| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally. |
| Use after free in Windows MIDI Service Module allows an authorized attacker to elevate privileges locally. |
| Out-of-bounds read in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. |
| Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 6.4.40, 7.4.12, and 8.0.12, the Mailjet mailer bridge and LOX24 notifier bridge webhook parsers received configured webhook secrets but did not verify them, allowing unauthenticated POST requests to inject forged Mailjet and LOX24 event payloads. This issue is fixed in versions 6.4.40, 7.4.12, and 8.0.12. |
| Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
| Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network. |
| Heap-based buffer overflow in Microsoft Windows Media Foundation allows an unauthorized attacker to execute code locally. |
| Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a network. |
| Use after free in Windows Storage allows an authorized attacker to elevate privileges locally. |
| Untrusted search path in Microsoft XML allows an unauthorized attacker to bypass a security feature with a physical attack. |
| Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. |
| External control of file name or path in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. |
| Heap-based buffer overflow in Windows Win32K allows an authorized attacker to elevate privileges locally. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows USB Print Driver allows an authorized attacker to elevate privileges locally. |
| Exposure of sensitive information to an unauthorized actor in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. |
| Use after free in Windows Hyper-V allows an authorized attacker to elevate privileges locally. |
| Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. |
| Missing authentication for critical function in Microsoft Windows DNS allows an authorized attacker to perform tampering locally. |
| Integer overflow or wraparound in Windows Storage Spaces Direct allows an unauthorized attacker to elevate privileges with a physical attack. |
| Heap-based buffer overflow in SQL Server ODBC driver allows an unauthorized attacker to execute code over a network. |