22103 matches found
Storage Spaces Controller Elevation of Privilege Vulnerability
...
Windows Network File System Remote Code Execution Vulnerability
...
Windows Secure Kernel Mode Elevation of Privilege Vulnerability
...
NTFS Elevation of Privilege Vulnerability
...
HEVC Video Extensions Remote Code Execution Vulnerability
...
Windows WalletService Elevation of Privilege Vulnerability
...
Azure Virtual Machine Information Disclosure Vulnerability
...
Windows Network Address Translation (NAT) Denial of Service Vulnerability
...
Chromium CVE-2021-21172: Insufficient policy enforcement in File System API
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium CVE-2021-21170: Incorrect security UI in Loader
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Microsoft SharePoint Server Spoofing Vulnerability
...
Azure Active Directory Pod Identity Spoofing Vulnerability
...
Remote Procedure Call Runtime Remote Code Execution Vulnerability
...
Windows Bluetooth Security Feature Bypass Vulnerability
Microsoft is aware of the "Impersonation in the Passkey Entry Protocol" vulnerability. For more information regarding the vulnerability, please see this statement from the Bluetooth SIG. To address the vulnerability, Microsoft has released a software update that will fail attempts to pair if the...
Windows Kernel Elevation of Privilege Vulnerability
...
Windows InstallService Elevation of Privilege Vulnerability
...
Windows WalletService Elevation of Privilege Vulnerability
...
Windows Graphics Component Information Disclosure Vulnerability
...
Microsoft SharePoint Information Disclosure Vulnerability
An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages. An attacker who took advantage of this information disclosure could view the folder path of scripts loaded on the page. To take advantage of...
Windows Application Compatibility Client Library Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when the Windows Application Compatibility Client Library improperly handles registry operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. To exploit the vulnerability, an attacker would first need cod...
Microsoft Office Click-to-Run Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run C2R AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges. To exploit this vulnerability, an attacker would need to convince a user to open a...
OneDrive for Windows Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links. An attacker who successfully exploited this vulnerability could overwrite a targeted file with an elevated status. To exploit this vulnerability, an attacker would...
Microsoft Graphics Component Information Disclosure Vulnerability
An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker...
Microsoft Office SharePoint XSS Vulnerability
A cross-site-scripting XSS vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint...
Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft Dynamics 365 on-premises when the server fails to properly sanitize web requests to an affected Dynamics server. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SQL service account. A...
Windows Update Stack Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when the Windows Update Stack fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or...
Windows SharedStream Library Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in the way that the SharedStream Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a...
Windows Address Book Remote Code Execution Vulnerability
A remote code execution vulnerability exists when Windows Address Book WAB improperly processes vcard files. To exploit the vulnerability, an attacker could send a malicious vcard that a victim opens using Windows Address Book WAB. After successfully exploiting the vulnerability, an attacker coul...
Microsoft Word Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the...
Windows Runtime Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted...
Windows Shell Remote Code Execution Vulnerability
A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user. If the current user is logged on as an administrator, an attacker could...
Microsoft Edge PDF Remote Code Execution Vulnerability
A remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the...
Media Foundation Memory Corruption Vulnerability
A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an...
Windows Kernel Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create ne...
Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. An attacker with unprivileged access to a vulnerable system could exploi...
DirectX Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with...
Windows Kernel Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create ne...
Microsoft Edge Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain. In a web-based attack scenario, an attacker could host a website that is used ...
Microsoft Exchange Server Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could gain the same rights as any other user of the Exchange server. This could allow the attacker to perform activities such as accessing the mailboxes of other...
Windows Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges...
Visual Studio Live Share Spoofing Vulnerability
A spoofing vulnerability exists in Visual Studio Live Share when a guest connected to a Live Share session is redirected to an arbitrary URL specified by the session host. An attacker who successfully exploited this vulnerability could cause a connected guest's computer to open a browser and...
Microsoft PowerPoint Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...
Git for Visual Studio Remote Code Execution Vulnerability
A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts wit...
Windows Data Sharing Service Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafte...
Windows Modules Installer Service Information Disclosure Vulnerability
An information vulnerability exists when Windows Modules Installer Service improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to read the contents of a log file on disk. To exploit the vulnerability, an attacker would have to log onto an...
Azure Stack Spoofing Vulnerability
A spoofing vulnerability exists when Azure Stack fails to validate certain requests. An attacker who successfully exploited the vulnerability could make requests to internal Azure Stack resources. An attacker could exploit the vulnerability by sending a specially crafted request to the Azure Stac...
Remote Desktop Client Remote Code Execution Vulnerability
A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs;...
Windows Imaging API Remote Code Execution Vulnerability
A remote code execution vulnerability exists when the Windows Imaging API improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. To exploit the vulnerability, an attacker would ha...
Microsoft SharePoint Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint...
Microsoft SharePoint Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm...