| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0 allows attackers with local access to execute arbitrary code by placing a FREngine.dll file of their choice in the 'C:\Users\<user>\AppData\Local\UPDF\FREngine\Bin64\' directory, which could lead to arbitrary code execution and persistence. |
| Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network. |
| External control of file name or path in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally. |
| Improper access control in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally. |
| Files or directories accessible to external parties in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally. |
| Sensitive data storage in improperly locked memory in Remote Desktop Gateway Service allows an unauthorized attacker to deny service over a network. |
| Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
| Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. |
| Microsoft Dataverse Remote Code Execution Vulnerability |
| Server-Side Request Forgery (SSRF) in Microsoft Power Apps allows an unauthorized attacker to disclose information over a network |
| [Spoofable identity claims] Authentication Bypass by Assumed-Immutable Data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network. |
| Improper Authorization in Azure Automation allows an authorized attacker to elevate privileges over a network. |
| Server-Side Request Forgery (SSRF) in Azure allows an authorized attacker to perform spoofing over a network. |
| Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally. |
| Out-of-bounds read in Microsoft Office Outlook allows an unauthorized attacker to execute code locally. |
| Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
| Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an unauthorized attacker to execute code locally. |
| Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network. |
| Heap-based buffer overflow in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally. |
