| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Improper input validation in Power BI allows an authorized attacker to execute code over a network. |
| Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network. |
| Cleartext storage of sensitive information in Azure Compute Gallery allows an authorized attacker to disclose information over a network. |
| Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network. |
| Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally. |
| Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. |
| Use after free in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally. |
| Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. |
| Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally. |
| Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally. |
| Exposure of sensitive information to an unauthorized actor in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network. |
| Improper input validation in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. |
| Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to elevate privileges locally. |
| Server-side request forgery (ssrf) in Azure DevOps Server allows an authorized attacker to perform spoofing over a network. |
| Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature over a network. |
| Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally. |
| Vim is an open source, command line text editor. Prior to 9.1.2148, a stack buffer overflow vulnerability exists in Vim's NetBeans integration when processing the specialKeys command, affecting Vim builds that enable and use the NetBeans feature. The Stack buffer overflow exists in special_keys() (in src/netbeans.c). The while (*tok) loop writes two bytes per iteration into a 64-byte stack buffer (keybuf) with no bounds check. A malicious NetBeans server can overflow keybuf with a single specialKeys command. The issue has been fixed as of Vim patch v9.1.2148. |
| A Denial of Service (DoS) vulnerability was discovered in the TON Lite Server before v2024.09. The vulnerability arises from the handling of external arguments passed to locally executed "get methods." An attacker can inject a constructed Continuation object (an internal TVM type) that is normally restricted within the VM. When the TVM executes this malicious continuation, it consumes excessive CPU resources while accruing disproportionately low virtual gas costs. This "free" computation allows an attacker to monopolize the Lite Server's processing power, significantly reducing its throughput and causing a denial of service for legitimate users acting through the gateway. |
| A State Pollution vulnerability was discovered in the TON Virtual Machine (TVM) before v2025.04. The issue exists in the RUNVM instruction logic (VmState::run_child_vm), which is responsible for initializing child virtual machines. The operation moves critical resources (specifically libraries and log) from the parent state to a new child state in a non-atomic manner. If an Out-of-Gas (OOG) exception occurs after resources are moved but before the state transition is finalized, the parent VM retains a corrupted state where these resources are emptied/invalid. Because RUNVM supports gas isolation, the parent VM continues execution with this corrupted state, leading to unexpected behavior or denial of service within the contract's context. |
