Vulnerability

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...

Internet Explorer Information Disclosure Vulnerability

An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, in a web-based attack scenario, an...

Windows SMB Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 SMBv1 server handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server. To exploit the vulnerability, in most...

Windows Performance Monitor Information Disclosure Vulnerability

An information disclosure vulnerability exists in the Windows Performance Monitor Console when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity XXE...

Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. In a web-based...

Microsoft SharePoint Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint...

Windows Hyper-V Remote Code Execution Vulnerability

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could...

Windows Kernel Local Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows Kernel API improperly allows a user to access sensitive registry information. An attacker who successfully exploited the vulnerability could gain access to user account information that is not intended for the user. A locally...

Internet Explorer Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists in Internet Explorer that allows for bypassing Mixed Content warnings. This could allow for the loading of unsecure content HTTP from secure locations HTTPS. In a web-based attack scenario, an attacker could host a malicious website that is designed ...

Windows Session Object Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in the way that Windows handles session objects. A locally authenticated attacker who successfully exploited the vulnerability could hijack the session of another user. To exploit the vulnerability, the attacker could run a specially crafted...

Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully...

Windows File System Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists in the Windows kernel that could allow an attacker to exploit time of check time of use TOCTOU issues in file path-based checks from a low-integrity application. An attacker who successfully exploited this vulnerability could potentially modify files...

Microsoft Office Memory Corruption Vulnerability

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on wit...

Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploit...

Windows Hyper-V Information Disclosure Vulnerability

An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker on a guest operating system could run a specially crafted application...

Windows Graphics Component Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. In a local attack scenario, an attacker could exploit this vulnerability b...

Windows Storage Management Provider Information Disclosure Vulnerability

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally...

Microsoft Word Remote Code Execution Vulnerability

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally...

Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability

...

MapUrlToZone Security Feature Bypass Vulnerability

...

Microsoft Update Catalog Elevation of Privilege Vulnerability

Deserialization of untrusted data in Microsoft Update Catalog allows an unauthorized attacker to elevate privileges on the website’s webserver...

Windows Kernel-Mode Driver Elevation of Privilege Vulnerability

...

SQL Server Native Client Remote Code Execution Vulnerability

...

Microsoft Windows Storage Port Driver Elevation of Privilege Vulnerability

...

Windows Scripting Engine Security Feature Bypass Vulnerability

...

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

...

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

...

Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

...

Chromium: CVE-2024-7965 Inappropriate implementation in V8

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Microsoft Office Remote Code Execution Vulnerability

...

Windows Telephony Server Elevation of Privilege Vulnerability

...

SmartScreen Prompt Security Feature Bypass Vulnerability

...

Microsoft Brokering File System Elevation of Privilege Vulnerability

...

Secure Boot Security Feature Bypass Vulnerability

...

Chromium: CVE-2024-2885 Use after free in Dawn

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

...

Chromium: CVE-2024-2630 Inappropriate implementation in iOS

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2024-2631 Inappropriate implementation in iOS

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Software for Open Networking in the Cloud (SONiC) Elevation of Privilege Vulnerability

...

Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability

...

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

...

Microsoft Django Backend for SQL Server Remote Code Execution Vulnerability

...

Windows DNS Client Denial of Service Vulnerability

...

Chromium: CVE-2024-1060 Use after free in Canvas

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2024-0809 Inappropriate implementation in Autofill

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2024-0333 Insufficient data validation in Extensions

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Microsoft SharePoint Server Remote Code Execution Vulnerability

...

Microsoft ODBC Driver Remote Code Execution Vulnerability

...