CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13.7.7, macOS Sonoma 14.7.7, macOS Sequoia 15.6. An app may be able to access sensitive user data. |
A double free issue was addressed with improved memory management. This issue is fixed in macOS Sequoia 15.6, iOS 18.6 and iPadOS 18.6, watchOS 11.6, tvOS 18.6, visionOS 2.6, macOS Ventura 13.7.7, macOS Sonoma 14.7.7, iPadOS 17.7.9. An app may be able to cause unexpected system termination. |
A flaw was found in the cookie date handling logic of the libsoup HTTP library, widely used by GNOME and other applications for web communication. When processing cookies with specially crafted expiration dates, the library may perform an out-of-bounds memory read. This flaw could result in unintended disclosure of memory contents, potentially exposing sensitive information from the process using libsoup. |
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. |
Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally. |
Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally. |
Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. |
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network. |
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. |
Copilot Spoofing Vulnerability |
Improper neutralization of input during web page generation ('cross-site scripting') in Azure Monitor allows an authorized attacker to perform spoofing over a network. |
Copilot Spoofing Vulnerability |
Redis Enterprise Elevation of Privilege Vulnerability |
M365 Copilot Spoofing Vulnerability |
Azure PlayFab Elevation of Privilege Vulnerability |
Azure Entra ID Elevation of Privilege Vulnerability |
Azure Entra ID Elevation of Privilege Vulnerability |
Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Linux allows an authorized attacker to deny service locally. |
Double free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. |