| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Heap-based buffer overflow in Windows Win32K allows an authorized attacker to elevate privileges locally. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows USB Print Driver allows an authorized attacker to elevate privileges locally. |
| Exposure of sensitive information to an unauthorized actor in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. |
| Use after free in Windows Hyper-V allows an authorized attacker to elevate privileges locally. |
| Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. |
| Missing authentication for critical function in Microsoft Windows DNS allows an authorized attacker to perform tampering locally. |
| Integer overflow or wraparound in Windows Storage Spaces Direct allows an unauthorized attacker to elevate privileges with a physical attack. |
| Heap-based buffer overflow in SQL Server ODBC driver allows an unauthorized attacker to execute code over a network. |
| Heap-based buffer overflow in Windows Bluetooth Port Driver allows an unauthorized attacker to execute code over an adjacent network. |
| Exposure of sensitive information to an unauthorized actor in Windows Media allows an authorized attacker to disclose information locally. |
| Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally. |
| Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally. |
| Improper access control in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. |
| Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, Symfony\Component\Yaml\Parser::cleanup() used regular expressions with overlapping quantifiers for YAML directive, comment, and document marker cleanup, allowing crafted input to make parsing hang for an arbitrarily long time. This issue is fixed in versions 5.4.52, 6.4.40, 7.4.12, and 8.0.12. |
| Improper neutralization of special elements used in a command ('command injection') in Outlook Copilot allows an authorized attacker to perform tampering over a network. |
| Out-of-bounds read in Windows Schannel allows an authorized attacker to disclose information over a network. |
| Double free in Microsoft Office Word allows an unauthorized attacker to execute code locally. |
| Missing authorization in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network. |
| Heap-based buffer overflow in Windows Network File System allows an authorized attacker to elevate privileges over a network. |
| Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, Symfony\Component\Yaml\Parser resolved YAML collection aliases recursively, allowing a small untrusted YAML input to expand into a multi-gigabyte structure and exhaust memory. This issue is fixed in versions 5.4.52, 6.4.40, 7.4.12, and 8.0.12. |