21727 matches found
Windows Agere Modem Driver Elevation of Privilege Vulnerability
Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October cumulative update. Fax modem hardware depende...
Windows Agere Modem Driver Elevation of Privilege Vulnerability
Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October cumulative update. Fax modem hardware depende...
ASP.NET Security Feature Bypass Vulnerability
Inconsistent interpretation of http requests 'http request/response smuggling' in ASP.NET Core allows an authorized attacker to bypass a security feature over a network...
.NET Elevation of Privilege Vulnerability
Improper link resolution before file access 'link following' in .NET allows an authorized attacker to elevate privileges locally...
Microsoft Exchange Server Elevation of Privilege Vulnerability
Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthorized attacker to elevate privileges locally...
Windows Device Association Broker Service Elevation of Privilege Vulnerability
Use after free in Windows Device Association Broker service allows an authorized attacker to elevate privileges locally...
Microsoft Brokering File System Elevation of Privilege Vulnerability
Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally...
Arc Enabled Servers - Azure Connected Machine Agent Elevation of Privilege Vulnerability
Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally...
Microsoft SharePoint Remote Code Execution Vulnerability
Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network...
AMD CVE-2025-0033: RMP Corruption During SNP Initialization
Microsoft is aware of AMD-SB-3020 | CVE-2025-0033 disclosed by AMD on October 13, 2025. CVE-2025-0033 is a vulnerability in AMD EPYC processors using Secure Encrypted Virtualization – Secure Nested Paging SEV-SNP. It involves a race condition during Reverse Map Table RMP initialization that could...
s390/uv: Don't call folio_wait_writeback() without a folio reference
...
media: mediatek: vcodec: Handle invalid decoder vsi
...
There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`.
...
GNU Binutils Linker elflink.c bfd_elf_gc_record_vtentry out-of-bounds
...
GNU Binutils Linker elflink.c get_link_hash_entry out-of-bounds
...
iommu/amd/pgtbl: Fix possible race while increase page table level
...
Elasticsearch Insertion of sensitive information in log file
...
GNU Binutils Linker elflink.c elf_link_add_object_symbols out-of-bounds
...
GNU Binutils Linker elf64-x86-64.c elf_x86_64_relocate_section heap-based overflow
...
net: flow_dissector: use DEBUG_NET_WARN_ON_ONCE
...
net/mlx5e: SHAMPO, Fix incorrect page release
...
nvmet: always initialize cqe.result
...
bluetooth/l2cap: sync sock recv cb and release
...
io_uring/tctx: work around xa_store() allocation error issue
...
f2fs: fix to drop all discards after creating snapshot on lvm device
...
mailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable()
...
net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx()
...
media: mediatek: vcodec: Only free buffer VA that is not NULL
...
Redis is vulnerable to DoS via specially crafted LUA scripts
...
Redis: Authenticated users can execute LUA scripts as a different user
...
Lua library commands may lead to integer overflow and potential RCE
...
wifi: mac80211: increase scan_ies_len for S1G
...
tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect().
...
ZIP64 End of Central Directory (EOCD) Locator record offset not checked
...
iommu/s390: Make attach succeed when the device was surprise removed
...
bpf: Call free_htab_elem() after htab_unlock_bucket()
...
erofs: handle NONHEAD !delta[1] lclusters gracefully
...
f2fs: fix to account dirty data in __get_secs_required()
...
KVM: arm64: Don't retire aborted MMIO instruction
...
KVM: arm64: Get rid of userspace_irqchip_in_use
...
Chromium: CVE-2025-11460 Use after free in Storage
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2025-11458 Heap buffer overflow in Sync
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Copilot Information Disclosure Vulnerability
Improper neutralization of special elements used in a command 'command injection' in Copilot allows an unauthorized attacker to disclose information over a network...
Copilot Information Disclosure Vulnerability
Improper neutralization of special elements used in a command 'command injection' in Copilot allows an unauthorized attacker to perform information disclosure locally...
M365 Copilot Information Disclosure Vulnerability
Improper neutralization of special elements used in a command 'command injection' in Copilot allows an unauthorized attacker to disclose information over a network...
Azure Monitor Log Analytics Spoofing Vulnerability
Improper neutralization of input during web page generation 'cross-site scripting' in Azure Monitor allows an unauthorized attacker to perform spoofing over a network...
Azure Entra ID Elevation of Privilege Vulnerability
Azure Entra ID Elevation of Privilege Vulnerability...
Azure Entra ID Elevation of Privilege Vulnerability
Azure Entra ID Elevation of Privilege Vulnerability...
Redis Enterprise Elevation of Privilege Vulnerability
...
Azure PlayFab Elevation of Privilege Vulnerability
...