| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Improper privilege management in Microsoft Dynamics 365 Customer Insights allows an authorized attacker to elevate privileges over a network. |
| Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network. |
| Use after free in Data Deduplication allows an authorized attacker to elevate privileges locally. |
| Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network. |
| Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally. |
| Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally. |
| External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network. |
| Heap-based buffer overflow in Windows Remote Desktop allows an authorized attacker to elevate privileges locally. |
| Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally. |
| Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally. |
| Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over a network. |
| Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network. |
| Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally. |
| Use after free in Windows SMB Client allows an authorized attacker to elevate privileges locally. |
| Use after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network. |
| Improper neutralization of script-related html tags in a web page (basic xss) in Visual Studio Code allows an unauthorized attacker to execute code locally. |
| A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied. |
| Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally. |
| Kiota is an OpenAPI based HTTP Client code generator. Versions prior to 1.31.1 are affected by a code-generation literal injection vulnerability in multiple writer sinks (for example: serialization/deserialization keys, path/query parameter mappings, URL template metadata, enum/property metadata, and default value emission). When malicious values from an OpenAPI description are emitted into generated source without context-appropriate escaping, an attacker can break out of string literals and inject additional code into generated clients. This issue is only practically exploitable when the OpenAPI description used for generation is from an untrusted source, or a normally trusted OpenAPI description has been compromised/tampered with. Only generating from trusted, integrity-protected API descriptions significantly reduces the risk. To remediate the issue, upgrade Kiota to 1.31.1 or later and regenerate/refresh existing generated clients as a precaution. Refreshing generated clients ensures previously generated vulnerable code is replaced with hardened output. |
| Missing release of memory after effective lifetime in Windows Internet Key Exchange (IKE) Protocol allows an unauthorized attacker to deny service over a network. |
