Microsoft Security Vulnerabilities
5.5CVSS
5.9AI Score
0.0004EPSS
7.8CVSS
8.2AI Score
0.011EPSS
7.8CVSS
7.7AI Score
0.012EPSS
7.8CVSS
7.7AI Score
0.011EPSS
6.5CVSS
6.7AI Score
0.001EPSS
4.2CVSS
4.4AI Score
0.003EPSS
6.5CVSS
6.4AI Score
0.014EPSS
7.8CVSS
7.8AI Score
0.0004EPSS
6.4CVSS
5.9AI Score
0.001EPSS
7.8CVSS
7.7AI Score
0.001EPSS
7.8CVSS
7.9AI Score
0.0004EPSS
5.5CVSS
6.3AI Score
0.0004EPSS
7.8CVSS
7.7AI Score
0.0004EPSS
8.1CVSS
6.6AI Score
0.009EPSS
8.4CVSS
8.9AI Score
0.025EPSS
9.1CVSS
8.9AI Score
0.034EPSS
8.8CVSS
8.2AI Score
0.004EPSS
5.4CVSS
6AI Score
0.001EPSS
8.7CVSS
8.3AI Score
0.001EPSS
Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability
7.8CVSS
7.8AI Score
0.011EPSS
7.8CVSS
7.8AI Score
0.011EPSS
Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability
8.8CVSS
8.8AI Score
0.018EPSS
4.3CVSS
4.4AI Score
0.002EPSS
7.8CVSS
7.8AI Score
0.011EPSS
Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability
8.8CVSS
8.8AI Score
0.018EPSS
7.8CVSS
7.8AI Score
0.011EPSS
8.8CVSS
8.9AI Score
0.001EPSS
7.8CVSS
7.8AI Score
0.001EPSS
There is a use-after-free vulnerability in file pdd_simplifier.cpp in Z3 before 4.8.8. It occurs when the solver attempt to simplify the constraints and causes unexpected memory access. It can cause segmentation faults or arbitrary code execution.
7.8CVSS
7.9AI Score
0.001EPSS
There is an ASSERTION (pFuncBody->GetYieldRegister() == oldYieldRegister) failed in Js::DebugContext::RundownSourcesAndReparse in ChakraCore version 1.12.0.0-beta.
7.5CVSS
7.5AI Score
0.002EPSS
Microsoft Skype through 8.59.0.77 on macOS has the disable-library-validation entitlement, which allows a local process (with the user's privileges) to obtain unprompted microphone and camera access by loading a crafted library and thereby inheriting Skype Client's microphone and camera access.
3.3CVSS
3.8AI Score
0.0004EPSS
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802...
3.5CVSS
6.4AI Score
0.003EPSS
Git Credential Manager Core (GCM Core) is a secure Git credential helper built on .NET Core that runs on Windows and macOS. In Git Credential Manager Core before version 2.0.289, when recursively cloning a Git repository on Windows with submodules, Git will first clone the top-level repository and ...
7.3CVSS
7AI Score
0.001EPSS
Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements.
6.1CVSS
6.1AI Score
0.01EPSS
A code execution vulnerability exists in the normal world’s signed code execution functionality of Microsoft Azure Sphere 20.07. A specially crafted AF_PACKET socket can cause a process to create an executable memory mapping with controllable content. An attacker can execute a shellcode that uses t...
7.8CVSS
7.7AI Score
0.001EPSS
A denial-of-service vulnerability exists in the asynchronous ioctl functionality of Microsoft Azure Sphere 20.05. A sequence of specially crafted ioctl calls can cause a denial of service. An attacker can write shellcode to trigger this vulnerability.
5.5CVSS
5.3AI Score
0.0004EPSS
Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen, even if the intended choice was a private gem that is a dependency of another private gem that i...
8.8CVSS
8.3AI Score
0.011EPSS
Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods.
6.5CVSS
6.4AI Score
0.001EPSS
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli libr...
6.5CVSS
7AI Score
0.01EPSS
5.5CVSS
6.4AI Score
0.0004EPSS
7.7CVSS
7.9AI Score
0.001EPSS
7CVSS
7.2AI Score
0.006EPSS
7.8CVSS
8.4AI Score
0.0005EPSS
4.6CVSS
6.1AI Score
0.001EPSS
7.8CVSS
8AI Score
0.0004EPSS
7.8CVSS
7.9AI Score
0.011EPSS
7.8CVSS
7.9AI Score
0.011EPSS